Vulnerability Note VU#471364
Trend Micro InterScan Messaging Security Suite is vulnerable to XSS and CSRF vulnerabilities
Trend Micro InterScan Messaging Security Suite Version 7.1-Build_Win32_1394 has been reported to be susceptible to cross-site scripting and cross-site request forgery vulnerabilities.
Cross-site scripting (CVE-2012-2995) (CWE-79)
An unauthenticated attacker may be able to execute arbitrary script in the context of a logged in user's session.
We are currently unaware of a practical solution to this problem. Please consider the following workarounds.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Trend Micro||Affected||10 Aug 2012||12 Sep 2012|
CVSS Metrics (Learn More)
Thanks to Tom Gregory for reporting this vulnerability.
This document was written by Jared Allar.
- CVE IDs: CVE-2012-2995 CVE-2012-2996
- Date Public: 13 Sep 2012
- Date First Published: 13 Sep 2012
- Date Last Updated: 14 Sep 2012
- Document Revision: 14
If you have feedback, comments, or additional information about this vulnerability, please send us email.