CVE-2020-24085
CVE-2020-24085 affects MISP v2.4.128 in app/Controller/UserSettingsController.php SetHomePage(); lack of validation in the path parameter enables cross-site scripting (XSS) by injecting JavaScript. Reported as an XSS with CVSSv2 base 4.3 (MEDIUM) and CVSSv3.1 base 6.1 (MEDIUM). Connected sources ...