Stored Cross Site Scripting Vulnerability in Trend Micro Smart Protection Server
CVE-2017-14096

6.1MEDIUM

Key Information:

Vendor
Trend Micro
Status
Trend Micro Smart Protection Server (standalone)
Vendor
CVE Published:
19 January 2018

Summary

A stored cross site scripting (XSS) vulnerability exists in Trend Micro Smart Protection Server (Standalone) versions 3.2 and earlier. This vulnerability allows attackers to inject malicious scripts, which can be executed by users of the affected server. By exploiting this flaw, an attacker could potentially manipulate user sessions or compromise user data on the vulnerable systems. It is crucial for organizations using these versions to apply the necessary patches to mitigate the risk associated with this security threat.

Affected Version(s)

Trend Micro Smart Protection Server (Standalone) 3.0, 3.1, 3.2

References

https://www.exploit-db.com/exploits/43388/
exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/102275
vdb-entryx_refsource_BID
https://success.trendmicro.com/solution/1118992
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.