Cross-Site Scripting Vulnerability in MISP by MISP Project
CVE-2023-28606

6.1MEDIUM

Key Information:

Vendor: Misp-project
Status: Malware Information Sharing Platform
Vendor: CVE Published:; 18 March 2023

🔔 Create Misp-project Vulnerability Alert

What is CVE-2023-28606?

A cross-site scripting (XSS) vulnerability exists in MISP versions prior to 2.4.169. This vulnerability allows an attacker to inject malicious scripts into event-graph node tooltips, potentially compromising user interactions and data integrity. Users of affected versions are advised to update to version 2.4.169 or later to mitigate possible security breaches stemming from this flaw.

References

https://github.com/MISP/MISP/commit/30255b8d683df4ec54f85...

https://github.com/MISP/MISP/compare/v2.4.168...v2.4.169

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 18, 2023
Vulnerability Reserved
Mar 18, 2023

CVE-2023-28606 Data

JSON