CVE-2022-29532

MEDIUM

Misp < 2.4.158 - XSS

Title source: rule

Description

An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it.

References (4)

Core 4

Core References

Patch, Third Party Advisory

https://github.com/MISP/MISP/commit/60c85b80e3ab05c3ef015bca5630e95eddbb1436

View Patch ZIP pw:eip

Release Notes, Third Party Advisory

https://github.com/MISP/MISP/compare/v2.4.157...v2.4.158

Third Party Advisory

https://zigrin.com/advisories/misp-xss-in-the-cerebrate-view/

Exploit, Third Party Advisory

https://zigrin.com/cakephp-application-cybersecurity-research-protect-your-website-from-stored-xss-attacks-understanding-and-preventing-vulnerabilities-in-open-source-applications/

Scores

CVSS v3 4.8

EPSS 0.0030

EPSS Percentile 53.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

misp/misp < 2.4.158

Published Apr 20, 2022

Tracked Since Feb 18, 2026