CVE-2015-2872

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-2872
Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allow remote attackers to inject arbitrary web script or HTML via (1) crafted input to index.php that is processed by certain Internet Explorer 7 configurations or (2) crafted input to the widget feature.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://esupport.trendmicro.com/solution/en-US/1112206.aspx Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/248692 Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/76397 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:ja:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:zh:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.6:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.7:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.7:*:*:ja:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.7:*:*:zh:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.8:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.8:*:*:ja:*:*:*:*
History

09 Sep 2021, 17:34

Type Values Removed Values Added
CPE cpe:2.3:a:trend_micro:deep_discovery_inspector:3.5:*:*:zh:*:*:*:*
cpe:2.3:a:trend_micro:deep_discovery_inspector:3.8:*:*:ja:*:*:*:*
cpe:2.3:a:trend_micro:deep_discovery_inspector:3.5:*:*:ja:*:*:*:*
cpe:2.3:a:trend_micro:deep_discovery_inspector:3.7:*:*:ja:*:*:*:*
cpe:2.3:a:trend_micro:deep_discovery_inspector:3.5:*:*:en:*:*:*:*
cpe:2.3:a:trend_micro:deep_discovery_inspector:3.7:*:*:en:*:*:*:*
cpe:2.3:a:trend_micro:deep_discovery_inspector:3.7:*:*:zh:*:*:*:*
cpe:2.3:a:trend_micro:deep_discovery_inspector:3.8:*:*:en:*:*:*:*
cpe:2.3:a:trend_micro:deep_discovery_inspector:3.6:*:*:en:*:*:*:*		 cpe:2.3:a:trendmicro:deep_discovery_inspector:3.6:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.7:*:*:zh:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:ja:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.7:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:zh:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.8:*:*:ja:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.7:*:*:ja:*:*:*:*
cpe:2.3:a:trendmicro:deep_discovery_inspector:3.8:*:*:*:*:*:*:*
Information

Published : 2015-08-23 15:59

Updated : 2023-12-10 11:46

NVD link : CVE-2015-2872

Mitre link : CVE-2015-2872

CVE.ORG link : CVE-2015-2872

JSON object : View

Products Affected

trendmicro

  • deep_discovery_inspector
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')