CVE-2019-11813

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-11813
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11813.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-11813
Published
2019-05-08T13:29:00.440Z
Modified
2026-04-10T04:14:22.453277Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107. There is persistent XSS via link type attributes with javascript:// links.

References

Affected packages

Git / github.com/misp/misp

Affected ranges

Type
GIT
Repo
https://github.com/misp/misp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5c43284099ad582969c29f74c8b937496fb9e450
Fixed
6f6fb678ca07c80cb7d2bdfe5cb0313bb71bd487
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.4.107"
        }
    ]
}

Affected versions

v0.*
v0.2
v2.*
v2.3.0
v2.4.0
v2.4.1
v2.4.10
v2.4.100
v2.4.101
v2.4.102
v2.4.106
v2.4.11
v2.4.13
v2.4.14
v2.4.15
v2.4.16
v2.4.17
v2.4.18
v2.4.2
v2.4.20
v2.4.21
v2.4.22
v2.4.23
v2.4.24
v2.4.25
v2.4.26
v2.4.27
v2.4.3
v2.4.34
v2.4.35
v2.4.36
v2.4.37
v2.4.38
v2.4.39
v2.4.4
v2.4.43
v2.4.45
v2.4.46
v2.4.47
v2.4.48
v2.4.5
v2.4.50
v2.4.51
v2.4.52
v2.4.53
v2.4.54
v2.4.56
v2.4.57
v2.4.58
v2.4.59
v2.4.60
v2.4.61
v2.4.62
v2.4.63
v2.4.64
v2.4.65
v2.4.7
v2.4.78
v2.4.80
v2.4.82
v2.4.83
v2.4.85
v2.4.86
v2.4.87
v2.4.88
v2.4.89
v2.4.9
v2.4.91
v2.4.93
v2.4.94
v2.4.95
v2.4.96
v2.4.98

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11813.json"