VYPR
Unrated severityNVD Advisory· Published Aug 23, 2015· Updated Jun 17, 2026

CVE-2015-2872

CVE-2015-2872

Description

Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allow remote attackers to inject arbitrary web script or HTML via (1) crafted input to index.php that is processed by certain Internet Explorer 7 configurations or (2) crafted input to the widget feature.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10
  • cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:ja:*:*:*:*
    • cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:zh:*:*:*:*
    • cpe:2.3:a:trendmicro:deep_discovery_inspector:3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:trendmicro:deep_discovery_inspector:3.7:*:*:*:*:*:*:*
    • cpe:2.3:a:trendmicro:deep_discovery_inspector:3.7:*:*:ja:*:*:*:*
    • cpe:2.3:a:trendmicro:deep_discovery_inspector:3.7:*:*:zh:*:*:*:*
    • cpe:2.3:a:trendmicro:deep_discovery_inspector:3.8:*:*:*:*:*:*:*
    • cpe:2.3:a:trendmicro:deep_discovery_inspector:3.8:*:*:ja:*:*:*:*
    • (no CPE)range: <3.5.1477, 3.6.x <3.6.1217, 3.7.x <3.7.1248, 3.8.x <3.8.1263

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.