Cross site scripting

2015-08-2315:59:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allow remote attackers to inject arbitrary web script or HTML via (1) crafted input to index.php that is processed by certain Internet Explorer 7 configurations or (2) crafted input to the widget feature.

CPENameOperatorVersion
deep_discovery_inspectoreq3.5
deep_discovery_inspectoreq3.5
deep_discovery_inspectoreq3.5
deep_discovery_inspectoreq3.6
deep_discovery_inspectoreq3.7
deep_discovery_inspectoreq3.7
deep_discovery_inspectoreq3.7
deep_discovery_inspectoreq3.8
deep_discovery_inspectoreq3.8

Name	Operator	Version
deep_discovery_inspector	eq	3.5
deep_discovery_inspector	eq	3.5
deep_discovery_inspector	eq	3.5
deep_discovery_inspector	eq	3.6
deep_discovery_inspector	eq	3.7
deep_discovery_inspector	eq	3.7
deep_discovery_inspector	eq	3.7
deep_discovery_inspector	eq	3.8
deep_discovery_inspector	eq	3.8