CVE-2023-52330

Опубликовано: 23 янв. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

A cross-site scripting vulnerability in Trend Micro Apex Central could allow a remote attacker to execute arbitrary code on affected installations of Trend Micro Apex Central.

Please note: user interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Ссылки

https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-24-051/
Third Party Advisory
VDB Entry
https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-24-051/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*

Версия до 14.0.12849 (исключая)

cpe:2.3:a:trendmicro:apex_one:2019:-:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.00758

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-gvjg-pwqj-xrpj

CVSS3: 6.1

github

около 2 лет назад

A cross-site scripting vulnerability in Trend Micro Apex Central could allow a remote attacker to execute arbitrary code on affected installations of Trend Micro Apex Central. Please note: user interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

BDU:2024-00367

CVSS3: 5.4

fstec