2

[webapps] MISP 2.4.171 - Stored XSS

 7 months ago
source link: https://www.exploit-db.com/exploits/51780
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

MISP 2.4.171 - Stored XSS

EDB-ID:

51780

EDB Verified:

Exploit:

  /  

Platform:

PHP

Date:

2024-02-05

Vulnerable App:

# Exploit Title: MISP 2.4.171 Stored XSS [CVE-2023-37307] (Authenticated)
# Date: 8th October 2023
# Exploit Author: Mücahit Çeri
# Vendor Homepage: https://www.circl.lu/
# Software Link: https://github.com/MISP/MISP
# Version: 2.4.171
# Tested on: Ubuntu 20.04
# CVE : CVE-2023-37307

# Exploit:
Logged in as low privileged account

1)Click on the "Galaxies" button in the top menu
2)Click "Add Cluster" in the left menu.
3)Enter the payload "</title><script>alert(1)</script>" in the Name parameter.
4)Other fields are filled randomly. Click on Submit button.
5)When the relevant cluster is displayed, we see that alert(1) is running

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK