Reflected Cross-Site Scripting Vulnerability in Trend Micro InterScan Web Security Virtual Appliance
CVE-2021-31521

5.4MEDIUM

Key Information:

Vendor: Trend Micro
Status: Trend Micro Interscan Web Security Virtual Appliance
Vendor: CVE Published:; 17 June 2021

Summary

The InterScan Web Security Virtual Appliance version 6.5 from Trend Micro contains a reflected cross-site scripting (XSS) vulnerability within its Captive Portal feature. This security flaw could allow an attacker to inject arbitrary web applications into pages presented to users, potentially leading to unauthorized actions or exposure of sensitive information, thereby compromising the security of web interactions.

Affected Version(s)

Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2

References

https://success.trendmicro.com/solution/000286452

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 17, 2021
Vulnerability Reserved
Apr 20, 2021