Cross-Site Scripting Vulnerability in MISP by MISP Project
CVE-2023-28607
6.1MEDIUM
What is CVE-2023-28607?
MISP versions prior to 2.4.169 are susceptible to a Cross-Site Scripting (XSS) vulnerability in the js/event-graph.js component. This weakness allows attackers to inject malicious scripts via the event-graph relationship tooltip, potentially compromising user interactions and data integrity. It is crucial for users to upgrade to the latest version to mitigate any risks associated with this vulnerability.