CVE-2024-22877 — MEDIUM (5.4)

Q: How severe is CVE-2024-22877?

CVE-2024-22877 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-22877?

Check the references section above for vendor advisories and patch information. Affected products include: Strangebee Thehive.

Vulnerability Description

StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality. This feature allows an attacker to insert malicious JavaScript code inside the template or its variables, that will be executed in the context of the TheHive application when the HTML report is opened.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Strangebee	Thehive	>= 5.2.0, <= 5.2.8

Related Weaknesses (CWE)

CWE-79

References

https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEThird Party Advisory
https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEThird Party Advisory

FAQ

What is CVE-2024-22877?

CVE-2024-22877 is a vulnerability with a CVSS score of 5.4 (MEDIUM). StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality. This feature allows an attacker to insert malicious JavaScript code inside the templa...

How severe is CVE-2024-22877?

CVE-2024-22877 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-22877?

Check the references section above for vendor advisories and patch information. Affected products include: Strangebee Thehive.