- 209/2023
- Medium
Trend Micro has released a security update to fix several reflected cross-site scripting (XSS) vulnerabilities at Trend Micro Mobile Security (Enterprise) version 9.8.
The severity of the addressed vulnerabilities could allow the remote attacker to perform reflected cross-site scripting attacks and steal the victim’s cookie-based authentication credential from the affected system by persuading the victim to visit a specially crafted malicious link.
Sample of the addressed vulnerabilities:
Trend Micro Mobile Security (Enterprise) Reflected Cross-Site Scripting (XSS) Vulnerability (CVE-2023-41176):
- CVSS: 6.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Requierd
- Consequences: Cross-Site Scripting
Vulnerabilities
- CVE-2023-41176
- CVE-2023-41177
- CVE-2023-41178
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.