CVE-2015-5720 - Vulnerability in MISP (Malware Information Sharing Platform) - XSS in template creation

CVE-2015-5720 - Vulnerability in MISP (Malware Information Sharing Platform) - XSS in template creation

  1. Incorrect validation of temporary filenames
  2. Fixes
  3. CVE
  4. Acknowledgement
  5. Classification of this document
  6. Revision

You can report incidents via our official contact including e-mail, phone or use the Anonymous reporting form.

Search


CIRCL is accredited TI CIRCL is a FIRST member CIRCL is an OASIS member

Incorrect validation of temporary filenames

A bug in MISP Malware Information Sharing Platform introduces a potential XSS (Cross-site scripting) in the template creation.

Fixes

MISP versions below 2.3.90 are vulnerable. This vulnerability is fixed in version 2.3.90.

CVE

CVE-2015-5720

Acknowledgement

CIRCL would like to thank the reporter (Davy Stoffel from Conostix) for his security review.

Classification of this document

TLP:WHITE information may be distributed without restriction, subject to copyright controls.

Revision

  • Version 1.0 - TLP:WHITE - First version (20150804)