Cross-Site Scripting Vulnerability in Trend Micro InterScan Web Security Virtual Appliance
CVE-2020-8603

6.1MEDIUM

Key Information:

Vendor: Trend Micro
Status: Trend Micro Interscan Web Security Virtual Appliance
Vendor: CVE Published:; 27 May 2020

Summary

A cross-site scripting vulnerability exists in the web interface of Trend Micro InterScan Web Security Virtual Appliance 6.5. This flaw could allow a remote attacker to execute malicious scripts in the context of affected users. To exploit this vulnerability, a user must navigate to a crafted web page or interact with a malicious file, enabling the attacker to manipulate the web interface and potentially compromise user data and security.

Affected Version(s)

Trend Micro InterScan Web Security Virtual Appliance 6.5

References

https://www.zerodayinitiative.com/advisories/ZDI-20-675/

x_refsource_MISC

https://success.trendmicro.com/solution/000253095

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 27, 2020
Vulnerability Reserved
Feb 4, 2020