Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

engitech@oceanthemes.net

+1 -800-456-478-23

DATE

13.09.2023

Affected Vendor

CIRCL – Computer Incident Response Center Luxembourg

Affected Product

MISP – Malware Information Sharing Platform & Open Standards For Threat Information Sharing – https://www.misp-project.org/

Vulnerable version

2.4.176

Fixed version

2.4.177

Recommendations

Upgrade to the recent MISP version

Vulnerability details

The “selectGalaxy” action of the “Galaxies” controller in MISP is vulnerable to reflected XSS. When the victim opens a malicious URL and clicks on one of the available buttons, the malicious script is triggered.

This vulnerability was detected with the help of Cake Fuzzer: https://zigrin.com/tools/cake-fuzzer/

CVE

CVE-2023-48659

Credits

Dawid Czarnecki

Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.

NEED A CONSULTATION?