Cross site scripting vulnerability in the comments
The comment field is not part of the MISP synchronisation and only impacts the users of the same instance.
MISP versions below 2.4.79 are vulnerable. This vulnerability is fixed in version 2.4.79.
CIRCL would like to thank the reporters Jurgen Jans and Cedric Van Bockhaven from Deloitte.
Classification of this document
TLP:WHITE information may be distributed without restriction, subject to copyright controls.
- Version 1.0 - TLP:WHITE - First version (20170825)