CVE-2017-7215
medium
CVSS v3
6.1
CVSS v4 NEW
โ
VIR risk
6.1
Description
Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP before 2.4.69 allows remote attackers to inject arbitrary web script or HTML.
Predictions
Exploit likelihood
71%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| misp_project | misp | {"endIncluding":"2.4.68"} | |
References
- http://www.fortiguard.com/advisory/FG-VD-17-021
- http://www.securityfocus.com/bid/96997
- https://github.com/MISP/MISP/commit/3630a8b1e1cd99862867fe72ffa1ff51e4d9c09f
- https://github.com/MISP/MISP/commit/599b3638384bfe49fa527bcb060f3f608a296996
- https://www.misp.software/2017/03/10/MISP.2.4.69.released.html
- https://www.misp.software/Changelog.txt
- http://www.fortiguard.com/advisory/FG-VD-17-021
- http://www.securityfocus.com/bid/96997
- https://github.com/MISP/MISP/commit/3630a8b1e1cd99862867fe72ffa1ff51e4d9c09f
- https://github.com/MISP/MISP/commit/599b3638384bfe49fa527bcb060f3f608a296996
- https://www.misp.software/2017/03/10/MISP.2.4.69.released.html
- https://www.misp.software/Changelog.txt
CWEs
CWE-79
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.