CVE-2017-13671

MISP/MISP

on github

Published

August 24, 2017

Severity

CVSS v3:

6.1 MEDIUM

CVSS v2:

4.3 MEDIUM

Description

app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation.

References

https://github.com/MISP/MISP/commit/6eba658d4a648b41b357025d864c19a67412b8aa
http://www.securityfocus.com/bid/100533

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:misp:misp::::::::	n/a	2.4.78 (including)	*

External Links

NVD - CVE-2017-13671