PT-2019-12501 · Misp · Misp
João Lucas Melo Brasio
·
Published
2019-05-08
·
Updated
2019-05-08
·
CVE-2019-11812
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
MISP versions prior to 2.4.107
Description
A persistent XSS issue was discovered in the discussion interface of MISP, where JavaScript can be included and triggered by clicking on a link.
Recommendations
For versions prior to 2.4.107, update to version 2.4.107 or later to resolve the issue. As a temporary workaround, consider restricting access to the discussion interface until the update is applied.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Misp