CVE-2024-58130

Name of the Vulnerable Software and Affected Versions MISP versions prior to 2.4.193

Description The issue is related to a lack of sanitization for non-JSON responses in REST endpoints, specifically in the RestResponseComponent.php file. This could potentially lead to cross-site scripting.

Recommendations For versions prior to 2.4.193, update to version 2.4.193 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST endpoints in the RestResponseComponent.php file until a patch is applied. Avoid using the REST endpoints for non-JSON responses until the issue is resolved.