MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [blog] CVE reference added

pull/21/head
Alexandre Dulaunoy 2020-06-04 17:41:40 +02:00
parent b3ca6e7350
commit 71eb2e13bb
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
_posts/2020-06-04-MISP.2.4.126.released.md
View File

@ -10,7 +10,7 @@ A new version of MISP ([2.4.126](https://github.com/MISP/MISP/tree/v2.4.126)) ha
# Security fix - fixed XSS # Security fix - fixed XSS
Fixed a persistent XSS that could be triggered by correlating an attribute via the freetext import tool with an attribute that contains a javascript payload in the comment field. By hovering over the correlation, the analyst encoding the information would have the exploit triggered. [Fixed a persistent XSS](https://cve.circl.lu/cve/CVE-2020-13153) (CVE-2020-13153) that could be triggered by correlating an attribute via the freetext import tool with an attribute that contains a javascript payload in the comment field. By hovering over the correlation, the analyst encoding the information would have the exploit triggered.
Thanks to @JakubOnderka for reporting it! Thanks to @JakubOnderka for reporting it!