MISP 2.4.171 Cross Site Scripting

CVE Category Price Severity
CVE-2023-37307 CWE-79 $500 High
Author Risk Exploitation Type Date
ExploitAlert Team High Remote 2024-02-06

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

MISP 2.4.171 Cross Site Scripting
# Exploit Title: MISP 2.4.171 Stored XSS [CVE-2023-37307] (Authenticated)
# Date: 8th October 2023
# Exploit Author: Mcahit eri
# Vendor Homepage:
# Software Link:
# Version: 2.4.171
# Tested on: Ubuntu 20.04
# CVE : CVE-2023-37307

# Exploit:
Logged in as low privileged account

1)Click on the "Galaxies" button in the top menu
2)Click "Add Cluster" in the left menu.
3)Enter the payload "</title><script>alert(1)</script>" in the Name parameter.
4)Other fields are filled randomly. Click on Submit button.
5)When the relevant cluster is displayed, we see that alert(1) is running

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.