Lucene search

[email protected]CVE-2023-37307

HistoryJun 30, 2023 - 5:15 p.m.

CVE-2023-37307

2023-06-3017:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-37307

misp

security

correlations

correlationexclusions

layouts

nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.5%

JSON

In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.

Affected configurations

NVD

Node

misp-projectmalware_information_sharing_platformRange<2.4.172

CPENameOperatorVersion
misp-project:malware_information_sharing_platformmisp-project malware information sharing platformlt2.4.172

CPE	Name	Operator	Version
misp-project:malware_information_sharing_platform	misp-project malware information sharing platform	lt	2.4.172

References

packetstormsecurity.com/files/176975/MISP-2.4.171-Cross-Site-Scripting.html

github.com/MISP/MISP/commit/286c84fab0047726a6a396ceefaae1bb666fc485

github.com/MISP/MISP/compare/v2.4.171...v2.4.172

zigrin.com/advisories/misp-stored-xss/

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.5%

JSON

Related for CVE-2023-37307

zdt1 packetstorm1 exploitdb1 nvd1 prion1 osv1 cvelist1