CVE-2015-2872

Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allow remote attackers to inject arbitrary web script or HTML via (1) crafted input to index.php that is processed by certain Internet Explorer 7 configurations or (2) crafted input to the widget feature.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
trendmicrodeep_discovery_inspector
3.5
trendmicrodeep_discovery_inspector
3.5
trendmicrodeep_discovery_inspector
3.5
trendmicrodeep_discovery_inspector
3.6
trendmicrodeep_discovery_inspector
3.7
trendmicrodeep_discovery_inspector
3.7
trendmicrodeep_discovery_inspector
3.7
trendmicrodeep_discovery_inspector
3.8
trendmicrodeep_discovery_inspector
3.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://esupport.trendmicro.com/solution/en-US/1112206.aspx
http://www.kb.cert.org/vuls/id/248692
http://www.securityfocus.com/bid/76397
http://esupport.trendmicro.com/solution/en-US/1112206.aspx
http://www.kb.cert.org/vuls/id/248692
http://www.securityfocus.com/bid/76397