CVE-2012-2995

Trend Micro InterScan Messaging Security Suite 7.1 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2995.

AI-analyzed exploit summary The exploit demonstrates stored and reflected XSS vulnerabilities, as well as a CSRF attack in Trend Micro InterScan Messaging Security Suite. It includes functional PoC URLs and HTML forms to trigger the vulnerabilities.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allow remote attackers to inject arbitrary web script or HTML via (1) the wrsApprovedURL parameter to addRuleAttrWrsApproveUrl.imss or (2) the src parameter to initUpdSchPage.imss.

Exploits (1)

exploitdb WORKING POC

webappsaix

https://www.exploit-db.com/exploits/21319

View Code ZIP pw:eip

The exploit demonstrates stored and reflected XSS vulnerabilities, as well as a CSRF attack in Trend Micro InterScan Messaging Security Suite. It includes functional PoC URLs and HTML forms to trigger the vulnerabilities.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394

Auth required

Prerequisites: Access to the vulnerable application · Admin privileges for CSRF

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1027544

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/471364

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/50620

Scores

EPSS 0.3035

EPSS Percentile 96.8%

Details

CWE

CWE-79

Status published

Products (1)

trendmicro/interscan_messaging_security_suite 7.1

Published Sep 17, 2012

Tracked Since Feb 18, 2026