Cross-Site Scripting in MISP Affects Event Graph Feature
CVE-2023-24026

6.1MEDIUM

Key Information:

Vendor: Misp-project
Status: Misp
Vendor: CVE Published:; 20 January 2023

🔔 Create Misp-project Vulnerability Alert

What is CVE-2023-24026?

In MISP version 2.4.167, a Cross-Site Scripting (XSS) vulnerability has been identified in the app/webroot/js/event-graph.js component. This vulnerability allows attackers to inject malicious scripts through an event-graph preview payload, potentially compromising the security of user sessions and exposing sensitive information. It is essential for users of MISP to apply necessary patches or workarounds to mitigate risks associated with this vulnerability.

References

https://github.com/MISP/MISP/commit/a46f794a136001101cbec...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 20, 2023
Vulnerability Reserved
Jan 20, 2023

CVE-2023-24026 Data

JSON