CVE-2015-2872

EUVD-2015-2960
Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allow remote attackers to inject arbitrary web script or HTML via (1) crafted input to index.php that is processed by certain Internet Explorer 7 configurations or (2) crafted input to the widget feature.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
trendmicrodeep_discovery_inspector
3.5
trendmicrodeep_discovery_inspector
3.5
trendmicrodeep_discovery_inspector
3.5
trendmicrodeep_discovery_inspector
3.6
trendmicrodeep_discovery_inspector
3.7
trendmicrodeep_discovery_inspector
3.7
trendmicrodeep_discovery_inspector
3.7
trendmicrodeep_discovery_inspector
3.8
trendmicrodeep_discovery_inspector
3.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://esupport.trendmicro.com/solution/en-US/1112206.aspx
http://www.kb.cert.org/vuls/id/248692
http://www.securityfocus.com/bid/76397
http://esupport.trendmicro.com/solution/en-US/1112206.aspx
http://www.kb.cert.org/vuls/id/248692
http://www.securityfocus.com/bid/76397