Stored XSS Vulnerability in MISP Cluster Export
CVE-2024-54674

6.1MEDIUM

Key Information:

Vendor: MISP
Vendor: CVE Published:; 4 December 2024

What is CVE-2024-54674?

app/View/GalaxyClusters/cluster_export_misp_galaxy.ctp in MISP through 2.5.2 has stored XSS when exporting custom clusters into the misp-galaxy format.

References

https://github.com/MISP/MISP/commit/d0330989e235a8a9f43c9...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2024

CVE-2024-54674 Data

JSON