CVE-2006-3261

Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3.5 allows remote attackers to inject arbitrary web script or HTML via the username field on the login page, which is not properly sanitized before being displayed in the error log.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/18619
http://securitytracker.com/id?1016372
http://secunia.com/advisories/20794
http://securityreason.com/securityalert/1159
http://www.vupen.com/english/advisories/2006/2526
https://exchange.xforce.ibmcloud.com/vulnerabilities/27388
http://www.securityfocus.com/archive/1/438158/100/0/threaded

Configurations

Configuration 1 (hide)

cpe:2.3:a:trend_micro:control_manager:3.5:*:*:*:*:*:*:*

Information

Published : 2006-06-27 14:05

Updated : 2018-10-18 09:46

NVD link : CVE-2006-3261

Mitre link : CVE-2006-3261

JSON object : View

CWE

NVD-CWE-Other

Products Affected

trend_micro

control_manager

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/18619", "name": "18619", "tags": [], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1016372", "name": "1016372", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/20794", "name": "20794", "tags": [], "refsource": "SECUNIA"}, {"url": "http://securityreason.com/securityalert/1159", "name": "1159", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2006/2526", "name": "ADV-2006-2526", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27388", "name": "controlmanager-logfile-xss(27388)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/438158/100/0/threaded", "name": "20060623 Trend Micro Control Manager (TMCM) Persistent XSS Vulnerability", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3.5 allows remote attackers to inject arbitrary web script or HTML via the username field on the login page, which is not properly sanitized before being displayed in the error log."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-3261", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-06-27T21:05Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:trend_micro:control_manager:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:46Z"}

4.3 /10