CVE-2025-67906

Published December 15th, 2025

View on NVD ↗

CVSS v3

5.4

MEDIUM

CVSS v2

N/A

Affected

2

PROJECTS

Description

In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path.

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

GitHub

6.36K

franckferman/CVE-2025-67906

MISP <= 2.5.27 - Stored Cross-Site Scripting via Workflow Engine (doT.js Template Injection).

GitHub

2