March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Lokibot Malware – Active IOCs
June 18, 2021Rewterz Threat Advisory – Microsoft 3D Viewer Zero-Day Vulnerability
June 18, 2021Rewterz Threat Alert – Lokibot Malware – Active IOCs
June 18, 2021Rewterz Threat Advisory – Microsoft 3D Viewer Zero-Day Vulnerability
June 18, 2021
Severity
Medium
Analysis Summary
CVE-2021-31521
Trend Micro InterScan Web Security Virtual Appliance is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Captive Portal. A remote authenticated attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
Impact
- Credential Theft
- Session Hijacking
Affected Vendors
Trend Micro
Affected Products
- Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5
Remediation
Download the latest patches and updates provided on the vendor website at https://success.trendmicro.com/solution/000286452