Trend Micro InterScan Messaging Security Suite Multiple Vulnerabilities

Trend Micro InterScan Messaging Security Suite is vulnerable to Cross-site Scripting and Cross-site Request Forgery. Proof of Concept The vulnerabilities POC are as follow: Cross-site Scripting (CVE-2012-2995) (CWE-79) Persistent/Stored XSS Non-persistent/Reflected XSS Cross-Site Request Forgery (CVE-2012-2996) (CWE-352) Solution Currently, we are not aware of any vendor solution. You may contact the vendor for patch or…

Hexamail Server <= 4.4.5 Persistent XSS Vulnerability

Hexamail Server version 4.4.5 or below is vulnerable to a persistent cross-site scripting (XSS) via HTML email. <Vulnerability Description Hexamail Server suffers persistent XSS vulnerability in the mail body, allowing malicious user to execute scripts in a victim’s browser to hijack user sessions, redirect users, and or hijack the user’s browser. Proof of concep By…