app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation.
원문출처 : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13671
원문출처 : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13671
댓글 0
| 번호 | 제목 | 글쓴이 | 날짜 | 조회 수 |
|---|---|---|---|---|
| 362 | CVE-2014-1677 | 관리자 | 2017.04.04 | 11 |
| 361 | CVE-2014-3930 | 관리자 | 2017.04.04 | 10 |
| 360 | CVE-2014-3927 | 관리자 | 2017.04.04 | 10 |
| 359 | CVE-2014-3928 | 관리자 | 2017.04.04 | 11 |
| 358 | CVE-2017-12843 (cyrus_imap, fedora) | 관리자 | 2017.08.27 | 11 |
| 357 | CVE-2017-7557 | 관리자 | 2017.08.27 | 8 |
| 356 | CVE-2015-3617 | 관리자 | 2017.08.27 | 10 |
| 355 | CVE-2015-2857 | 관리자 | 2017.08.27 | 9 |
| 354 | CVE-2014-6189 (security_network_protection_3100_firmware, security_network_protection_4100_firmware, security_network_protection_5100_firmware, security_network_protection_7100_firmware) | 관리자 | 2017.08.27 | 11 |
| 353 | CVE-2017-12786 | 관리자 | 2017.08.27 | 9 |
| 352 | CVE-2017-12787 | 관리자 | 2017.08.27 | 9 |
| 351 | CVE-2017-12785 | 관리자 | 2017.08.27 | 10 |
| 350 | CVE-2016-6311 | 관리자 | 2017.08.27 | 10 |
| 349 | CVE-2015-6473 (wago_i/o_plc_750-849_firmware, wago_i/o_plc_758-870_firmware) | 관리자 | 2017.08.27 | 8 |
| 348 | CVE-2016-4460 | 관리자 | 2017.08.27 | 8 |