CVE-2024-58129

Medium CVSS: 5.5

In MISP before 2.4.193, menu_custom_right_link_html parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks against every page.

Vendor

Misp

Product

Misp

CWE

CWE-79

Yayın Tarihi

2025-03-28 22:15:17

Güncelleme

2025-07-08 17:30:50

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Misp MEDIUM Misp 2025

Referanslar

https://github.com/MISP/MISP/commit/09a43870e733f79ffa33753ddc7bce3cbb5a5647 https://github.com/MISP/MISP/releases/tag/v2.4.193

Benzer Kayıtlar

Medium

CVE-2025-67906

In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path.

Medium

CVE-2024-58128

In MISP before 2.4.193, menu_custom_right_link parameters can be set via the UI (i.e., without using the CLI) and thus a…

High

CVE-2024-58130

In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization…

Medium

CVE-2024-57969

app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.