CVE-2021-37742
MEDIUMMISP 2.4.147 - Stored Cross-Site Scripting in Galaxy Cluster Relationship Viewer
Title source: llmDescription
app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships.
References (2)
Core 2
Core References
Patch, Third Party Advisory
https://github.com/MISP/MISP/commit/af50add82433eb2a740c3621b99d9d14d2b1e192
Scores
CVSS v3
5.4
EPSS
0.0059
EPSS Percentile
43.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
misp/misp
2.4.147
Published
Jul 30, 2021
Tracked Since
Feb 18, 2026