CVE-2017-13671

MEDIUM(4.3)

AV:N/AC:M/Au:N/C:N/I:P/A:N

Risk Signal Score11/100 — NIEDRIG

CVSS 4.3 — Mittel

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

4.3

Technische Schwere

Beschreibung

app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation.

Referenzen

http://www.securityfocus.com/bid/100533
https://github.com/MISP/MISP/commit/6eba658d4a648b41b357025d864c19a67412b8aa
http://www.securityfocus.com/bid/100533
https://github.com/MISP/MISP/commit/6eba658d4a648b41b357025d864c19a67412b8aa