Description
Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_confirm
https://www.circl.lu/advisory/CVE-2015-5720/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92738
Issue Tracking, Patch x_refsource_confirm
https://github.com/MISP/MISP/commit/812ac878c3645c02e2a599287117418424cbd4cf
Scores
CVSS v3
6.1
EPSS
0.0025
EPSS Percentile
47.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
misp-project/malware_information_sharing_platform
< 2.3.89
Published
Sep 03, 2016
Tracked Since
Feb 18, 2026