CNNVD-202512-2729 Information
CNNVD ID
CNNVD-202512-2729
Related CVE
- CNNVD Published: 2025-12-15
Description (Chinese)
MISP是MISP开源的一套开源的软件解决方案。该产品用于收集、存储、分发、共享网络安全指标,并具有威胁网络安全事件分析和恶意软件分析等功能。 MISP 2.5.28之前版本存在安全漏洞,该漏洞源于app/View/Elements/Workflows/executionPath.ctp文件处理不当,可能导致跨站脚本攻击。
Description (English)
MISP is an open source software solution for the MISP open source. The product is used for the collection, storage, distribution, sharing of cybersecurity indicators and has functions such as threat security incident analysis and malicious software analysis. The previous version of MISP 2.5.28 had a security loophole, which stemmed from the improper processing of the app/View/Elements/Workflows/executionPath.ctp files, which could lead to a cross-site script attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
MISP
Published
2025-12-15
Last Modified
2026-02-24
References
https://vulnerability.circl.lu/vuln/gcve-1-2025-0031 https://github.com/MISP/MISP/commit/1f39deb572da7ecb5855e30ff3cc8cbcaa0c1054 https://github.com/MISP/MISP/compare/v2.5.27…v2.5.28 https://github.com/franckferman/GCVE-1-2025-0030 https://github.com/franckferman/CVE-2025-67906 https://access.redhat.com/security/cve/cve-2025-67906
Patch
https://www.misp-project.org/download/
Share on: