MISP 2.4.171 Cross Site Scripting
2024-2-7 04:31:40 Author: cxsecurity.com(查看原文) 阅读量:17 收藏

# Exploit Title: MISP 2.4.171 Stored XSS [CVE-2023-37307] (Authenticated) # Date: 8th October 2023 # Exploit Author: Mücahit Çeri # Vendor Homepage: https://www.circl.lu/ # Software Link: https://github.com/MISP/MISP # Version: 2.4.171 # Tested on: Ubuntu 20.04 # CVE : CVE-2023-37307 # Exploit: Logged in as low privileged account 1)Click on the "Galaxies" button in the top menu 2)Click "Add Cluster" in the left menu. 3)Enter the payload "</title><script>alert(1)</script>" in the Name parameter. 4)Other fields are filled randomly. Click on Submit button. 5)When the relevant cluster is displayed, we see that alert(1) is running



 

Thanks for you comment!
Your message is in quarantine 48 hours.


文章来源: https://cxsecurity.com/issue/WLB-2024020024
如有侵权请联系:admin#unsafe.sh