Trend Micro InterScan Web Security Virtual Appliance CVE-2017-6340 HTML Injection Vulnerability



Trend Micro InterScan Web Security Virtual Appliance (IWSVA) is prone to an HTML-injection vulnerability because it fails to sanitize user-supplied input.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 is vulnerable.

Information

Bugtraq ID: 97487
Class: Input Validation Error
CVE: CVE-2017-6340

Remote: Yes
Local: No
Published: Apr 05 2017 12:00AM
Credit: Steven Seeley, Kapil Khot, and Steffen Ulrich
Vulnerable: Trend Micro InterScan Web Security Virtual Appliance 6.5-SP2 CP 1739
Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 CP Build 162
Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2
Trend Micro InterScan Web Security Virtual Appliance 6.5 CP 1737
Trend Micro InterScan Web Security Virtual Appliance 6.5


Not Vulnerable: Trend Micro InterScan Web Security Virtual Appliance 6.5 CP 1746


Exploit


An attacker can exploit this issue using a web browser.


Related Posts

Comments