CVE-2024-22877

Name of the Vulnerable Software and Affected Versions StrangeBee TheHive versions 5.2.0 through 5.2.8

Description The case reporting functionality in StrangeBee TheHive is susceptible to Cross Site Scripting (XSS), allowing an attacker to insert malicious JavaScript code inside the template or its variables. This code will be executed in the context of the TheHive application when the HTML report is opened.

Recommendations For versions 5.2.0 through 5.2.8, consider disabling the case reporting functionality until a patch is available to prevent the execution of malicious JavaScript code. Restrict access to the case reporting feature to minimize the risk of exploitation. Avoid using variables that can be manipulated by an attacker in the HTML report template. At the moment, there is no information about a newer version that contains a fix for this vulnerability.