CVE-2012-2995

Trend Micro InterScan Messaging Security Suite 7.1 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allow remote attackers to inject arbitrary web script or HTML via (1) the wrsApprovedURL parameter to addRuleAttrWrsApproveUrl.imss or (2) the src parameter to initUpdSchPage.imss.

Exploits (1)

exploitdb WORKING POC
webappsaix
https://www.exploit-db.com/exploits/21319

References (3)

Scores

EPSS 0.3270
EPSS Percentile 96.8%

Classification

CWE
CWE-79
Status published

Affected Products (2)

trendmicro/interscan_messaging_security_suite
n/a/n/a

Timeline

Published Sep 17, 2012
Tracked Since Feb 18, 2026