CVE-2017-7215

Name of the Vulnerable Software and Affected Versions MISP versions prior to 2.4.69

Description The issue allows remote attackers to inject arbitrary web script or HTML via cross-site scripting in certain view elements. This affects the index filter tool in the file app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp.

Recommendations For versions prior to 2.4.69, update to version 2.4.69 or later to resolve the issue. As a temporary workaround, consider restricting access to the index filter tool and the organisation landing page until the update is applied.