In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added.
References
Link | Resource |
---|---|
https://github.com/MISP/MISP/commit/a659664447a7b2a383cb9e0f6b43dcb43ec69194 | Issue Tracking Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-11-13T16:00:00
Updated: 2017-11-13T16:57:01
Reserved: 2017-11-13T00:00:00
Link: CVE-2017-16802
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-11-13T16:29:00.263
Modified: 2017-11-29T14:45:50.503
Link: CVE-2017-16802
JSON object: View
Redhat Information
No data.
CWE