From 71eb2e13bb16f41fa0ab276c7b7bd5e10ee4062a Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Thu, 4 Jun 2020 17:41:40 +0200
Subject: [PATCH] chg: [blog] CVE reference added

---
 _posts/2020-06-04-MISP.2.4.126.released.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_posts/2020-06-04-MISP.2.4.126.released.md b/_posts/2020-06-04-MISP.2.4.126.released.md
index 2d31bdd..d4dc4ee 100644
--- a/_posts/2020-06-04-MISP.2.4.126.released.md
+++ b/_posts/2020-06-04-MISP.2.4.126.released.md
@@ -10,7 +10,7 @@ A new version of MISP ([2.4.126](https://github.com/MISP/MISP/tree/v2.4.126)) ha
 
 # Security fix - fixed XSS
 
-Fixed a persistent XSS that could be triggered by correlating an attribute via the freetext import tool with an attribute that contains a javascript payload in the comment field. By hovering over the correlation, the analyst encoding the information would have the exploit triggered.
+[Fixed a persistent XSS](https://cve.circl.lu/cve/CVE-2020-13153) (CVE-2020-13153) that could be triggered by correlating an attribute via the freetext import tool with an attribute that contains a javascript payload in the comment field. By hovering over the correlation, the analyst encoding the information would have the exploit triggered.
 
 Thanks to @JakubOnderka for reporting it!