Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2995

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-2995
Last Modified 12 Apr 2013 10:54:56
Published 17 Sep 2012 10:55:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2995

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allow remote attackers to inject arbitrary web script or HTML via (1) the wrsApprovedURL parameter to addRuleAttrWrsApproveUrl.imss or (2) the src parameter to initUpdSchPage.imss.

Vulnerable Systems

Application

  • Trendmicro Interscan Messaging Security Suite 7.1


References

CERT-VN - VU#471364

SECTRACK - 1027544

SECUNIA - 50620


Last Updated: 27 May 2016 11:00:44