Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js.
References
Link | Resource |
---|---|
https://github.com/MISP/MISP/commit/812ac878c3645c02e2a599287117418424cbd4cf | Issue Tracking Patch |
https://www.circl.lu/advisory/CVE-2015-5720/ | Third Party Advisory |
http://www.securityfocus.com/bid/92738 |
Configurations
Information
Published : 2016-09-03 13:59
Updated : 2016-11-28 11:35
NVD link : CVE-2015-5720
Mitre link : CVE-2015-5720
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
misp-project
- malware_information_sharing_platform