GCVE-1-2025-0027
Vulnerability from gna-1 – Published: 2025-11-27 07:17 – Updated: 2025-12-02 08:51
VLAI?
Title
Reflected cross-site scripting (XSS) vulnerability in the server edit functionality of MISP
Summary
A reflected cross-site scripting (XSS) vulnerability was discovered in the server edit functionality of MISP. In serverRuleElements/pull.ctp and serverRuleElements/push.ctp, the id (server ID) value was written directly into an inline JavaScript variable (var serverID = "…"), without HTML escaping. A remote attacker could craft a URL with a malicious id value that, when visited by an authenticated user with access to the server edit interface, would result in arbitrary JavaScript execution in the victim’s browser.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Lassi Kapanen of Second Nature Security
Andras Iklody (the Insomniac MISP lead dev)
Teemu Hakkarainen of Second Nature Security
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.12",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lassi Kapanen of Second Nature Security"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
},
{
"lang": "en",
"type": "finder",
"value": "Teemu Hakkarainen of Second Nature Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A reflected cross-site scripting (XSS) vulnerability was discovered in the \u003cem\u003eserver edit\u003c/em\u003e functionality of MISP. In \u003ccode\u003eserverRuleElements/pull.ctp\u003c/code\u003e and \u003ccode\u003eserverRuleElements/push.ctp\u003c/code\u003e, the \u003ccode\u003eid\u003c/code\u003e (server ID) value was written directly into an inline JavaScript variable (\u003ccode\u003evar serverID = \"\u2026\"\u003c/code\u003e), without HTML escaping. A remote attacker could craft a URL with a malicious \u003ccode\u003eid\u003c/code\u003e value that, when visited by an authenticated user with access to the server edit interface, would result in arbitrary JavaScript execution in the victim\u2019s browser. \u003cbr\u003e"
}
],
"value": "A reflected cross-site scripting (XSS) vulnerability was discovered in the server edit functionality of MISP. In serverRuleElements/pull.ctp and serverRuleElements/push.ctp, the id (server ID) value was written directly into an inline JavaScript variable (var serverID = \"\u2026\"), without HTML escaping. A remote attacker could craft a URL with a malicious id value that, when visited by an authenticated user with access to the server edit interface, would result in arbitrary JavaScript execution in the victim\u2019s browser."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/misp/misp/commit/b24e37a6c78199a4c68bb3b95f53d37962973d86"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Reflected cross-site scripting (XSS) vulnerability in the server edit functionality of MISP",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-11-27T07:17:00.000Z",
"dateUpdated": "2025-12-02T08:51:04.323899Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "gcve-1-2025-0027",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-11-27T07:17:57.069969Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-11-27T07:24:10.363842Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-12-02T08:51:04.323899Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…