Cross-Site Scripting Vulnerability in Trend Micro Control Manager
CVE-2006-3261

Currently unrated

Key Information:

Vendor: Trend Micro
Status: Control Manager
Vendor: CVE Published:; 27 June 2006

Summary

A vulnerability exists in Trend Micro Control Manager 3.5 that allows remote attackers to execute arbitrary web scripts or HTML code via the login page's username field. This occurs due to insufficient sanitization of user input, which could ultimately lead to malicious content being recorded in the error log, exposing the application to potential exploits.

References

http://securitytracker.com/id?1016372

vdb-entryx_refsource_SECTRACK

http://www.vupen.com/english/advisories/2006/2526

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/20794

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jun 27, 2006
Vulnerability Reserved
Jun 27, 2006