We are reliable, trustworthy, and ready for challenges! Hire Us
Cerebrate – Reflected XSS in form descriptions
- Home
- Advisories
- Cerebrate – Reflected XSS in form descriptions
DATE
18.02.2022
Affected Vendor
CIRCL – Computer Incident Response Center Luxembourg
Affected Product
Cerebrate – Open-source platform meant to act as a trusted contact information provider and interconnection orchestrator for other security tools (such as MISP)
Vulnerable version
1.4
Fixed version
1.5
CVSS
6.1 Medium CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Recommendations
Update to Cerebrate version 1.5
Vulnerability details
An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description.
CVE
CVE-2022-25317
Credits
Dawid Czarnecki
Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.