{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-41178", "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "state": "PUBLISHED", "assignerShortName": "trendmicro", "dateReserved": "2023-08-24T14:36:57.668Z", "datePublished": "2024-01-23T20:36:01.653Z", "dateUpdated": "2024-01-23T20:36:01.653Z"}, "containers": {"cna": {"affected": [{"vendor": "Trend Micro, Inc.", "product": "Trend Micro Mobile Security for Enterprise", "versions": [{"version": "9.8 SP5", "status": "affected", "versionType": "semver", "lessThan": "9.8.3311"}]}], "descriptions": [{"lang": "en", "value": "Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker.\r\n\r\nPlease note, this vulnerability is similar to, but not identical to, CVE-2023-41176."}], "providerMetadata": {"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "shortName": "trendmicro", "dateUpdated": "2024-01-23T20:36:01.653Z"}, "references": [{"url": "https://success.trendmicro.com/dcx/s/solution/000294695?language=en_US"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-080/"}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:mobile_security:9.8:*:*:*:enterprise:*:*:*", "matchCriteriaId": "2F570A01-23A1-4257-8A52-2BA3A14BC47C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker.\r\n\r\nPlease note, this vulnerability is similar to, but not identical to, CVE-2023-41176."}, {"lang": "es", "value": "Las vulnerabilidades de cross-site scripting (XSS) reflejado en Trend Micro Mobile Security (Enterprise) podr\u00edan permitir una explotaci\u00f3n contra una v\u00edctima autenticada que visita un enlace malicioso proporcionado por un atacante. Tenga en cuenta que esta vulnerabilidad es similar, pero no id\u00e9ntica, a CVE-2023-41176."}], "id": "CVE-2023-41178", "lastModified": "2024-01-29T17:35:46.797", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-23T21:15:08.430", "references": [{"source": "security@trendmicro.com", "tags": ["Vendor Advisory"], "url": "https://success.trendmicro.com/dcx/s/solution/000294695?language=en_US"}, {"source": "security@trendmicro.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-080/"}], "sourceIdentifier": "security@trendmicro.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}