PT-2017-13248 · Trend Micro · Trend Micro Scanmail For Exchange

Publicado

2017-12-15

Atualizado

2017-12-27

CVE-2017-14093

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Trend Micro ScanMail for Exchange version 12.0

Description The issue concerns the Log Query and Quarantine Query pages, which are susceptible to cross-site scripting (XSS) attacks. This type of attack occurs when an application includes user input in its output without proper validation, allowing an attacker to inject malicious scripts into the application.

Recommendations For Trend Micro ScanMail for Exchange version 12.0, update to a version that includes a fix for this issue to prevent cross-site scripting attacks.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2017-14093

Produtos afetados

Trend Micro Scanmail For Exchange

PT-2017-13248 · Trend Micro · Trend Micro Scanmail For Exchange

CVE-2017-14093

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4