CVE-2006-3261

Name of the Vulnerable Software and Affected Versions Trend Micro Control Manager version 3.5

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the username field on the "/login" page. The input is not properly sanitized before being displayed in the error log.

Recommendations For version 3.5, update to a newer version that addresses this issue, ensuring proper sanitization of user input to prevent XSS attacks. As a temporary workaround, consider restricting access to the login page to minimize the risk of exploitation.