Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
MISP 2.4.171 Stored Cross-Site Scripting Vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
MISP
by:
Mücahit Çeri
4.1
CVSS
MEDIUM
Stored Cross-Site Scripting
79
CWE
Product Name: MISP
Affected Version From: 2.4.0171
Affected Version To: 2.4.0171
Patch Exists: YES
Related CWE: CVE-2023-37307
CPE: a:misp_project:misp:2.4.171
Metasploit:
Other Scripts:
Platforms Tested: Ubuntu 20.04
2023

MISP 2.4.171 Stored Cross-Site Scripting Vulnerability

The MISP version 2.4.171 is prone to a stored cross-site scripting vulnerability. An authenticated attacker can inject malicious scripts into the 'Name' parameter when adding a cluster under the 'Galaxies' section, leading to the execution of arbitrary scripts in the context of the victim's browser. This vulnerability has been assigned CVE-2023-37307.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user-supplied input to remove or encode potentially malicious characters. Additionally, input validation and output encoding should be implemented to prevent script injection.
Source

Exploit-DB raw data:

# Exploit Title: MISP 2.4.171 Stored XSS [CVE-2023-37307] (Authenticated)
# Date: 8th October 2023
# Exploit Author: Mücahit Çeri
# Vendor Homepage: https://www.circl.lu/
# Software Link: https://github.com/MISP/MISP
# Version: 2.4.171
# Tested on: Ubuntu 20.04
# CVE : CVE-2023-37307

# Exploit:
Logged in as low privileged account

1)Click on the "Galaxies" button in the top menu
2)Click "Add Cluster" in the left menu.
3)Enter the payload "</title><script>alert(1)</script>" in the Name parameter.
4)Other fields are filled randomly. Click on Submit button.
5)When the relevant cluster is displayed, we see that alert(1) is running

Navigation

Suggest Exploit

Services By CQR