CVE-2018-6226

Description

Reflected cross-site scripting (XSS) vulnerabilities in two Trend Micro Email Encryption Gateway 5.5 configuration files could allow an attacker to inject client-side scripts into vulnerable systems.

Affected products

• Trend Micro / Trend Micro Email Encryption Gateway5.5 – 5.5

References

• EXPLOIThttps://www.exploit-db.com/exploits/44166/
• MISChttps://success.trendmicro.com/solution/1119349
• VENDOR_ADVISORYhttps://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities