exploitDog

CVE-2017-15216

Опубликовано: 10 окт. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

MISP before 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.js.

Ссылки

https://github.com/MISP/MISP/commit/ca6f4a783a6ba65532dc8767446bda44773ec627
Third Party Advisory
https://www.misp.software/Changelog.txt
Vendor Advisory
https://github.com/MISP/MISP/commit/ca6f4a783a6ba65532dc8767446bda44773ec627
Third Party Advisory
https://www.misp.software/Changelog.txt
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*

Версия до 2.4.80 (включая)

EPSS

Процентиль: 50%

0.00266

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-pjx8-jpc3-483f

CVSS3: 6.1

github

больше 3 лет назад

MISP before 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.js.

EPSS

Процентиль: 50%

0.00266

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79