4.3

CVE-2015-2872

Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allow remote attackers to inject arbitrary web script or HTML via (1) crafted input to index.php that is processed by certain Internet Explorer 7 configurations or (2) crafted input to the widget feature.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TrendmicroDeep Discovery Inspector Version3.5 Langja
TrendmicroDeep Discovery Inspector Version3.5 Langzh
TrendmicroDeep Discovery Inspector Version3.7 Langja
TrendmicroDeep Discovery Inspector Version3.7 Langzh
TrendmicroDeep Discovery Inspector Version3.8 Langja
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.02% 0.861
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.kb.cert.org/vuls/id/248692
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/76397
Third Party Advisory
VDB Entry