CVE-2016-9316

MEDIUM

Trend Micro IWSVA <6.5-CP-1737 - XSS

Title source: llm

Description

Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least privileges to inject arbitrary HTML/JavaScript code into web pages. This was resolved in Version 6.5 CP 1737.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SlidingWindow · textwebappshardware

https://www.exploit-db.com/exploits/41361

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037849

[Patch, Vendor Advisory] https://success.trendmicro.com/solution/1116672

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96252

Scores

CVSS v3 5.4

EPSS 0.0062

EPSS Percentile 69.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (2)

trendmicro/interscan_web_security_virtual_appliance < 6.5

n/a/n/a

Timeline

Published Feb 21, 2017

Tracked Since Feb 18, 2026