CVE-2015-2872

Name of the Vulnerable Software and Affected Versions Trend Micro Deep Discovery Inspector (DDI) versions prior to 3.5.1477 Trend Micro Deep Discovery Inspector (DDI) versions 3.6.x prior to 3.6.1217 Trend Micro Deep Discovery Inspector (DDI) versions 3.7.x prior to 3.7.1248 Trend Micro Deep Discovery Inspector (DDI) versions 3.8.x prior to 3.8.1263

Description The issue allows remote attackers to inject arbitrary web script or HTML via crafted input to index.php that is processed by certain Internet Explorer 7 configurations or crafted input to the widget feature. This can lead to cross-site scripting (XSS) attacks.

Recommendations For versions prior to 3.5.1477, update to version 3.5.1477 or later. For versions 3.6.x prior to 3.6.1217, update to version 3.6.1217 or later. For versions 3.7.x prior to 3.7.1248, update to version 3.7.1248 or later. For versions 3.8.x prior to 3.8.1263, update to version 3.8.1263 or later. As a temporary workaround, consider restricting access to the index.php and widget feature until a patch is available.