CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

NVD•added 2021/01/19 4:15 p.m.•11 views

CVE-2021-25325

MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs...

6.1CVSS6AI score0.00371EPSS

Exploits0References1

Prion•added 2021/01/19 4:15 p.m.•11 views

Design/Logic Flaw

MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs...

4.3CVSS5.9AI score0.00371EPSS

Exploits0References1Affected Software1

CVE•added 2021/01/19 3:29 p.m.•52 views

CVE-2021-25325

CVE-2021-25325 affects MISP 2.4.136. It enables cross-site scripting via galaxy cluster element values sent to app/View/GalaxyElements/ajax/index.ctp, where reference types may include javascript: URLs. The issue arises from unsanitized input in galaxy elements, enabling an attacker to execute sc...

6.1CVSS5.9AI score0.00371EPSS

Exploits0References1Affected Software1