CVE-2017-14093

Vulnerability

A stored cross-site scripting (XSS) vulnerability exists in the Log Query and Quarantine Query pages of Trend Micro ScanMail for Exchange 12.0 [1]. The application fails to properly sanitize user-supplied input before storing it, which is later reflected when administrators view log or quarantine data. All installations of version 12.0 are affected.

Exploitation

An attacker requires network access to the ScanMail management interface and must be able to inject malicious script content that gets processed by the Log Query or Quarantine Query pages. The attack can be carried out by sending a specially crafted email or log entry that, when viewed by an administrator, executes the payload in the context of the administrator's browser session [1]. No authentication is explicitly mentioned, but typical deployment would require the administrator to be logged in to reach the vulnerable pages.

Impact

Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of the affected web application. This can lead to session theft, defacement, or forced actions on behalf of the authenticated administrator. The vulnerability impacts the confidentiality and integrity of the ScanMail management console [1].

Mitigation

Trend Micro has released security patch for ScanMail for Exchange 12.0. The patch is referenced in the vendor advisory [1]. Administrators should apply the patch immediately. No workaround is documented. The product is not listed as supported if EOL; verify product lifecycle with the vendor.