Fortinet Discovers MISP Cross-Site Scripting and Information Disclosure Vulnerabilities
Fortinet's FortiGuard Labs has discovered cross-site scripting and information disclosure vulnerabilities in MISP - Malware Information Sharing Platform.
The MISP threat sharing platform is a free and open source software helping information sharing of threat and cyber security indicators.
Two cross-site scripting vulnerabilities have been discovered in MISP 2.4.68 and earlier versions. The vulnerability is caused by an error because MISP doesn't correctly process user input. On top of these XSS vulnerabilities, the MISP version was leaking to non authenticated users.
Users should apply the solution provided by MISP.
Fortinet reported the vulnerability to MISP on March 10, 2017.
MISP patched the vulnerability on March 10, 2017.
These vulnerabilities were discovered by Fortinet's FortiGuard Labs.