CVE-2012-2996

Trend Micro InterScan Messaging Security Suite 7.1 - CSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2996. PoCs published by modpr0be.

AI-analyzed exploit summary This exploit demonstrates stored and reflected XSS, as well as CSRF vulnerabilities in Trend Micro InterScan Messaging Security Suite. It includes PoC URLs and HTML forms to trigger the vulnerabilities.

Description

Cross-site request forgery (CSRF) vulnerability in saveAccountSubTab.imss in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allows remote attackers to hijack the authentication of administrators for requests that create admin accounts via a saveAuth action.

Exploits (1)

exploitdb WORKING POC
by modpr0be · textwebappsaix
https://www.exploit-db.com/exploits/21319

This exploit demonstrates stored and reflected XSS, as well as CSRF vulnerabilities in Trend Micro InterScan Messaging Security Suite. It includes PoC URLs and HTML forms to trigger the vulnerabilities.

Classification
Working Poc 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394
Auth required
Prerequisites: Access to the vulnerable application · Admin privileges for CSRF
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1027544
Exploit, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/471364
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/50620

Scores

EPSS 0.0167
EPSS Percentile 73.7%

Details

CWE
CWE-352
Status published
Products (1)
trendmicro/interscan_messaging_security_suite 7.1
Published Sep 17, 2012
Tracked Since Feb 18, 2026