CVE-2015-5720
NONE EPSS 67.9%
Published Sep 3, 20169y ago · Modified Jun 23, 20261w ago
Published Sep 3, 2016 9y ago
Last Modified Jun 23, 2026 1w ago
Description
Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js.
Threat Intelligence
EPSS Exploit Probability
67.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| misp-project | misp | * | ≤2.3.89 |
References 3
- securityfocus.com http://www.securityfocus.com/bid/92738
- github.com https://github.com/MISP/MISP/commit/812ac878c3645c02e2a599287117418424cbd4cf
- circl.lu https://www.circl.lu/advisory/CVE-2015-5720/
Remediation
- github.com https://github.com/MISP/MISP/commit/812ac878c3645c02e2a599287117418424cbd4cf