We are reliable, trustworthy, and ready for challenges! Hire Us
MISP – XSS in add action of the AuthKeys controller
- Home
- Advisories
- MISP – XSS in add action of the AuthKeys controller
DATE
23.01.2023
Affected Vendor
CIRCL – Computer Incident Response Center Luxembourg
Affected Product
MISP – Malware Information Sharing Platform & Open Standards For Threat Information Sharing – https://www.misp-project.org/
Vulnerable version
2.4.166
Fixed version
2.4.168
CVSS
Recommendations
Update to MISP version 2.4.168
Vulnerability details
The “Referer” HTTP request header in the “add” action of the “AuthKeys” controller is vulnerable to Reflected Cross-Site Scripting attack. This vulnerability was detected with help of Cake Fuzzer: https://github.com/Zigrin-Security/CakeFuzzer
CVE
CVE-2023-24070
Credits
Dawid Czarnecki
Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.