CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5720
https://notcve.org/view.php?id=CVE-2015-5720
03 Sep 2016 — Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js. Múltiples vulnerabilidades de XSS en la funcionalidad de creación de plantilla en Malware Information Sharing Platform (MISP) en versiones anteriores a 2.3.90 permiten a atacantes remotos inyectar secuencias de comandos web o HTM... • http://www.securityfocus.com/bid/92738 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5721
https://notcve.org/view.php?id=CVE-2015-5721
03 Sep 2016 — Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp. Malware Information Sharing Platform (MISP) en versiones anteriores a 2.3.90 permite a atacantes remotos llevar a cabo ataques de inyección de objeto PHP a través de datos serializados manipulados, relacionado con TemplatesController.php y populate_event_from_template_attribut... • http://www.securityfocus.com/bid/92739 • CWE-94: Improper Control of Generation of Code ('Code Injection') •