Trend Micro InterScan Messaging Security Virtual Appliance Cross Site Scripting Vulnerability



Trend Micro InterScan Messaging Security Virtual Appliance is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

InterScan Messaging Security Virtual Appliance 9.1 is vulnerable.

Information

Bugtraq ID: 97938
Class: Input Validation Error
CVE: CVE-2017-7896

Remote: Yes
Local: No
Published: Mar 07 2017 12:00AM
Updated: Apr 20 2017 05:06PM
Credit: Mehmet Dursun Ince of Prodaft / INVICTUS Europe and Bart Leppens
Vulnerable: Trend Micro InterScan Messaging Security Virtual Appliance 9.1


Not Vulnerable: Trend Micro InterScan Messaging Security Virtual Appliance 9.1 CP 1644



Source: www.securityfocus.com
Related Posts