Trend Micro InterScan Messaging Security Suite Version 7.1-Build_Win32_1394 has been reported to be susceptible to cross-site scripting and cross-site request forgery vulnerabilities.
Cross-site scripting (CVE-2012-2995) (CWE-79)
An unauthenticated attacker may be able to execute arbitrary script in the context of a logged in user's session.
We are currently unaware of a practical solution to this problem. Please consider the following workarounds.
Thanks to Tom Gregory for reporting this vulnerability.
This document was written by Jared Allar.