In MISP before 2.4.193, menu_custom_right_link parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks via a global menu link.
History

Tue, 08 Jul 2025 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Misp
Misp misp
CPEs cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*
Vendors & Products Misp
Misp misp

Mon, 31 Mar 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 28 Mar 2025 22:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N'}


Fri, 28 Mar 2025 22:15:00 +0000

Type Values Removed Values Added
Description In MISP before 2.4.193, menu_custom_right_link parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks via a global menu link.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-03-28T00:00:00.000Z

Updated: 2025-03-31T16:44:25.819Z

Reserved: 2025-03-28T00:00:00.000Z

Link: CVE-2024-58128

cve-icon Vulnrichment

Updated: 2025-03-31T16:44:22.188Z

cve-icon NVD

Status : Analyzed

Published: 2025-03-28T22:15:17.197

Modified: 2025-07-08T17:31:44.517

Link: CVE-2024-58128

cve-icon Redhat

No data.