Sign-up

ID

VAR-201305-0373


TITLE

Trend Micro DirectPass Cross-Site Scripting Vulnerability

Trust: 0.8

sources: IVD: ab5bbb96-1f22-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-05939

DESCRIPTION

Trend Micro DirectPass is a password management solution. The Trend Micro DirectPass 'Setup Master Password' module incorrectly filters user-submitted 'Master Password' parameters, allowing an attacker to exploit a vulnerability to inject malicious scripts or HTML code to obtain sensitive user information or hijack user sessions

Trust: 0.72

sources: CNVD: CNVD-2013-05939 // IVD: ab5bbb96-1f22-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: ab5bbb96-1f22-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-05939

AFFECTED PRODUCTS

vendor:trend micromodel:directpassscope:eqversion:1.5.0.1060

Trust: 0.8

sources: IVD: ab5bbb96-1f22-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-05939

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2013-05939
value: MEDIUM

Trust: 0.6

IVD: ab5bbb96-1f22-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

CNVD: CNVD-2013-05939
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: ab5bbb96-1f22-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: ab5bbb96-1f22-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-05939

TYPE

Cross-site scripting

Trust: 0.2

sources: IVD: ab5bbb96-1f22-11e6-abef-000c29c66e3d

PATCH

title:Patch for Trend Micro DirectPass Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/34256

Trust: 0.6

sources: CNVD: CNVD-2013-05939

EXTERNAL IDS

db:CNVDid:CNVD-2013-05939

Trust: 0.8

db:IVDid:AB5BBB96-1F22-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: ab5bbb96-1f22-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-05939

REFERENCES

url:http://seclists.org/fulldisclosure/2013/may/112

Trust: 0.6

sources: CNVD: CNVD-2013-05939

SOURCES

db:IVDid:ab5bbb96-1f22-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-05939

LAST UPDATE DATE

2022-05-17T01:53:13.894000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-05939date:2013-05-27T00:00:00

SOURCES RELEASE DATE

db:IVDid:ab5bbb96-1f22-11e6-abef-000c29c66e3ddate:2013-05-23T00:00:00
db:CNVDid:CNVD-2013-05939date:2013-05-23T00:00:00