PT-2017-13248 · Trend Micro · Trend Micro Scanmail For Exchange

Published

2017-12-15

Updated

2017-12-27

CVE-2017-14093

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Trend Micro ScanMail for Exchange version 12.0

Description The issue concerns the Log Query and Quarantine Query pages, which are susceptible to cross-site scripting (XSS) attacks. This type of attack occurs when an application includes user input in its output without proper validation, allowing an attacker to inject malicious scripts into the application.

Recommendations For Trend Micro ScanMail for Exchange version 12.0, update to a version that includes a fix for this issue to prevent cross-site scripting attacks.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-14093

Affected Products

Trend Micro Scanmail For Exchange

PT-2017-13248 · Trend Micro · Trend Micro Scanmail For Exchange

CVE-2017-14093

Weakness Enumeration

Related Identifiers

Affected Products

References · 4