Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Misp-Project | Malware Information Sharing Platform | <= 2.3.89 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/92738
- https://github.com/MISP/MISP/commit/812ac878c3645c02e2a599287117418424cbd4cfIssue TrackingPatch
- https://www.circl.lu/advisory/CVE-2015-5720/Third Party Advisory
- http://www.securityfocus.com/bid/92738
- https://github.com/MISP/MISP/commit/812ac878c3645c02e2a599287117418424cbd4cfIssue TrackingPatch
- https://www.circl.lu/advisory/CVE-2015-5720/Third Party Advisory
FAQ
What is CVE-2015-5720?
CVE-2015-5720 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script ...
How severe is CVE-2015-5720?
CVE-2015-5720 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5720?
Check the references section above for vendor advisories and patch information. Affected products include: Misp-Project Malware Information Sharing Platform.