CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13671 – MISP 2.4.79 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-13671
24 Aug 2017 — app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation. app/View/Helper/CommandHelper.php en MISP en versiones anteriores a la 2.4.79 tiene XSS persistente mediante comentarios. Sólo afecta a los usuarios de la misma instancia, debido a que el campo comment no forma parte de la sincronización MISP. MISP (Malware Information Sharing Platform and Threat Sharing) ve... • http://www.securityfocus.com/bid/100533 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7215
https://notcve.org/view.php?id=CVE-2017-7215
21 Mar 2017 — Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP before 2.4.69 allows remote attackers to inject arbitrary web script or HTML. Cross site scripting en algunos elementos de vista en la herramienta de filtro de índice en app/webroot/js/misp2.4.68.js y la página de destino de la organización en app/View/Organisations/ajax/landingpage.ctp de MISP en versiones anteriores a 2... • http://www.fortiguard.com/advisory/FG-VD-17-021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •