exploitDog

CVE-2017-13671

Опубликовано: 24 авг. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation.

Ссылки

http://www.securityfocus.com/bid/100533
Third Party Advisory
VDB Entry
https://github.com/MISP/MISP/commit/6eba658d4a648b41b357025d864c19a67412b8aa
Patch
Third Party Advisory
http://www.securityfocus.com/bid/100533
Third Party Advisory
VDB Entry
https://github.com/MISP/MISP/commit/6eba658d4a648b41b357025d864c19a67412b8aa
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*

Версия до 2.4.78 (включая)

EPSS

Процентиль: 55%

0.0033

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-68f7-j9wm-g656

CVSS3: 6.1

github

больше 3 лет назад

app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation.

EPSS

Процентиль: 55%

0.0033

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79