Vulnerability Description
In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.
CVSS Score
5.4
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Misp-Project | Malware Information Sharing Platform | < 2.4.172 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/176975/MISP-2.4.171-Cross-Site-Scripting.ht
- https://github.com/MISP/MISP/commit/286c84fab0047726a6a396ceefaae1bb666fc485Patch
- https://github.com/MISP/MISP/compare/v2.4.171...v2.4.172PatchProduct
- https://zigrin.com/advisories/misp-stored-xss/Third Party Advisory
- http://packetstormsecurity.com/files/176975/MISP-2.4.171-Cross-Site-Scripting.ht
- https://github.com/MISP/MISP/commit/286c84fab0047726a6a396ceefaae1bb666fc485Patch
- https://github.com/MISP/MISP/compare/v2.4.171...v2.4.172PatchProduct
- https://zigrin.com/advisories/misp-stored-xss/Third Party Advisory
FAQ
What is CVE-2023-37307?
CVE-2023-37307 is a vulnerability with a CVSS score of 5.4 (MEDIUM). In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.
How severe is CVE-2023-37307?
CVE-2023-37307 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-37307?
Check the references section above for vendor advisories and patch information. Affected products include: Misp-Project Malware Information Sharing Platform.