Lucene search

[email protected]CVE-2012-2995

HistorySep 17, 2012 - 2:55 p.m.

CVE-2012-2995

2012-09-1714:55:00

CWE-79

[email protected]

web.nvd.nist.gov

104

cve-2012-2995

cross-site scripting

xss

trend micro

interscan messaging security suite

security vulnerabilities

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allow remote attackers to inject arbitrary web script or HTML via (1) the wrsApprovedURL parameter to addRuleAttrWrsApproveUrl.imss or (2) the src parameter to initUpdSchPage.imss.

Affected configurations

NVD

Node

trendmicrointerscan_messaging_security_suiteMatch7.1

CPENameOperatorVersion
trendmicro:interscan_messaging_security_suitetrendmicro interscan messaging security suiteeq7.1

CPE	Name	Operator	Version
trendmicro:interscan_messaging_security_suite	trendmicro interscan messaging security suite	eq	7.1

References

secunia.com/advisories/50620

www.kb.cert.org/vuls/id/471364

www.securitytracker.com/id?1027544

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.8%

JSON

Related for CVE-2012-2995

prion1 cvelist1 checkpoint_advisories1 nvd1 exploitpack1 cert1 packetstorm1 exploitdb1