exploitDog

CVE-2018-15365

Опубликовано: 28 сент. 2018

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in order to exploit the vulnerability.

Ссылки

https://github.com/nixwizard/CVE-2018-15365/
Exploit
Mitigation
Third Party Advisory
https://success.trendmicro.com/solution/1121079
Mitigation
Vendor Advisory
https://github.com/nixwizard/CVE-2018-15365/
Exploit
Mitigation
Third Party Advisory
https://success.trendmicro.com/solution/1121079
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:trendmicro:deep_discovery_inspector:*:*:*:*:*:*:*:*

Версия до 3.85 (включая)

EPSS

Процентиль: 69%

0.00602

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-gwrx-ccf8-375j

CVSS3: 5.4

github

больше 3 лет назад

A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in order to exploit the vulnerability.

EPSS

Процентиль: 69%

0.00602

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79