Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-14096

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

6.1MEDIUM

EPSS

2.5%

top 14.53%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Trendmicro Smart Protection Server Trend Micro Trend Micro Smart Protection Server (standalone)

Timeline

PublishedJan 19

Latest updateMay 14

Description

A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5trend_micro/trend_micro_smart_protection_server_(standalone)3.0, 3.1, 3.2

▶NVDtrendmicro/smart_protection_server3.2

🔴Vulnerability Details

GHSA

GHSA-h538-q7xc-x383: A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3↗2022-05-14

▶

CVEList

CVE-2017-14096: A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3↗2018-01-19

▶

💥Exploits & PoCs

Exploit-DB

Trend Micro Smart Protection Server - Session Hijacking / Log File Disclosure / Remote Command Execution / Cron Job Injection / Local File Inclusion / Stored Cross-Site Scripting / Improper Access Con↗2017-12-19

▶