3 matches found
CVE-2017-16802
In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added...
CVE-2017-16802
In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added...
CVE-2017-16802
The CVE concerns MISP version 2.4.82 where the function shared ingGroupPopulateOrganisations in app/webroot/js/misp.js is vulnerable to cross-site scripting (XSS). A remote attacker can inject arbitrary script via a specially crafted organisation name added to the list, exposing users to client-s...