Unrated severityNVD Advisory· Published Aug 23, 2015· Updated May 6, 2026
CVE-2015-2872
CVE-2015-2872
Description
Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allow remote attackers to inject arbitrary web script or HTML via (1) crafted input to index.php that is processed by certain Internet Explorer 7 configurations or (2) crafted input to the widget feature.
Affected products
9cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:ja:*:*:*:*
- cpe:2.3:a:trendmicro:deep_discovery_inspector:3.5:*:*:zh:*:*:*:*
- cpe:2.3:a:trendmicro:deep_discovery_inspector:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:trendmicro:deep_discovery_inspector:3.7:*:*:*:*:*:*:*
- cpe:2.3:a:trendmicro:deep_discovery_inspector:3.7:*:*:ja:*:*:*:*
- cpe:2.3:a:trendmicro:deep_discovery_inspector:3.7:*:*:zh:*:*:*:*
- cpe:2.3:a:trendmicro:deep_discovery_inspector:3.8:*:*:*:*:*:*:*
- cpe:2.3:a:trendmicro:deep_discovery_inspector:3.8:*:*:ja:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- esupport.trendmicro.com/solution/en-US/1112206.aspxnvdPatchVendor Advisory
- www.kb.cert.org/vuls/id/248692nvdThird Party AdvisoryUS Government Resource
- www.securityfocus.com/bid/76397nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.