Vulnerabilities > Trendmicro > Interscan WEB Security Virtual Appliance > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-06-10 CVE-2024-36359 Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
network
low complexity
trendmicro CWE-79
5.4
2021-06-17 CVE-2021-31521 Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal.
network
low complexity
trendmicro CWE-79
5.4
2021-03-03 CVE-2021-25252 Resource Exhaustion vulnerability in Trendmicro products
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
local
low complexity
trendmicro CWE-400
5.5
2020-12-17 CVE-2020-8462 Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product.
network
low complexity
trendmicro CWE-79
4.8
2020-12-17 CVE-2020-27010 Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462.
network
low complexity
trendmicro CWE-79
4.8
2020-05-27 CVE-2020-8603 Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations.
network
low complexity
trendmicro CWE-79
6.1
2017-04-05 CVE-2017-6340 Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report.
network
low complexity
trendmicro CWE-79
5.4
2017-04-05 CVE-2017-6339 Weak Password Requirements vulnerability in Trendmicro Interscan web Security Virtual Appliance
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data.
network
low complexity
trendmicro CWE-521
6.5
2017-04-05 CVE-2017-6338 Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Interscan web Security Virtual Appliance
Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key.
network
low complexity
trendmicro CWE-732
6.5
2017-02-21 CVE-2016-9316 Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance
Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least privileges to inject arbitrary HTML/JavaScript code into web pages.
network
low complexity
trendmicro CWE-79
5.4