Reflected Cross-Site Scripting Vulnerability in Trend Micro Mobile Security
CVE-2023-41178

6.1MEDIUM

Key Information:

Vendor: Trend Micro
Status: Trend Micro Mobile Security for Enterprise
Vendor: CVE Published:; 23 January 2024

Summary

Reflected cross-site scripting vulnerabilities found in Trend Micro Mobile Security (Enterprise) can potentially be exploited by an attacker targeting authenticated users. The exploitation occurs when a victim clicks on a crafted malicious link, resulting in unintended execution of scripts within the user's browser context. This vulnerability poses a significant risk, enabling attackers to compromise users’ sessions or inject malicious scripts, leading to unauthorized actions or data exposure. It is important for users to remain vigilant against unsolicited links and for the vendor to provide timely patches to mitigate such risks.

Affected Version(s)

Trend Micro Mobile Security for Enterprise 9.8 SP5 < 9.8.3311

References

https://success.trendmicro.com/dcx/s/solution/000294695?l...

https://www.zerodayinitiative.com/advisories/ZDI-24-080/

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 23, 2024
Vulnerability Reserved
Aug 24, 2023