We are reliable, trustworthy, and ready for challenges! Hire Us
MISP – XSS in the Cerebrate view
- Home
- Advisories
- MISP – XSS in the Cerebrate view
DATE
20.04.2022
Affected Vendor
CIRCL – Computer Incident Response Center Luxembourg
Affected Product
MISP – Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing – https://www.misp-project.org/
Vulnerable version
2.4.157
Fixed version
2.4.158
CVSS
4.8 Medium CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Recommendations
Update to MISP version 2.4.158.
Vulnerability details
An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it.
CVE
CVE-2022-29532
Credits
Dawid Czarnecki
Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.