Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allow remote attackers to inject arbitrary web script or HTML via (1) crafted input to index.php that is processed by certain Internet Explorer 7 configurations or (2) crafted input to the widget feature.
References
Link | Resource |
---|---|
http://esupport.trendmicro.com/solution/en-US/1112206.aspx | Patch Vendor Advisory |
http://www.kb.cert.org/vuls/id/248692 | Third Party Advisory US Government Resource |
http://www.securityfocus.com/bid/76397 | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: certcc
Published: 2015-08-23T15:00:00
Updated: 2016-11-25T19:57:01
Reserved: 2015-04-03T00:00:00
Link: CVE-2015-2872
JSON object: View
NVD Information
Status : Analyzed
Published: 2015-08-23T15:59:01.253
Modified: 2021-09-09T17:34:01.227
Link: CVE-2015-2872
JSON object: View
Redhat Information
No data.
CWE