CVE-2017-13671
published 2017-08-24CVE-2017-13671: app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment…
PriorityP423medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
0.97%
57.4th percentile
app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| misp-project | misp | <= 2.4.78 | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
MISP up to 2.4.78 Comment Field CommandHelper.php Persistent cross site scripting (BID-100533)
vuldb·2026-06-23·CVSS 6.1
CVE-2017-13671 [MEDIUM] MISP up to 2.4.78 Comment Field CommandHelper.php Persistent cross site scripting (BID-100533)
A vulnerability, which was classified as problematic, was found in MISP up to 2.4.78. The affected element is an unknown function of the file app/View/Helper/CommandHelper.php of the component Comment Field. Such manipulation as part of Comment leads to cross site scripting (Persistent).
This vulnerability is documented as CVE-2017-13671. The attack can be executed remotely. There is not any exploit available.
You should upgrade the affected component.
GHSA
GHSA-68f7-j9wm-g656: app/View/Helper/CommandHelper
ghsa_unreviewed·2022-05-17
CVE-2017-13671 [MEDIUM] CWE-79 GHSA-68f7-j9wm-g656: app/View/Helper/CommandHelper
app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation.
Chrome
Stable Channel Update for Desktop: CVE-2019-13670
vendor_chrome·2019-09-10·CVSS 6.5
CVE-2019-13670 [MEDIUM] Stable Channel Update for Desktop: CVE-2019-13670
Stable Channel Update for Desktop
CVE-2019-13670: V8 memory corruption in regex. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2019-07-03
[$1000][ 696454 ] Medium CVE-2019-13671: Dialog box fails to show origin
Reported by xisigr of Tencent's Xuanwu Lab on 2017-02-27
Severity: medium
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-08-24
Published