franckferman/CVE-2025-67906

Releases0

Stars2

MISP <= 2.5.27 - Stored Cross-Site Scripting via Workflow Engine (doT.js Template Injection).

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-67906 ↗	Dec 15, 2025Monday, 15 December 2025, 04:15	5.4 MEDIUM	—
In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path.