Stored Cross-Site Scripting Vulnerability in MISP BSimVis by MISP
CVE-2026-53693
6.9MEDIUM
What is CVE-2026-53693?
A vulnerability was identified in the MISP BSimVis tag rendering code, which allows for stored cross-site scripting. By improperly rendering tag names, collection names, entity identifiers, cluster names, and tag metadata within HTML and JavaScript contexts, an attacker can inject malicious payloads. This exploitation could lead to the execution of arbitrary JavaScript within a victim's browser session when they view affected BSimVis pages. Users may unknowingly perform actions as the attacker or reveal sensitive data. The recent patch implements context-aware escaping for various rendering paths to mitigate this threat.
Affected Version(s)
bsimvis 0
References
CVSS V4
Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Thomas Caillet
Alexandre Dulaunoy
Codex GPT-5.5
