Vulnerabilities > Trendmicro > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-23 | CVE-2018-10355 | Insufficiently Protected Credentials vulnerability in Trendmicro Email Encryption Gateway 5.5 An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class. | 1.9 |
| 2018-03-15 | CVE-2018-6226 | Cross-site Scripting vulnerability in Trendmicro Email Encryption Gateway 5.5 Reflected cross-site scripting (XSS) vulnerabilities in two Trend Micro Email Encryption Gateway 5.5 configuration files could allow an attacker to inject client-side scripts into vulnerable systems. | 3.5 |
| 2018-03-15 | CVE-2018-6227 | Cross-site Scripting vulnerability in Trendmicro Email Encryption Gateway 5.5 A stored cross-site scripting (XSS) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject client-side scripts into vulnerable systems. | 3.5 |
| 2017-04-05 | CVE-2017-6340 | Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report. | 3.5 |
| 2017-02-21 | CVE-2016-9316 | Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least privileges to inject arbitrary HTML/JavaScript code into web pages. | 3.5 |
| 2011-05-20 | CVE-2011-1327 | Cryptographic Issues vulnerability in Trendmicro Trend Micro Internet Security 2009 The Keystroke Encryption feature in Trend Micro Internet Security 2009 (aka Virus Buster 2009 and PC-cillin 2009) does not completely encrypt passwords, which allows local users to obtain sensitive information by leveraging a keylogger. | 2.1 |
| 2009-04-27 | CVE-2009-1435 | Resource Management Errors vulnerability in Trendmicro Officescan 8.0 NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 Patch 1 allows local users to cause a denial of service (application crash) via directories with long pathnames. | 2.1 |