CVE-2018-15365

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.6%
top 30.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trendmicro Deep Discovery InspectorTrend Micro Trend Micro Deep Discovery Inspector
Timeline
PublishedSep 28
Latest updateMay 14

Description

A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in order to exploit the vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-gwrx-ccf8-375j: A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 32022-05-14
CVEList
CVE-2018-15365: A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 32018-09-28
CVE-2018-15365 (MEDIUM CVSS 5.4) | A Reflected Cross-Site Scripting (X | cvebase.io