Reflected Cross-Site Scripting in Trend Micro Mobile Security
CVE-2023-41176

6.1MEDIUM

Key Information:

Vendor: Trend Micro
Status: Trend Micro Mobile Security for Enterprise
Vendor: CVE Published:; 23 January 2024

Summary

Reflected cross-site scripting vulnerabilities identified in Trend Micro Mobile Security (Enterprise) create a pathway for exploits targeting authenticated users. An attacker could craft a malicious link which, when visited by an authenticated victim, compromises security and privacy. This issue highlights the importance of user awareness and the necessity for timely updates and security measures to mitigate such attacks. Organizations relying on this software are advised to monitor for potential exploitation and review the mitigation steps provided by Trend Micro.

Affected Version(s)

Trend Micro Mobile Security for Enterprise 9.8 SP5 < 9.8.3311

References

https://success.trendmicro.com/dcx/s/solution/000294695?l...

https://www.zerodayinitiative.com/advisories/ZDI-24-078/

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 23, 2024
Vulnerability Reserved
Aug 24, 2023