CVE-2017-8801

Published: May 5, 2017Modified: May 13, 2026

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website.

Affected (2)

Products: Trendmicro: Officescan

Trendmicro

1 product

Officescan

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Trendmicro Officescan	Version 11.0
Trendmicro Officescan	Version 12.0

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://files.trendmicro.com/products/officescan/11.0_SP1/readme/osce-11-sp1-patch1-win-all-criticalpatch-6325_readme.txt

Source: cve@mitre.org

Release NotesVendor Advisory

https://success.trendmicro.com/solution/1117204-security-bulletin-trend-micro-officescan-11-xg-multiple-vulnerabilities

Source: cve@mitre.org

MitigationVendor Advisory

http://files.trendmicro.com/products/officescan/11.0_SP1/readme/osce-11-sp1-patch1-win-all-criticalpatch-6325_readme.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://success.trendmicro.com/solution/1117204-security-bulletin-trend-micro-officescan-11-xg-multiple-vulnerabilities

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.