CVE-2017-8801
medium
CVSS v3
6.1
CVSS v4 NEW
โ
VIR risk
6.1
Description
Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website.
Predictions
Exploit likelihood
71%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| trendmicro | officescan | 11.0 | |
| trendmicro | officescan | 12.0 | |
References
- http://files.trendmicro.com/products/officescan/11.0_SP1/readme/osce-11-sp1-patch1-win-all-criticalpatch-6325_readme.txt
- https://success.trendmicro.com/solution/1117204-security-bulletin-trend-micro-officescan-11-xg-multiple-vulnerabilities
- http://files.trendmicro.com/products/officescan/11.0_SP1/readme/osce-11-sp1-patch1-win-all-criticalpatch-6325_readme.txt
- https://success.trendmicro.com/solution/1117204-security-bulletin-trend-micro-officescan-11-xg-multiple-vulnerabilities
CWEs
CWE-79
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.