CVE-2015-5720
MEDIUMMalware Information Sharing Platform < 2.3.90 - Cross-Site Scripting in Template Creation
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_confirm
https://www.circl.lu/advisory/CVE-2015-5720/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92738
Issue Tracking, Patch x_refsource_confirm
https://github.com/MISP/MISP/commit/812ac878c3645c02e2a599287117418424cbd4cf
Scores
CVSS v3
6.1
EPSS
0.0134
EPSS Percentile
67.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
misp-project/malware_information_sharing_platform
< 2.3.89
Published
Sep 03, 2016
Tracked Since
Feb 18, 2026