CVE-2017-13671

app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-08-24 19:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-13671

Mitre link : CVE-2017-13671

CVE.ORG link : CVE-2017-13671


JSON object : View

Products Affected

misp

  • misp
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')