CVE-2015-5720: XSS
First published: Sat Sep 03 2016(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MISP - Malware Information Sharing Platform | <=2.3.89 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-5720?
CVE-2015-5720 has a medium severity rating due to multiple cross-site scripting vulnerabilities.
How do I fix CVE-2015-5720?
To fix CVE-2015-5720, upgrade to Malware Information Sharing Platform (MISP) version 2.3.90 or later.
What versions of MISP are affected by CVE-2015-5720?
CVE-2015-5720 affects all versions of MISP before 2.3.90.
What type of attacks can CVE-2015-5720 lead to?
CVE-2015-5720 can lead to remote attackers injecting arbitrary web scripts or HTML, resulting in cross-site scripting attacks.
How can I identify if my MISP installation is vulnerable to CVE-2015-5720?
You can identify if your MISP installation is vulnerable by checking if it is running any version before 2.3.90.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- vendor/misp-project
- canonical/misp - malware information sharing platform
- version/misp - malware information sharing platform/2.3.89