Vulnerabilities > Trendmicro > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-01-19 CVE-2017-14096 Cross-site Scripting vulnerability in Trendmicro Smart Protection Server
A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems.
network
low complexity
trendmicro CWE-79
6.1
2017-12-16 CVE-2017-14093 Cross-site Scripting vulnerability in Trendmicro Scanmail 12.0
The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks.
network
low complexity
trendmicro CWE-79
6.1
2017-10-06 CVE-2017-14085 Information Exposure vulnerability in Trendmicro Officescan 11.0/12.0
Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules.
network
low complexity
trendmicro CWE-200
5.3
2017-05-26 CVE-2017-9037 Cross-site Scripting vulnerability in Trendmicro Serverprotect 3.0
Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) S44, (2) S5, (3) S_action_fail, (4) S_ptn_update, (5) T113, (6) T114, (7) T115, (8) T117117, (9) T118, (10) T_action_fail, (11) T_ptn_update, (12) textarea, (13) textfield5, or (14) tmLastConfigFileModifiedDate parameter to notification.cgi.
network
low complexity
trendmicro CWE-79
6.1
2017-05-26 CVE-2017-9032 Cross-site Scripting vulnerability in Trendmicro Serverprotect 3.0
Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) T1 or (2) tmLastConfigFileModifiedDate parameter to log_management.cgi.
network
low complexity
trendmicro CWE-79
6.1
2017-05-05 CVE-2017-8801 Cross-site Scripting vulnerability in Trendmicro Officescan 11.0/12.0
Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website.
network
low complexity
trendmicro CWE-79
6.1
2017-04-18 CVE-2017-7896 Cross-site Scripting vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS.
network
low complexity
trendmicro CWE-79
6.1
2017-04-05 CVE-2017-6340 Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report.
network
low complexity
trendmicro CWE-79
5.4
2017-04-05 CVE-2017-6339 Weak Password Requirements vulnerability in Trendmicro Interscan web Security Virtual Appliance
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data.
network
low complexity
trendmicro CWE-521
6.5
2017-04-05 CVE-2017-6338 Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Interscan web Security Virtual Appliance
Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key.
network
low complexity
trendmicro CWE-732
6.5