CVE-2015-2872

Trend Micro Deep Discovery Inspector <3.5.1477, <3.6.x-3.6.1217, <3...

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allow remote attackers to inject arbitrary web script or HTML via (1) crafted input to index.php that is processed by certain Internet Explorer 7 configurations or (2) crafted input to the widget feature.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/76397

Patch, Vendor Advisory x_refsource_confirm

http://esupport.trendmicro.com/solution/en-US/1112206.aspx

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/248692

Scores

EPSS 0.0258

EPSS Percentile 85.8%

Details

CWE

CWE-79

Status published

Products (4)

trendmicro/deep_discovery_inspector 3.5 (3 CPE variants)

trendmicro/deep_discovery_inspector 3.6

trendmicro/deep_discovery_inspector 3.7 (3 CPE variants)

trendmicro/deep_discovery_inspector 3.8 (2 CPE variants)

Published Aug 23, 2015

Tracked Since Feb 18, 2026