Incorrect validation of temporary filenames
A bug in MISP Malware Information Sharing Platform introduces a potential XSS (Cross-site scripting) in the template creation.
Fixes
MISP versions below 2.3.90 are vulnerable. This vulnerability is fixed in version 2.3.90.
CVE
CVE-2015-5720
Acknowledgement
CIRCL would like to thank the reporter (Davy Stoffel from Conostix) for his security review.
Classification of this document
TLP:WHITE information may be distributed without restriction, subject to copyright controls.
Revision
- Version 1.0 - TLP:WHITE - First version (20150804)