Cross-Site Scripting in MISP by The MISP Project
CVE-2017-16802

5.4MEDIUM

Key Information:

Vendor: Misp-project
Status: Misp
Vendor: CVE Published:; 13 November 2017

🔔 Create Misp-project Vulnerability Alert

What is CVE-2017-16802?

A Cross-Site Scripting vulnerability exists in the sharingGroupPopulateOrganisations function of MISP version 2.4.82. This flaw allows an attacker to inject malicious scripts through a specially crafted organization name that is added manually. If exploited, this vulnerability can lead to unauthorized actions performed on behalf of the user, potentially compromising the security of sensitive data.

References

https://github.com/MISP/MISP/commit/a659664447a7b2a383cb9...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2017
Vulnerability Reserved
Nov 13, 2017

CVE-2017-16802 Data

JSON