CVE-2019-11812
published 2019-05-08CVE-2019-11812: A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. JavaScript can be included in the discussion interface, and…
PriorityP422medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
0.81%
52.3th percentile
A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. JavaScript can be included in the discussion interface, and can be triggered by clicking on the link.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| misp-project | misp | < 2.4.107 | 2.4.107 |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
MIPS up to 2.4 Discussion Interface CommandHelper.php Persistent cross site scripting
vuldb·2026-06-23·CVSS 6.1
CVE-2019-11812 [MEDIUM] MIPS up to 2.4 Discussion Interface CommandHelper.php Persistent cross site scripting
A vulnerability was found in MIPS up to 2.4 and classified as problematic. This affects an unknown part of the file app/View/Helper/CommandHelper.php of the component Discussion Interface. Executing a manipulation can lead to cross site scripting (Persistent).
This vulnerability appears as CVE-2019-11812. The attack may be performed from remote. There is no available exploit.
It is suggested to upgrade the affected component.
GHSA
GHSA-w2pq-gqw8-mv46: A persistent XSS issue was discovered in app/View/Helper/CommandHelper
ghsa_unreviewed·2022-05-24
CVE-2019-11812 [MEDIUM] GHSA-w2pq-gqw8-mv46: A persistent XSS issue was discovered in app/View/Helper/CommandHelper
A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. JavaScript can be included in the discussion interface, and can be triggered by clicking on the link.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-05-08
Published