MISP - Stored XSS when viewing Galaxy Cluster Relationships

DATE

29.09.2021

Affected Vendor

CIRCL – Computer Incident Response Center Luxembourg

Affected Product

MISP – Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing – https://www.misp-project.org/

Vulnerable version

2.4.147

Fixed version

2.4.148

CVSS

5.4 Medium CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Recommendations

Update to MISP version 2.4.148

Vulnerability details

When a user views a galaxy cluster relationships, a store cross-side scripting can be triggered.

CVE

CVE-2021-37742

Credits

Dawid Czarnecki

References

https://www.misp-project.org/2021/08/09/MISP.2.4.148.released.html
https://cvepremium.circl.lu/cve/CVE-2021-37742
https://github.com/MISP/MISP/commit/af50add82433eb2a740c3621b99d9d14d2b1e192
https://nvd.nist.gov/vuln/detail/CVE-2021-37742

Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.

Have Any Questions?

MISP – Stored XSS when viewing Galaxy Cluster Relationships

NEED A CONSULTATION?

contact@zigrin.com

GPG Key

Get a free consultation