CVE-2017-13671: XSS
First published: Thu Aug 24 2017(Updated: )
app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MISP | <=2.4.78 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-13671?
CVE-2017-13671 is classified as a medium severity vulnerability due to its potential for persistent XSS attacks.
How do I fix CVE-2017-13671?
To fix CVE-2017-13671, upgrade MISP to version 2.4.79 or later.
Who is affected by CVE-2017-13671?
CVE-2017-13671 affects users of MISP versions prior to 2.4.79, specifically those utilizing the comment feature.
What type of vulnerability is CVE-2017-13671?
CVE-2017-13671 is a persistent cross-site scripting (XSS) vulnerability.
Can CVE-2017-13671 be exploited remotely?
CVE-2017-13671 cannot be exploited remotely; it only affects users sharing the same MISP instance.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/misp
- canonical/misp
- version/misp/2.4.78