Unrated severityNVD Advisory· Published Aug 23, 2015· Updated Jun 17, 2026
CVE-2015-2872
CVE-2015-2872
Description
Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allow remote attackers to inject arbitrary web script or HTML via (1) crafted input to index.php that is processed by certain Internet Explorer 7 configurations or (2) crafted input to the widget feature.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:ja:*:*:*:*
- cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:zh:*:*:*:*
- cpe:2.3:a:trendmicro:deep_discovery_inspector:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:trendmicro:deep_discovery_inspector:3.7:*:*:*:*:*:*:*
- cpe:2.3:a:trendmicro:deep_discovery_inspector:3.7:*:*:ja:*:*:*:*
- cpe:2.3:a:trendmicro:deep_discovery_inspector:3.7:*:*:zh:*:*:*:*
- cpe:2.3:a:trendmicro:deep_discovery_inspector:3.8:*:*:*:*:*:*:*
- cpe:2.3:a:trendmicro:deep_discovery_inspector:3.8:*:*:ja:*:*:*:*
- (no CPE)range: <3.5.1477, 3.6.x <3.6.1217, 3.7.x <3.7.1248, 3.8.x <3.8.1263
Patches
Vulnerability mechanics
References
3- esupport.trendmicro.com/solution/en-US/1112206.aspxnvdPatchVendor Advisory
- www.kb.cert.org/vuls/id/248692nvdThird Party AdvisoryUS Government Resource
- www.securityfocus.com/bid/76397nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.