CVE-2022-27244
on github
Published
Severity
CVSS v3:
4.8 MEDIUM
CVSS v2:
3.5 LOW
Description
An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user.
References
Configurations
| CPE23 | Version Start | Version End | Exact Version |
|---|---|---|---|
| cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:* | n/a | 2.4.156 | * |