Advertisement






MISP 2.4.171 Cross Site Scripting

CVE Category Price Severity
CVE-2023-37307 CWE-79 $500 High
Author Risk Exploitation Type Date
ExploitAlert Team High Remote 2024-02-06
CVSS
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2024020024

Below is a copy:

MISP 2.4.171 Cross Site Scripting
# Exploit Title: MISP 2.4.171 Stored XSS [CVE-2023-37307] (Authenticated)
# Date: 8th October 2023
# Exploit Author: Mcahit eri
# Vendor Homepage: https://www.circl.lu/
# Software Link: https://github.com/MISP/MISP
# Version: 2.4.171
# Tested on: Ubuntu 20.04
# CVE : CVE-2023-37307

# Exploit:
Logged in as low privileged account

1)Click on the "Galaxies" button in the top menu
2)Click "Add Cluster" in the left menu.
3)Enter the payload "</title><script>alert(1)</script>" in the Name parameter.
4)Other fields are filled randomly. Click on Submit button.
5)When the relevant cluster is displayed, we see that alert(1) is running

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.