Cross-Site Scripting in MISP by Affected Admin Privileges
CVE-2024-58128

4.8MEDIUM

Key Information:

Vendor: Misp
Status: Misp
Vendor: CVE Published:; 28 March 2025

What is CVE-2024-58128?

In MISP versions before 2.4.193, a vulnerability exists where parameters in the menu_custom_right_link can be manipulated via the user interface. This design flaw allows attackers with administrative privileges to perform cross-site scripting (XSS) attacks by crafting malicious global menu links. The risk lies in the ability to execute arbitrary scripts in the context of users who access the affected links, potentially leading to data theft and unauthorized actions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MISP 0 < 2.4.193

References

https://github.com/MISP/MISP/commit/33a1eb66408e16a7535b2...

https://github.com/MISP/MISP/releases/tag/v2.4.193

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 28, 2025

JSON

Misp