Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/92738 | |
https://github.com/MISP/MISP/commit/812ac878c3645c02e2a599287117418424cbd4cf | Issue Tracking Patch |
https://www.circl.lu/advisory/CVE-2015-5720/ | Third Party Advisory |
http://www.securityfocus.com/bid/92738 | |
https://github.com/MISP/MISP/commit/812ac878c3645c02e2a599287117418424cbd4cf | Issue Tracking Patch |
https://www.circl.lu/advisory/CVE-2015-5720/ | Third Party Advisory |
Configurations
History
21 Nov 2024, 02:33
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/92738 - | |
References | () https://github.com/MISP/MISP/commit/812ac878c3645c02e2a599287117418424cbd4cf - Issue Tracking, Patch | |
References | () https://www.circl.lu/advisory/CVE-2015-5720/ - Third Party Advisory |
Information
Published : 2016-09-03 20:59
Updated : 2024-11-21 02:33
NVD link : CVE-2015-5720
Mitre link : CVE-2015-5720
CVE.ORG link : CVE-2015-5720
JSON object : View
Products Affected
misp-project
- malware_information_sharing_platform
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')