Cross-Site Scripting in MISP by Affected Admin Privileges
CVE-2024-58128

4.8MEDIUM

Key Information:

Vendor: Misp
Status: Misp
Vendor: CVE Published:; 28 March 2025

What is CVE-2024-58128?

In MISP versions before 2.4.193, a vulnerability exists where parameters in the menu_custom_right_link can be manipulated via the user interface. This design flaw allows attackers with administrative privileges to perform cross-site scripting (XSS) attacks by crafting malicious global menu links. The risk lies in the ability to execute arbitrary scripts in the context of users who access the affected links, potentially leading to data theft and unauthorized actions.

Affected Version(s)

MISP 0 < 2.4.193

References

https://github.com/MISP/MISP/commit/33a1eb66408e16a7535b2...

https://github.com/MISP/MISP/releases/tag/v2.4.193

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2025

CVE-2024-58128 Data

JSON

Misp

What is CVE-2024-58128?

Affected Version(s)

References

CVSS V3.1

Timeline