Reflected XSS Vulnerability in MISP by the MISP Project
CVE-2017-15216

6.1MEDIUM

Key Information:

Vendor: Misp-project
Status: Misp
Vendor: CVE Published:; 10 October 2017

🔔 Create Misp-project Vulnerability Alert

What is CVE-2017-15216?

A reflected Cross-Site Scripting (XSS) vulnerability exists in MISP versions prior to 2.4.81 due to improper input validation in the quickDelete action. This flaw can be exploited when a user interacts with the quickDelete functionality used for deleting sightings, specifically within the app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.js files. If successfully exploited, this vulnerability may allow an attacker to inject malicious scripts into web pages viewed by other users.

References

https://www.misp.software/Changelog.txt

x_refsource_CONFIRM

https://github.com/MISP/MISP/commit/ca6f4a783a6ba65532dc8...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2017
Vulnerability Reserved
Oct 10, 2017

CVE-2017-15216 Data

JSON