Vulnerability Name:

CVE-2006-3261 (CCN-27388)

Assigned:2006-06-23
Published:2006-06-23
Updated:2018-10-18
Summary:Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3.5 allows remote attackers to inject arbitrary web script or HTML via the username field on the login page, which is not properly sanitized before being displayed in the error log.
CVSS v3 Severity:2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Full-Disclosure Mailing List, Fri Jun 23 2006 - 08:17:05 CDT
Trend Micro Control Manager (TMCM) Persistent XSS Vulnerability

Source: MITRE
Type: CNA
CVE-2006-3261

Source: CCN
Type: SA20794
Trend Micro Control Manager "Username" Script Insertion

Source: SECUNIA
Type: UNKNOWN
20794

Source: SREASON
Type: UNKNOWN
1159

Source: CCN
Type: SECTRACK ID: 1016372
Trend Micro Control Manager Input Validation Hole Permits Cross-Site Scripting Attacks

Source: SECTRACK
Type: UNKNOWN
1016372

Source: CCN
Type: OSVDB ID: 26864
Trend Micro Control Manager Login Page username Parameter XSS

Source: BUGTRAQ
Type: UNKNOWN
20060623 Trend Micro Control Manager (TMCM) Persistent XSS Vulnerability

Source: BID
Type: UNKNOWN
18619

Source: CCN
Type: BID-18619
Trend Micro Control Manager Access Log HTML Injection Vulnerability

Source: CCN
Type: Trend Micro Web site
Control Manager

Source: VUPEN
Type: UNKNOWN
ADV-2006-2526

Source: XF
Type: UNKNOWN
controlmanager-logfile-xss(27388)

Source: XF
Type: UNKNOWN
controlmanager-logfile-xss(27388)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:trend_micro:control_manager:3.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    trend_micro control manager 3.5