MISP - Stored XSS | Web Application Security Testing

DATE

03.06.2023

Affected Vendor

CIRCL – Computer Incident Response Center Luxembourg

Affected Product

MISP – Malware Information Sharing Platform & Open Standards For Threat Information Sharing – https://www.misp-project.org/

Vulnerable version

2.4.171

Fixed version

2.4.172

CVSS

7.6 High CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Recommendations

Update to MISP version 2.4.172

Vulnerability details

In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.

CVE

CVE-2023-37307

Credits

Ulaş Deniz İlhan

References

https://github.com/MISP/MISP/commit/286c84fab0047726a6a396ceefaae1bb666fc485
https://github.com/MISP/MISP/compare/v2.4.171…v2.4.172

Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.

Have Any Questions?

MISP – Stored XSS

NEED A CONSULTATION?

contact@zigrin.com

GPG Key

Get a free consultation