PT-2025-13583 · Misp · Misp

Published

2025-03-28

Updated

2025-03-29

CVE-2024-58128

CVSS v3.1

5.5

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions MISP versions prior to 2.4.193

Description The issue allows attackers with admin privileges to conduct Cross-Site Scripting (XSS) attacks via a global menu link. This is possible because menu custom right link parameters can be set via the UI without using the CLI.

Recommendations For versions prior to 2.4.193, update to version 2.4.193 or later to resolve the issue. As a temporary workaround, consider restricting access to the menu custom right link parameters to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-58128

Affected Products

Misp

PT-2025-13583 · Misp · Misp

CVE-2024-58128

Weakness Enumeration

Related Identifiers

Affected Products

References · 9