We are reliable, trustworthy, and ready for challenges! Hire Us
MISP – Reflected XSS
- Home
- Advisories
- MISP – Reflected XSS
VULNERABILITY
MISP – Reflected XSS in “uploadFile” action of the Templates controller
DATE
22.12.2022
Affected Vendor
CIRCL – Computer Incident Response Center Luxembourg
Affected Product
MISP – Malware Information Sharing Platform & Open Standards For Threat Information Sharing – https://www.misp-project.org/
Vulnerable version
2.4.166
Fixed version
2.4.167
CVSS
6.1 Medium CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Recommendations
Update to MISP v2.4.167
Vulnerability details
The MISP is an Open Source Threat Intelligence Platform meant for sharing security-related information between various organizations. MISP is supported financially and in terms of resources by Computer Incident Response Center Luxembourg – CIRCL
The “uploadFile” action of the Templates controller is vulnerable to Reflected Cross-Site Scripting attack.
When the victim opens the malicious URL and clicks on the “Upload File” box the attacker’s JavaScript code is executed.
This vulnerability was detected with help of Cake Fuzzer: https://github.com/Zigrin-Security/CakeFuzzer
CVE
CVE-2022-47928
Credits
Dawid Czarnecki
Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.