CVE-2024-58128

Medium CVSS: 5.5

In MISP before 2.4.193, menu_custom_right_link parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks via a global menu link.

Vendor

Misp

Product

Misp

CWE

CWE-79

Yayın Tarihi

2025-03-28 22:15:17

Güncelleme

2025-07-08 17:31:44

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Misp MEDIUM Misp 2025

Referanslar

https://github.com/MISP/MISP/commit/33a1eb66408e16a7535b2bae48303efd9501a26a https://github.com/MISP/MISP/releases/tag/v2.4.193

Benzer Kayıtlar

Medium

CVE-2025-67906

In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path.

Medium

CVE-2024-58129

In MISP before 2.4.193, menu_custom_right_link_html parameters can be set via the UI (i.e., without using the CLI) and t…

High

CVE-2024-58130

In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization…

Medium

CVE-2024-57969

app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.