cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-41178,https://securityvulnerability.io/vulnerability/CVE-2023-41178,Reflected Cross-Site Scripting Vulnerability in Trend Micro Mobile Security,"Reflected cross-site scripting vulnerabilities found in Trend Micro Mobile Security (Enterprise) can potentially be exploited by an attacker targeting authenticated users. The exploitation occurs when a victim clicks on a crafted malicious link, resulting in unintended execution of scripts within the user's browser context. This vulnerability poses a significant risk, enabling attackers to compromise users’ sessions or inject malicious scripts, leading to unauthorized actions or data exposure. It is important for users to remain vigilant against unsolicited links and for the vendor to provide timely patches to mitigate such risks.",Trend Micro,Trend Micro Mobile Security for Enterprise,6.1,MEDIUM,0.000699999975040555,false,false,false,false,,false,false,2024-01-23T20:36:01.653Z,0
CVE-2023-41177,https://securityvulnerability.io/vulnerability/CVE-2023-41177,Reflected Cross-Site Scripting Vulnerability in Trend Micro Mobile Security,"Reflected cross-site scripting vulnerabilities exist in Trend Micro Mobile Security (Enterprise), allowing attackers to craft malicious links that, when clicked by an authenticated user, could lead to unauthorized actions or information exposure. This highlights the importance of implementing strict input validation and output encoding as preventive measures against such exploits.",Trend Micro,Trend Micro Mobile Security for Enterprise,6.1,MEDIUM,0.000699999975040555,false,false,false,false,,false,false,2024-01-23T20:35:37.218Z,0
CVE-2023-41176,https://securityvulnerability.io/vulnerability/CVE-2023-41176,Reflected Cross-Site Scripting in Trend Micro Mobile Security,"Reflected cross-site scripting vulnerabilities identified in Trend Micro Mobile Security (Enterprise) create a pathway for exploits targeting authenticated users. An attacker could craft a malicious link which, when visited by an authenticated victim, compromises security and privacy. This issue highlights the importance of user awareness and the necessity for timely updates and security measures to mitigate such attacks. Organizations relying on this software are advised to monitor for potential exploitation and review the mitigation steps provided by Trend Micro.",Trend Micro,Trend Micro Mobile Security for Enterprise,6.1,MEDIUM,0.000699999975040555,false,false,false,false,,false,false,2024-01-23T20:35:25.291Z,0
CVE-2022-40980,https://securityvulnerability.io/vulnerability/CVE-2022-40980,,A potential unathenticated file deletion vulnerabilty on Trend Micro Mobile Security for Enterprise 9.8 SP5 could allow an attacker with access to the Management Server to delete files. This issue was resolved in 9.8 SP5 Critical Patch 2.,Trend Micro,Trend Micro Mobile Security For Enterprise,9.1,CRITICAL,0.000910000002477318,false,false,false,false,,false,false,2022-09-19T18:01:07.000Z,0
CVE-2019-14688,https://securityvulnerability.io/vulnerability/CVE-2019-14688,,Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run.,Trend Micro,"Trend Micro Im Security (ims), Trend Micro Control Manager (tmcm), Trend Micro Officescan (osce), Trend Micro Endpoint Sensor (tmes), Trend Micro Security (consumer), Trend Micro Scanmail For Microsoft Exchange (smex), Trend Micro Serverprotect (sp), Trend Micro Mobile Security Enterprise (tmms Enterprise)",7,HIGH,0.0006300000241026282,false,false,false,false,,false,false,2020-02-20T22:50:22.000Z,0
CVE-2017-14082,https://securityvulnerability.io/vulnerability/CVE-2017-14082,,An uninitialized pointer information disclosure vulnerability in Trend Micro Mobile Security (Enterprise) versions 9.7 and below could allow an unauthenticated remote attacker to disclosure sensitive information on a vulnerable system.,Trend Micro,Trend Micro Mobile Security (enterprise),7.5,HIGH,0.012919999659061432,false,false,false,false,,false,false,2018-01-19T19:00:00.000Z,0