CVE-2006-3261
CVE-2006-3261 is a medium-severity vulnerability in Trend Micro Control Manager with a CVSS 2.0 base score of 4.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 4.3)
- EPSS exploit prediction: 1% (67th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Trend Micro Control Manager
- Published:
- Last modified:
Description
Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3.5 allows remote attackers to inject arbitrary web script or HTML via the username field on the login page, which is not properly sanitized before being displayed in the error log.
Frequently asked questions
- What is CVE-2006-3261?
- Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3.5 allows remote attackers to inject arbitrary web script or HTML via the username field on the login page, which is not properly sanitized before being displayed in the error log.
- How severe is CVE-2006-3261?
- CVE-2006-3261 has a CVSS 2.0 base score of 4.3, rated medium severity.
- Is CVE-2006-3261 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (67th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2006-3261?
- CVE-2006-3261 affects Trend Micro Control Manager. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2006-3261?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2006-3261 published?
- CVE-2006-3261 was published on 2006-06-27 and last updated on 2026-06-16.
References
- http://secunia.com/advisories/20794
- http://securityreason.com/securityalert/1159
- http://securitytracker.com/id?1016372
- http://www.securityfocus.com/archive/1/438158/100/0/threaded
- http://www.securityfocus.com/bid/18619
- http://www.vupen.com/english/advisories/2006/2526
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27388
Affected products (1)
- cpe:2.3:a:trend_micro:control_manager:3.5:*:*:*:*:*:*:*
More vulnerabilities in Trend Micro Control Manager
- CVE-2011-5001 — Critical (CVSS 10.0): Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in…
- CVE-2007-0851 — Critical (CVSS 9.3): Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other…
- CVE-2012-2998 — High (CVSS 7.5): SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0…
- CVE-2005-0383 — High (CVSS 7.5): Trend Micro Control Manager 3.0 Enterprise Edition allows remote attackers to gain privileges via a replay attack of…
- CVE-2005-0533 — High (CVSS 7.5): Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro…