Persistent XSS Vulnerability in MISP before 2.4.107 Allows JavaScript Injection via Discussion Interface

Persistent XSS Vulnerability in MISP before 2.4.107 Allows JavaScript Injection via Discussion Interface

CVE-2019-11812 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. JavaScript can be included in the discussion interface, and can be triggered by clicking on the link.

Learn more about our Web Application Penetration Testing UK.