RSS   Vulnerabilities for 'Opencti'   RSS

2022-07-05
 
CVE-2022-30289

CWE-79
 

 
A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will then be executed by a victim when they open the file location.

 
 
CVE-2022-30290

CWE-863
 

 
In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through the interface, legitimately.

 


Copyright 2024, cxsecurity.com

 

Back to Top