Incorrect validation of temporary filenames
A bug in MISP Malware Information Sharing Platform introduces a potential XSS (Cross-site scripting) in the template creation.
MISP versions below 2.3.90 are vulnerable. This vulnerability is fixed in version 2.3.90.
CIRCL would like to thank the reporter (Davy Stoffel from Conostix) for his security review.
Classification of this document
TLP:WHITE information may be distributed without restriction, subject to copyright controls.
- Version 1.0 - TLP:WHITE - First version (20150804)