Vulnerability Description
A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in order to exploit the vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Deep Discovery Inspector | <= 3.85 |
Related Weaknesses (CWE)
References
- https://github.com/nixwizard/CVE-2018-15365/ExploitMitigationThird Party Advisory
- https://success.trendmicro.com/solution/1121079MitigationVendor Advisory
- https://github.com/nixwizard/CVE-2018-15365/ExploitMitigationThird Party Advisory
- https://success.trendmicro.com/solution/1121079MitigationVendor Advisory
FAQ
What is CVE-2018-15365?
CVE-2018-15365 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable instal...
How severe is CVE-2018-15365?
CVE-2018-15365 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-15365?
Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Deep Discovery Inspector.