Reflected XSS Vulnerability in MISP by the MISP Project
CVE-2017-15216
6.1MEDIUM
What is CVE-2017-15216?
A reflected Cross-Site Scripting (XSS) vulnerability exists in MISP versions prior to 2.4.81 due to improper input validation in the quickDelete action. This flaw can be exploited when a user interacts with the quickDelete functionality used for deleting sightings, specifically within the app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.js files. If successfully exploited, this vulnerability may allow an attacker to inject malicious scripts into web pages viewed by other users.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved