In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.
References
Configurations
History
21 Nov 2024, 08:11
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/176975/MISP-2.4.171-Cross-Site-Scripting.html - | |
References | () https://github.com/MISP/MISP/commit/286c84fab0047726a6a396ceefaae1bb666fc485 - Patch | |
References | () https://github.com/MISP/MISP/compare/v2.4.171...v2.4.172 - Patch, Product | |
References | () https://zigrin.com/advisories/misp-stored-xss/ - Third Party Advisory |
05 Feb 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Jan 2024, 03:07
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
CWE | CWE-79 | |
References | (MISC) https://zigrin.com/advisories/misp-stored-xss/ - Third Party Advisory |
30 Oct 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Jul 2023, 19:00
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
First Time |
Misp-project malware Information Sharing Platform
Misp-project |
|
References | (MISC) https://github.com/MISP/MISP/compare/v2.4.171...v2.4.172 - Patch, Product | |
References | (MISC) https://github.com/MISP/MISP/commit/286c84fab0047726a6a396ceefaae1bb666fc485 - Patch | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:* |
30 Jun 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-30 17:15
Updated : 2024-11-21 08:11
NVD link : CVE-2023-37307
Mitre link : CVE-2023-37307
CVE.ORG link : CVE-2023-37307
JSON object : View
Products Affected
misp-project
- malware_information_sharing_platform
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')