Micro Focus GroupWise Admin Console Cross Site Scripting Vulnerability (CVE-2016-5760)

  Severity: MEDIUM

  DESCRIPTION

A cross-site scripting vulnerability has been reported in the administrator console of Micro Focus GroupWise. The vulnerability is due to insufficient validation of user input on GWT RPC commands sent as a result of the fragment portion of the request URI. A remote attacker can exploit this vulnerability by enticing a target user to click on a specially crafted URL. Successful exploitation would result in the execution of arbitrary script code in the context of the target user's browser.

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1000552