CVE-2021-25325

on github

Published

January 19, 2021

Severity

CVSS v3:

6.1 MEDIUM

CVSS v2:

4.3 MEDIUM

Description

MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs.

References

https://github.com/MISP/MISP/commit/829c3199ba3afdecb52e0719509f3df4463be5b4

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:misp:misp:2.4.136:::::::*	n/a	n/a	2.4.136

External Links

NVD - CVE-2021-25325