Reflected Cross-Site Scripting Vulnerability in Trend Micro Mobile Security
CVE-2023-41177

6.1MEDIUM

Key Information:

Vendor: Trend Micro
Status: Trend Micro Mobile Security for Enterprise
Vendor: CVE Published:; 23 January 2024

Summary

Reflected cross-site scripting vulnerabilities exist in Trend Micro Mobile Security (Enterprise), allowing attackers to craft malicious links that, when clicked by an authenticated user, could lead to unauthorized actions or information exposure. This highlights the importance of implementing strict input validation and output encoding as preventive measures against such exploits.

Affected Version(s)

Trend Micro Mobile Security for Enterprise 9.8 SP5 < 9.8.3311

References

https://success.trendmicro.com/dcx/s/solution/000294695?l...

https://www.zerodayinitiative.com/advisories/ZDI-24-079/

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 23, 2024
Vulnerability Reserved
Aug 24, 2023