Persistent XSS vulnerability in MISP before 2.4.79 via comments

Persistent XSS vulnerability in MISP before 2.4.79 via comments

CVE-2017-13671 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation.

Learn more about our User Device Pen Test.