CVE-2019-11814

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-11814
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11814.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-11814
Published
2019-05-08T13:29:00.487Z
Modified
2026-04-10T04:14:22.290743Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot.

References

Affected packages

Git / github.com/misp/misp

Affected ranges

Type
GIT
Repo
https://github.com/misp/misp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5c43284099ad582969c29f74c8b937496fb9e450
Fixed
62f15433e42fb92e45bd57dd6fc0c0bf53deb6fc
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.4.107"
        }
    ]
}

Affected versions

v0.*
v0.2
v2.*
v2.3.0
v2.4.0
v2.4.1
v2.4.10
v2.4.100
v2.4.101
v2.4.102
v2.4.106
v2.4.11
v2.4.13
v2.4.14
v2.4.15
v2.4.16
v2.4.17
v2.4.18
v2.4.2
v2.4.20
v2.4.21
v2.4.22
v2.4.23
v2.4.24
v2.4.25
v2.4.26
v2.4.27
v2.4.3
v2.4.34
v2.4.35
v2.4.36
v2.4.37
v2.4.38
v2.4.39
v2.4.4
v2.4.43
v2.4.45
v2.4.46
v2.4.47
v2.4.48
v2.4.5
v2.4.50
v2.4.51
v2.4.52
v2.4.53
v2.4.54
v2.4.56
v2.4.57
v2.4.58
v2.4.59
v2.4.60
v2.4.61
v2.4.62
v2.4.63
v2.4.64
v2.4.65
v2.4.7
v2.4.78
v2.4.80
v2.4.82
v2.4.83
v2.4.85
v2.4.86
v2.4.87
v2.4.88
v2.4.89
v2.4.9
v2.4.91
v2.4.93
v2.4.94
v2.4.95
v2.4.96
v2.4.98

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11814.json"