Sitecore CMS 'default.aspx' Cross Site Scripting Vulnerability

  Severity: MEDIUM
  Advisory Date: JUL 21, 2015

  DESCRIPTION

Cross-site scripting (XSS) vulnerability in login/default.aspx in Sitecore CMS before 6.0.2 Update-1 090507 allows remote attackers to inject arbitrary web script or HTML via the sc_error parameter.

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1000552