A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in order to exploit the vulnerability.
References
| Link | Resource |
|---|---|
| https://github.com/nixwizard/CVE-2018-15365/ | Exploit Mitigation Third Party Advisory |
| https://success.trendmicro.com/solution/1121079 | Mitigation Vendor Advisory |
| https://github.com/nixwizard/CVE-2018-15365/ | Exploit Mitigation Third Party Advisory |
| https://success.trendmicro.com/solution/1121079 | Mitigation Vendor Advisory |
Configurations
History
21 Nov 2024, 03:50
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/nixwizard/CVE-2018-15365/ - Exploit, Mitigation, Third Party Advisory | |
| References | () https://success.trendmicro.com/solution/1121079 - Mitigation, Vendor Advisory |
Information
Published : 2018-09-28 17:29
Updated : 2024-11-21 03:50
NVD link : CVE-2018-15365
Mitre link : CVE-2018-15365
CVE.ORG link : CVE-2018-15365
JSON object : View
Products Affected
trendmicro
- deep_discovery_inspector
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')