CVE-2018-15365

A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in order to exploit the vulnerability.

Published: Sep 28, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-15365
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
trendmicro / deep_discovery_inspector	-	3.85.x

https://github.com/nixwizard/CVE-2018-15365/
https://success.trendmicro.com/solution/1121079

Vulnerability Database

289,871

CVE-2018-15365