Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

engitech@oceanthemes.net

+1 -800-456-478-23

DATE

27.03.2023

Affected Vendor

CIRCL – Computer Incident Response Center Luxembourg

Affected Product

MISP – Malware Information Sharing Platform & Open Standards For Threat Information Sharing – https://www.misp-project.org/

Vulnerable version

2.4.169

Fixed version

2.4.170

Recommendations

Update to MISP version 2.4.170 latest patch or higher.

Vulnerability details

The “page” parameter of the “index” action of the “Communities” controller is vulnerable to a DOM-Based Cross-Site Scripting attack. This vulnerability was detected with help of Cake Fuzzer: https://github.com/Zigrin-Security/CakeFuzzer

CVE

CVE-2023-28884

Credits

Ulaş Deniz İlhan

Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.

NEED A CONSULTATION?