CVE-2017-13671

NONE EPSS 57.4%
Published Aug 24, 20178y ago · Modified Jun 22, 20261w ago
Find Similar
Published Aug 24, 2017 8y ago
Last Modified Jun 22, 2026 1w ago

Description

app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation.

Threat Intelligence

EPSS Exploit Probability
57.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
misp-projectmisp* ≤2.4.78

References 2

  • securityfocus.com http://www.securityfocus.com/bid/100533
    Third Party AdvisoryVDB Entry
  • github.com https://github.com/MISP/MISP/commit/6eba658d4a648b41b357025d864c19a67412b8aa
    PatchThird Party Advisory

Remediation

  • github.com https://github.com/MISP/MISP/commit/6eba658d4a648b41b357025d864c19a67412b8aa
    PatchThird Party Advisory