MEDIUMpublic-safe

CVE-2017-13671

NVD: app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. NVD: It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation. OSV: app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments.

CVSS
6.1 Severity
MEDIUM EPSS
0.0097 (57) KEV
-

Source-published summary

Possible impact

Source describes XSS risk. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for XSS risk.

Affected context

vendor/product: misp-project / misp

Remediation / advisory

Remediation reference present; patch status requires confirmation in the linked advisory.

Why it matters

Source describes XSS risk. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for XSS risk.; CVSS 6.1 (MEDIUM); EPSS percentile 57; not listed in KEV; Remediation reference present; patch status requires confirmation in the linked advisory; sources: NVD, OSV.

What to verify

Confirm affected product/version, vendor advisory, patch or mitigation, and exposure.

Exposure hint

exposure unknown

Impact tags

XSS risk

Urgency reasons

affected product presentvendor advisory presentrecent updateremediation reference present

Source-derived note

Summary derived from NVD / OSV description; unsafe procedural detail is not shown.

Redaction metadata

source summary used: True
fallback summary used: False
unsafe procedural detail present: false
raw source displayed: false
public summary redacted: true

Remediation handoff

Public-safe static handoff for human/Codex remediation planning. Scan, patch, external execution, and auto remediation are disabled.

Handoff JSON Handoff Markdown Safe Codex prompt

Safety note

This radar shows source-published defensive context only. Exploit procedures, exploit strings, scanner commands, and auto-remediation are not provided.