Misp: >> Misp >> 2.4.100 Security Vulnerabilities
A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. JavaScript can be included in the discussion interface, and can be triggered by clicking on the link.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-05-08
An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107. There is persistent XSS via link type attributes with javascript:// links.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-05-08
An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-05-08
In MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-28
Page 5