GCVE-1-2025-0036
Vulnerability from gna-1 – Published: 2025-12-10 13:46 – Updated: 2025-12-10 13:46
VLAI?
Title
A reflected cross-site scripting (XSS) vulnerability was identified in the MISp Servers preview index
Summary
A reflected cross-site scripting (XSS) vulnerability was identified in the Servers preview index view (app/View/Servers/preview_index.ctp). The view passes URL parameters directly into the onClickParams argument of the getPopup handler without proper HTML encoding.
Because $urlparams can be attacker-controlled, a specially crafted URL can inject arbitrary JavaScript into the generated page. When a site administrator follows such a malicious link and clicks the “Modify filters” button, the injected script is executed in their browser in the context of the application.
This issue has been fixed by ensuring that the URL parameters are HTML-escaped before being embedded.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
🕵️♂️ Jeroen Pinoy 🐞
Andras Iklody (the Insomniac MISP lead dev)
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.27",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jeroen Pinoy"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eA reflected cross-site scripting (XSS) vulnerability was identified in the \u003cem\u003eServers preview index\u003c/em\u003e view (\u003ccode\u003eapp/View/Servers/preview_index.ctp\u003c/code\u003e). The view passes URL parameters directly into the \u003ccode\u003eonClickParams\u003c/code\u003e argument of the \u003ccode\u003egetPopup\u003c/code\u003e handler without proper HTML encoding.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eBecause \u003ccode\u003e$urlparams\u003c/code\u003e can be attacker-controlled, a specially crafted URL can inject arbitrary JavaScript into the generated page. When a site administrator follows such a malicious link and clicks the \u003cstrong\u003e\u201cModify filters\u201d\u003c/strong\u003e button, the injected script is executed in their browser in the context of the application.\u003c/p\u003e\n\u003cp\u003eThis issue has been fixed by ensuring that the URL parameters are HTML-escaped before being embedded.\u003c/p\u003e\u003c/div\u003e"
}
],
"value": "A reflected cross-site scripting (XSS) vulnerability was identified in the Servers preview index view (app/View/Servers/preview_index.ctp). The view passes URL parameters directly into the onClickParams argument of the getPopup handler without proper HTML encoding.\n\n\nBecause $urlparams can be attacker-controlled, a specially crafted URL can inject arbitrary JavaScript into the generated page. When a site administrator follows such a malicious link and clicks the \u201cModify filters\u201d button, the injected script is executed in their browser in the context of the application.\n\n\nThis issue has been fixed by ensuring that the URL parameters are HTML-escaped before being embedded."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/185a9fac1a9de112488013ffb3513644d4a02d59"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A reflected cross-site scripting (XSS) vulnerability was identified in the MISp Servers preview index",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-12-10T13:46:07.170083Z",
"dateUpdated": "2025-12-10T13:46:07.170083Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "GCVE-1-2025-0036",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-12-10T13:46:07.170083Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…