3 matches found
MISP 2.4.171 - Stored XSS Vulnerability
Exploit Title: MISP 2.4.171 Stored XSS CVE-2023-37307 Authenticated Exploit Author: Mücahit Çeri Vendor Homepage: https://www.circl.lu/ Software Link: https://github.com/MISP/MISP Version: 2.4.171 Tested on: Ubuntu 20.04 CVE : CVE-2023-37307 Exploit: Logged in as low privileged account 1Click on...
MISP 2.4.171 Cross Site Scripting
Exploit Title: MISP 2.4.171 Stored XSS CVE-2023-37307 Authenticated Date: 8th October 2023 Exploit Author: Mücahit Çeri Vendor Homepage: https://www.circl.lu/ Software Link: https://github.com/MISP/MISP Version: 2.4.171 Tested on: Ubuntu 20.04 CVE : CVE-2023-37307 Exploit: Logged in as low...
CVE-2023-37307
CVE-2023-37307 affects MISP before 2.4.172. The issue is improper sanitization of the title_for_layout field in Correlations, CorrelationExclusions, and Layouts, enabling (authenticated) stored cross-site scripting as demonstrated by public advisories and exploits. The NVD/OSV/Red Hat/CNNVD refer...