Micro Focus GroupWise Admin Console Cross Site Scripting Vulnerability (CVE-2016-5760)
A cross-site scripting vulnerability has been reported in the administrator console of Micro Focus GroupWise. The vulnerability is due to insufficient validation of user input on GWT RPC commands sent as a result of the fragment portion of the request URI. A remote attacker can exploit this vulnerability by enticing a target user to click on a specially crafted URL. Successful exploitation would result in the execution of arbitrary script code in the context of the target user's browser.
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
Trend Micro Deep Security DPI Rule Number: 1000552