CVE-2024-54675
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Dec 4, 2024
Updated: Dec 5, 2024
CWE ID 79
Summary
CVE-2024-54675 is a stored Cross-Site Scripting (XSS) vulnerability affecting the workflows-editor.js file in the app/webroot/js/workflows-editor directory of MISP versions up to 2.5.2. An attacker can inject malicious scripts into the editor interface of an ad-hoc workflow, potentially stealing user data or taking control of their session when they view a specially crafted workflow. This issue poses a serious security risk and requires immediate attention from MISP users and administrators to update their systems to a patched version.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- MISP
Affected Vendors
- MISP Project