CVE-2018-15365

MEDIUM

Trend Micro Deep Discovery Inspector <3.85 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-15365. PoCs published by nixwizard.

AI-analyzed exploit summary This repository contains a proof-of-concept for a reflected XSS vulnerability in Trend Micro Deep Discovery Inspector 3.8. The exploit demonstrates how an authenticated user can be tricked into executing arbitrary JavaScript, leading to CSRF token theft and potential admin account creation.

Description

A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in order to exploit the vulnerability.

Exploits (1)

nomisec WORKING POC
by nixwizard · poc
https://github.com/nixwizard/CVE-2018-15365

This repository contains a proof-of-concept for a reflected XSS vulnerability in Trend Micro Deep Discovery Inspector 3.8. The exploit demonstrates how an authenticated user can be tricked into executing arbitrary JavaScript, leading to CSRF token theft and potential admin account creation.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Trend Micro Deep Discovery Inspector 3.8 Service Pack 5 Build 3.85.1165
Auth required
Prerequisites: Authenticated session in Deep Discovery Inspector · Victim must visit a malicious webpage
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Mitigation, Vendor Advisory x_refsource_confirm
https://success.trendmicro.com/solution/1121079
Exploit, Mitigation, Third Party Advisory x_refsource_misc
https://github.com/nixwizard/CVE-2018-15365/

Scores

CVSS v3 5.4
EPSS 0.0060
EPSS Percentile 69.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
trendmicro/deep_discovery_inspector < 3.85
Published Sep 28, 2018
Tracked Since Feb 18, 2026