Vulnerability CVE-2023-37307
Published: 2023-06-30

Description:
In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.

See advisories in our WLB2 database:
Topic
Author
Date
Low
MISP 2.4.171 Cross Site Scripting
Mucahit Ceri
06.02.2024

Type:

CWE-79

 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://github.com/MISP/MISP/commit/286c84fab0047726a6a396ceefaae1bb666fc485
https://github.com/MISP/MISP/compare/v2.4.171...v2.4.172
Copyright 2024, cxsecurity.com

 

Back to Top