Details of VAR-201007-0358

ID

VAR-201007-0358

TITLE

Trend Micro InterScan Web Security Virtual Appliance Multiple HTML Injection Vulnerabilities

Trust: 0.9

sources: CNVD: CNVD-2010-1232 // BID: 41296

DESCRIPTION

Trend Micro InterScan Web Security Virtual Appliance is a Trend Micro Web Security Gateway that provides plug-and-play protection against web threats. The InterScan Web Security Virtual Appliance does not adequately filter parameters like \"desc\", \"metrics__notify_body\", \"metrics__notify_subject\", etc., which can lead to cross-site scripting attacks. Successful exploitation of vulnerabilities can execute arbitrary script code or gain unauthorized access to the web console on the target user's browser. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible

Trust: 0.81

sources: CNVD: CNVD-2010-1232 // BID: 41296

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-1232

AFFECTED PRODUCTS

vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	trend micro	model:	interscan web security appliance	scope:	eq	version:	5.0	Trust: 0.3

sources: CNVD: CNVD-2010-1232 // BID: 41296

THREAT TYPE

network

Trust: 0.3

sources: BID: 41296

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 41296

PATCH

title:

Trend Micro InterScan Web Security Virtual Appliance multiple HTML injection patches

url:

https://www.cnvd.org.cn/patchinfo/show/564

Trust: 0.6

sources: CNVD: CNVD-2010-1232

EXTERNAL IDS

db:	BID	id:	41296	Trust: 0.9
db:	CNVD	id:	CNVD-2010-1232	Trust: 0.6

sources: CNVD: CNVD-2010-1232 // BID: 41296

REFERENCES

url:	http://seclists.org/fulldisclosure/2010/jul/20	Trust: 0.9
url:	http://www.trend.com	Trust: 0.3

sources: CNVD: CNVD-2010-1232 // BID: 41296

CREDITS

CYBSEC Lab

Trust: 0.3

sources: BID: 41296

SOURCES

db:	CNVD	id:	CNVD-2010-1232
db:	BID	id:	41296

LAST UPDATE DATE

2022-05-17T01:53:40.736000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-1232	date:	2010-07-02T00:00:00
db:	BID	id:	41296	date:	2010-07-01T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-1232	date:	2010-07-02T00:00:00
db:	BID	id:	41296	date:	2010-07-01T00:00:00