Vulnerabilities > Trendmicro > Mobile Security > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-23 | CVE-2023-41176 | Cross-site Scripting vulnerability in Trendmicro Mobile Security 9.8 Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41177. | 6.1 |
| 2024-01-23 | CVE-2023-41177 | Cross-site Scripting vulnerability in Trendmicro Mobile Security 9.8 Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41178. | 6.1 |
| 2024-01-23 | CVE-2023-41178 | Cross-site Scripting vulnerability in Trendmicro Mobile Security 9.8 Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41176. | 6.1 |
| 2023-06-26 | CVE-2023-32525 | Unspecified vulnerability in Trendmicro Mobile Security 9.8 Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. | 6.5 |
| 2023-06-26 | CVE-2023-32526 | Unspecified vulnerability in Trendmicro Mobile Security 9.8 Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. | 6.5 |
| 2020-02-20 | CVE-2019-14688 | Uncontrolled Search Path Element vulnerability in Trendmicro products Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. | 5.1 |
| 2018-01-19 | CVE-2017-14082 | Information Exposure vulnerability in Trendmicro Mobile Security An uninitialized pointer information disclosure vulnerability in Trend Micro Mobile Security (Enterprise) versions 9.7 and below could allow an unauthenticated remote attacker to disclosure sensitive information on a vulnerable system. | 5.0 |
| 2017-09-22 | CVE-2017-14081 | Command Injection vulnerability in Trendmicro Mobile Security Proxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | 6.5 |
| 2017-09-22 | CVE-2017-14079 | Unrestricted Upload of File with Dangerous Type vulnerability in Trendmicro Mobile Security 9.7 Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | 6.5 |
| 2017-03-31 | CVE-2016-9319 | Improper Certificate Validation vulnerability in Trendmicro Mobile Security There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398. | 4.3 |