After Trend Micro fixed the vulnerabilities I reported earlier, I started testing this product again to see if I could still find few more vulnerabilities. Stored Cross Site Scripting (XSS) Vulnerability (CVE-2017-6340): I wanted to check if reports functionality had any injection vulnerabilities. I created a low privileged user ‘test2’ with Reports-Only role who could run just … Continue reading “Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 Multiple Vulnerabilities”