NVD Vulnerability Detail

CVE-2014-3922

Summary	Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteListDomain.imss.
Publication Date	May 30, 2014, 11:55 p.m.
Registration Date	Jan. 26, 2021, 3:11 p.m.
Last Update	Nov. 21, 2024, 11:09 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:8.5.1.1516:::::::*

Related information, measures and tools

No	URL	タグ
1	http://packetstormsecurity.com/files/126847/InterScan-Messaging-Security-Virtual-Appliance-8.5.1.1516-Cross-Site-Scripting.html	Third Party Advisory
2	http://packetstormsecurity.com/files/126847/InterScan-Messaging-Security-Virtual-Appliance-8.5.1.1516-Cross-Site-Scripting.html	Third Party Advisory
3	http://seclists.org/fulldisclosure/2014/May/164	Exploit Mailing List
4	http://seclists.org/fulldisclosure/2014/May/164	Exploit Mailing List
5	http://secunia.com/advisories/58491	Third Party Advisory
6	http://secunia.com/advisories/58491	Third Party Advisory
7	http://www.securityfocus.com/bid/67726	Third Party Advisory VDB Entry
8	http://www.securityfocus.com/bid/67726	Third Party Advisory VDB Entry
9	http://www.securitytracker.com/id/1030318	Third Party Advisory VDB Entry
10	http://www.securitytracker.com/id/1030318	Third Party Advisory VDB Entry
11	https://vimeo.com/96757096	Exploit
12	https://vimeo.com/96757096	Exploit

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html

JVN Vulnerability Information

Trend Micro InterScan Messaging Security Virtual Appliance におけるクロスサイトスクリプティングの脆弱性

Title	Trend Micro InterScan Messaging Security Virtual Appliance におけるクロスサイトスクリプティングの脆弱性
Summary	Trend Micro InterScan Messaging Security Virtual Appliance には、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	リモート認証されたユーザにより、addWhiteListDomain.imss の addWhiteListDomainStr パラメータを介して、任意の Web スクリプトまたは HTML を挿入される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	May 29, 2014, midnight
Registration Date	June 3, 2014, 5:48 p.m.
Last Update	June 3, 2014, 5:48 p.m.

Affected System

トレンドマイクロ

InterScan Messaging Security Virtual Appliance 8.5.1.1516

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-3922	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3922
National Vulnerability Database (NVD)
2	CVE-2014-3922	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3922

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

ベンダー情報

No	Name	URL
Trend Micro
1	InterScan Messaging Security	http://www.trendmicro.com/us/enterprise/network-security/interscan-message-security/index.html

その他

No	Name	URL
関連文書
1	XSS Attacks vulnerability in InterScan Messaging Security Virtual Appliance 8.5.1.1516 (Zero-DAY)	http://seclists.org/fulldisclosure/2014/May/164

Change Log

No	Changed Details	Date of change
0	[2014年06月03日] 掲載	Feb. 17, 2018, 10:37 a.m.