CVE-2022-29532

Name of the Vulnerable Software and Affected Versions MISP versions prior to 2.4.158

Description The issue is related to a Cross-Site Scripting (XSS) vulnerability in the cerebrate view. This occurs when one administrator enters a javascript: URL in the URL field, and another administrator clicks on it, allowing for the execution of malicious JavaScript code.

Recommendations For versions prior to 2.4.158, update to version 2.4.158 or later to resolve the issue. As a temporary workaround, consider restricting access to the cerebrate view or avoiding the use of javascript: URLs in the URL field until the update is applied.