CVE-2021-37534 — MEDIUM (5.4)

Vulnerability Description

app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Misp	Misp	2.4.146

Related Weaknesses (CWE)

CWE-79

References

https://github.com/MISP/MISP/commit/78edbbca64a1edc4390560cc106d0d418064355dPatchThird Party Advisory
https://github.com/MISP/MISP/commit/78edbbca64a1edc4390560cc106d0d418064355dPatchThird Party Advisory

FAQ

What is CVE-2021-37534?

CVE-2021-37534 is a vulnerability with a CVSS score of 5.4 (MEDIUM). app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster.

How severe is CVE-2021-37534?

CVE-2021-37534 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-37534?

Check the references section above for vendor advisories and patch information. Affected products include: Misp Misp.