CVE-2006-3261

CVE-2006-3261 is a medium-severity vulnerability in Trend Micro Control Manager with a CVSS 2.0 base score of 4.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.

Key facts

Description

Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3.5 allows remote attackers to inject arbitrary web script or HTML via the username field on the login page, which is not properly sanitized before being displayed in the error log.

Frequently asked questions

What is CVE-2006-3261?
Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3.5 allows remote attackers to inject arbitrary web script or HTML via the username field on the login page, which is not properly sanitized before being displayed in the error log.
How severe is CVE-2006-3261?
CVE-2006-3261 has a CVSS 2.0 base score of 4.3, rated medium severity.
Is CVE-2006-3261 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (67th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2006-3261?
CVE-2006-3261 affects Trend Micro Control Manager. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2006-3261?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2006-3261 published?
CVE-2006-3261 was published on 2006-06-27 and last updated on 2026-06-16.

References

Affected products (1)

More vulnerabilities in Trend Micro Control Manager

All CVEs affecting Trend Micro Control Manager →