CVE-2015-5720

NONE EPSS 67.9%
Published Sep 3, 20169y ago · Modified Jun 23, 20261w ago
Find Similar
Published Sep 3, 2016 9y ago
Last Modified Jun 23, 2026 1w ago

Description

Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js.

Threat Intelligence

EPSS Exploit Probability
67.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
misp-projectmisp* ≤2.3.89

References 3

  • securityfocus.com http://www.securityfocus.com/bid/92738
  • github.com https://github.com/MISP/MISP/commit/812ac878c3645c02e2a599287117418424cbd4cf
    Issue TrackingPatch
  • circl.lu https://www.circl.lu/advisory/CVE-2015-5720/
    Third Party Advisory

Remediation

  • github.com https://github.com/MISP/MISP/commit/812ac878c3645c02e2a599287117418424cbd4cf
    Issue TrackingPatch