{"id":"CVE-2017-15216","details":"MISP before 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.js.","modified":"2026-04-10T03:57:25.240754Z","published":"2017-10-10T18:29:00.243Z","references":[{"type":"ADVISORY","url":"https://github.com/MISP/MISP/commit/ca6f4a783a6ba65532dc8767446bda44773ec627"},{"type":"ADVISORY","url":"https://www.misp.software/Changelog.txt"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/misp/misp","events":[{"introduced":"0"},{"last_affected":"b526a437d7e75d6b439c0423fabe853501ee4e68"},{"fixed":"ca6f4a783a6ba65532dc8767446bda44773ec627"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.4.80"}]}}],"versions":["v0.2","v2.3.0","v2.4.0","v2.4.1","v2.4.10","v2.4.11","v2.4.13","v2.4.14","v2.4.15","v2.4.16","v2.4.17","v2.4.18","v2.4.2","v2.4.20","v2.4.21","v2.4.22","v2.4.23","v2.4.24","v2.4.25","v2.4.26","v2.4.27","v2.4.3","v2.4.34","v2.4.35","v2.4.36","v2.4.37","v2.4.38","v2.4.39","v2.4.4","v2.4.43","v2.4.45","v2.4.46","v2.4.47","v2.4.48","v2.4.5","v2.4.50","v2.4.51","v2.4.52","v2.4.53","v2.4.54","v2.4.56","v2.4.57","v2.4.58","v2.4.59","v2.4.60","v2.4.61","v2.4.62","v2.4.63","v2.4.64","v2.4.65","v2.4.7","v2.4.78","v2.4.80","v2.4.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15216.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}