Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

engitech@oceanthemes.net

+1 -800-456-478-23

VULNERABILITY

MISP – Reflected XSS in “uploadFile” action of the Templates controller

DATE

22.12.2022

Affected Vendor

CIRCL – Computer Incident Response Center Luxembourg

Affected Product

MISP – Malware Information Sharing Platform & Open Standards For Threat Information Sharing – https://www.misp-project.org/

Vulnerable version

2.4.166

Fixed version

2.4.167

Recommendations

Update to MISP v2.4.167

Vulnerability details

The MISP is an Open Source Threat Intelligence Platform meant for sharing security-related information between various organizations. MISP is supported financially and in terms of resources by Computer Incident Response Center Luxembourg – CIRCL

The “uploadFile” action of the Templates controller is vulnerable to Reflected Cross-Site Scripting attack.

When the victim opens the malicious URL and clicks on the “Upload File” box the attacker’s JavaScript code is executed.

This vulnerability was detected with help of Cake Fuzzer: https://github.com/Zigrin-Security/CakeFuzzer

CVE

CVE-2022-47928

Credits

Dawid Czarnecki

Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.

NEED A CONSULTATION?