CVE-2015-5720
6.1 MEDIUMMultiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) befor...
Published: 2016-09-03 · Last updated: 2026-06-23
Severity and scoring
- CVSS
- 6.1 MEDIUM
- Vector
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- CWE
- CWE-79
Affected products
| Vendor | Product |
|---|---|
| misp-project | misp |
Description
Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2015-5720
- [Other]http://www.securityfocus.com/bid/92738
- [Patch]https://github.com/MISP/MISP/commit/812ac878c3645c02e2a599287117418424cbd4cf
- [Other]https://www.circl.lu/advisory/CVE-2015-5720/
- [Other]http://www.securityfocus.com/bid/92738
- [Patch]https://github.com/MISP/MISP/commit/812ac878c3645c02e2a599287117418424cbd4cf
- [Other]https://www.circl.lu/advisory/CVE-2015-5720/
Related CVEs
Same vendor
- CVE-2021-41326 — In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call (9.8 CRITICAL)
- CVE-2021-39302 — MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value (9.8 CRITICAL)
- CVE-2021-37743 — app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format (5.4 MEDIUM)
- CVE-2021-37742 — app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships (5.4 MEDIUM)
- CVE-2021-37534 — app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster (5.4 MEDIUM)
Same CWE
- CVE-2026-12425 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PowerSchool Employee Access ...
- CVE-2024-30476 — PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager (5.4 MEDIUM)
- CVE-2026-54198 — Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions (7.1 HIGH)
- CVE-2026-54191 — Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions (7.1 HIGH)
- CVE-2026-39437 — Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 versions (7.1 HIGH)