We are reliable, trustworthy, and ready for challenges! Hire Us
MISP – Reflected Cross-Site Scripting in Galaxies
- Home
- Advisories
- MISP – Reflected Cross-Site Scripting in Galaxies
DATE
13.09.2023
Affected Vendor
CIRCL – Computer Incident Response Center Luxembourg
Affected Product
MISP – Malware Information Sharing Platform & Open Standards For Threat Information Sharing – https://www.misp-project.org/
Vulnerable version
2.4.176
Fixed version
2.4.177
CVSS
5.4 Medium CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Recommendations
Upgrade to the recent MISP version
Vulnerability details
The “selectGalaxy” action of the “Galaxies” controller in MISP is vulnerable to reflected XSS. When the victim opens a malicious URL and clicks on one of the available buttons, the malicious script is triggered.
This vulnerability was detected with the help of Cake Fuzzer: https://zigrin.com/tools/cake-fuzzer/
CVE
CVE-2023-48659
Credits
Dawid Czarnecki
Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.