3 matches found
CVE-2021-37743
app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format...
CVE-2021-37743
creationtimestamp| type| source ---|---|--- 2021-07-30 18:21:21+00:00| seen| https://t.me/cibsecurity/26610...
CVE-2021-37743
CVE-2021-37743 affects MISP 2.4.147. The vulnerability is a Stored XSS in the view path app/View/GalaxyElements/ajax/index.ctp when rendering galaxy cluster elements in JSON format. The underlying issue is that user-supplied data is reflected in JSON output without proper sanitization, enabling s...