CVE-2024-36359

Name of the Vulnerable Software and Affected Versions Trend Micro InterScan Web Security Virtual Appliance version 6.5

Description A cross-site scripting (XSS) issue in the HTTP Inspection module of Trend Micro InterScan Web Security Virtual Appliance is related to the lack of protection for the structure of web pages. This could allow a remote attacker to escalate privileges and perform cross-site scripting attacks on affected installations. The attacker must first obtain the ability to execute low-privileged code on the target system to exploit this issue.

Recommendations For version 6.5, consider disabling the HTTP Inspection module as a temporary workaround until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.