GCVE-1-2025-0021
Vulnerability from gna-1 – Published: 2025-11-26 15:55 – Updated: 2025-12-02 08:48
VLAI?
Title
XSS in MISP ReST client in HTML view
Summary
In MISP, the “REST client” interface that allows viewing data returned by modules suffered from a cross-site scripting (XSS) vulnerability when presenting “HTML view” of arbitrary JSON data. Prior to commit d718c026d5d69a50e3bbd51847a05ad8f386ec6c, the application did not sufficiently validate or restrict the type of response before offering to render it as HTML, allowing malicious JSON responses to be rendered in HTML context. This could allow an attacker (via a compromised or malicious module) to supply JSON containing content that, when interpreted as HTML, executes as script in the user’s browser.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Lassi Kapanen of Second Nature Security
Andras Iklody (the Insomniac MISP lead dev)
Teemu Hakkarainen of Second Nature Security
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.12",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lassi Kapanen of Second Nature Security"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
},
{
"lang": "en",
"type": "finder",
"value": "Teemu Hakkarainen of Second Nature Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In MISP, the \u201cREST client\u201d interface that allows viewing data returned by modules suffered from a cross-site scripting (XSS) vulnerability when presenting \u201cHTML view\u201d of arbitrary JSON data. Prior to commit \u003ccode\u003ed718c026d5d69a50e3bbd51847a05ad8f386ec6c\u003c/code\u003e, the application did not sufficiently validate or restrict the type of response before offering to render it as HTML, allowing malicious JSON responses to be rendered in HTML context. This could allow an attacker (via a compromised or malicious module) to supply JSON containing content that, when interpreted as HTML, executes as script in the user\u2019s browser."
}
],
"value": "In MISP, the \u201cREST client\u201d interface that allows viewing data returned by modules suffered from a cross-site scripting (XSS) vulnerability when presenting \u201cHTML view\u201d of arbitrary JSON data. Prior to commit d718c026d5d69a50e3bbd51847a05ad8f386ec6c, the application did not sufficiently validate or restrict the type of response before offering to render it as HTML, allowing malicious JSON responses to be rendered in HTML context. This could allow an attacker (via a compromised or malicious module) to supply JSON containing content that, when interpreted as HTML, executes as script in the user\u2019s browser."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/misp/misp/commit/d718c026d5d69a50e3bbd51847a05ad8f386ec6c"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XSS in MISP ReST client in HTML view",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-11-26T15:55:00.000Z",
"dateUpdated": "2025-12-02T08:48:41.869838Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "GCVE-1-2025-0021",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-11-26T15:55:16.468388Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-12-02T08:48:41.869838Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…