Reflected Cross-Site Scripting Vulnerability in MISP by The MISP Project
CVE-2026-54395
5.3MEDIUM
What is CVE-2026-54395?
MISP has a reflected cross-site scripting vulnerability in the UiBeta event index view. This vulnerability arises from improper handling of the urlparams value, which can be exploited by an attacker to execute arbitrary JavaScript in a victim's browser. Specifically, when a crafted malicious URL is accessed, it can break out of a single-quoted JavaScript string due to improper HTML escaping. This vulnerability can be mitigated by using json_encode() for encoding JavaScript string literals before applying HTML escaping.
Affected Version(s)
misp 0 < 2.5.40
