Main Vulnerability Database Vulnerabilities #VU37754

Cross-site scripting in ScanMail - CVE-2017-14093

Published: December 16, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU37754

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-14093

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Trend Micro

Affected software:
ScanMail

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks.

Install update from vendor's website.