CVE-2020-24085

Name of the Vulnerable Software and Affected Versions: MISP version 2.4.128

Description: A cross-site scripting (XSS) issue exists due to a lack of validation in the path parameter, allowing an attacker to execute malicious JavaScript code. This occurs in the SetHomePage() function within the UserSettingsController.php file.

Recommendations: For MISP version 2.4.128, consider validating the path parameter to prevent malicious input, and restrict the execution of JavaScript code in the SetHomePage() function until a proper fix is applied. As a temporary workaround, restrict access to the UserSettingsController.php file to minimize the risk of exploitation.