CVE-2020-10247

2020-03-0919:15:15

Google

osv.dev

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.3%

JSON

MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sighting_field.ctp.

CPENameOperatorVersion
mispeq2.3.78
mispeq2.3.79
mispeq2.4.90
mispeq2.4.55
mispeq2.3.92
mispeq2.3.146
mispeq2.4.72
mispeq2.4.110
mispeq2.4.5
mispeq2.3.19

Name	Operator	Version
misp	eq	2.3.78
misp	eq	2.3.79
misp	eq	2.4.90
misp	eq	2.4.55
misp	eq	2.3.92
misp	eq	2.3.146
misp	eq	2.4.72
misp	eq	2.4.110
misp	eq	2.4.5
misp	eq	2.3.19

Rows per page:

1-10 of 2881

References

github.com/MISP/MISP/commit/e24a9eb44c1306adb02c1508e8f266ac6b95b4ed

github.com/MISP/MISP/releases/tag/v2.4.123