MEDIUMpublic-safe

CVE-2018-11562

NVD: An issue was discovered in MISP 2.4.91. NVD: A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the deleted attributes quick filter. OSV: An issue was discovered in MISP 2.4.91.

CVSS
6.1 Severity
MEDIUM EPSS
0.0081 (52) KEV
-

Source-published summary

Possible impact

Source describes XSS risk. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for XSS risk.

Affected context

vendor/product: misp-project / misp; affected version context: 2.4.91

Remediation / advisory

Remediation reference present; patch status requires confirmation in the linked advisory.

Why it matters

Source describes XSS risk. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for XSS risk.; CVSS 6.1 (MEDIUM); EPSS percentile 52; not listed in KEV; Remediation reference present; patch status requires confirmation in the linked advisory; sources: NVD, OSV.

What to verify

Confirm affected product/version, vendor advisory, patch or mitigation, and exposure.

Exposure hint

exposure unknown

Impact tags

XSS risk

Urgency reasons

affected product presentvendor advisory presentrecent updateremediation reference present

Source-derived note

Summary derived from NVD / OSV description; unsafe procedural detail is not shown.

Redaction metadata

source summary used: True
fallback summary used: False
unsafe procedural detail present: false
raw source displayed: false
public summary redacted: true

Remediation handoff

Public-safe static handoff for human/Codex remediation planning. Scan, patch, external execution, and auto remediation are disabled.

Handoff JSON Handoff Markdown Safe Codex prompt

Safety note

This radar shows source-published defensive context only. Exploit procedures, exploit strings, scanner commands, and auto-remediation are not provided.