We are reliable, trustworthy, and ready for challenges! Hire Us
MISP – DOM-based XSS
- Home
- Advisories
- MISP – DOM-based XSS
DATE
27.03.2023
Affected Vendor
CIRCL – Computer Incident Response Center Luxembourg
Affected Product
MISP – Malware Information Sharing Platform & Open Standards For Threat Information Sharing – https://www.misp-project.org/
Vulnerable version
2.4.169
Fixed version
2.4.170
CVSS
6.1 Medium CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Recommendations
Update to MISP version 2.4.170 latest patch or higher.
Vulnerability details
The “page” parameter of the “index” action of the “Communities” controller is vulnerable to a DOM-Based Cross-Site Scripting attack. This vulnerability was detected with help of Cake Fuzzer: https://github.com/Zigrin-Security/CakeFuzzer
CVE
CVE-2023-28884
Credits
Ulaş Deniz İlhan
Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.