A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
Link | Resource |
---|---|
https://success.trendmicro.com/dcx/s/solution/000298065 | Broken Link |
https://www.zerodayinitiative.com/advisories/ZDI-24-574/ | Third Party Advisory VDB Entry |
https://success.trendmicro.com/dcx/s/solution/000298065 | Broken Link |
https://www.zerodayinitiative.com/advisories/ZDI-24-574/ | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 09:22
Type | Values Removed | Values Added |
---|---|---|
References | () https://success.trendmicro.com/dcx/s/solution/000298065 - Broken Link | |
References | () https://www.zerodayinitiative.com/advisories/ZDI-24-574/ - Third Party Advisory, VDB Entry |
03 Oct 2024, 19:49
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:trendmicro:interscan_web_security_virtual_appliance:6.5:*:*:*:*:*:*:* | |
First Time |
Trendmicro interscan Web Security Virtual Appliance
Trendmicro |
|
CWE | CWE-79 | |
References | () https://success.trendmicro.com/dcx/s/solution/000298065 - Broken Link | |
References | () https://www.zerodayinitiative.com/advisories/ZDI-24-574/ - Third Party Advisory, VDB Entry |
11 Jun 2024, 13:54
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
10 Jun 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-10 22:15
Updated : 2024-11-21 09:22
NVD link : CVE-2024-36359
Mitre link : CVE-2024-36359
CVE.ORG link : CVE-2024-36359
JSON object : View
Products Affected
trendmicro
- interscan_web_security_virtual_appliance
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')