CVE-2020-37044

Medium CVSS: 5.1

OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. For example, a request to /graphql?'"--></style></scRipt><scRipt>alert('Raif_Berkay')</scRipt> will trigger an alert. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.

Vendor

Citeum

Product

Opencti

CWE

CWE-79

Yayın Tarihi

2026-01-30 23:16:10

Güncelleme

2026-02-13 17:55:30

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 Opencti MEDIUM Citeum 2026

Referanslar

https://github.com/OpenCTI-Platform/opencti https://www.exploit-db.com/exploits/48595 https://www.opencti.io/ https://www.vulncheck.com/advisories/opencti-cross-site-scripting

Benzer Kayıtlar

Medium

CVE-2026-21886

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.…

High

CVE-2026-21887

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, th…

High

CVE-2020-37041

OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can…

Medium

CVE-2025-61782

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.…

High

CVE-2025-61781

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.…

Medium

CVE-2025-46732

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.…