CNNVD-202601-4986 Information
Jan 30, 2026
cve
CNNVD ID
CNNVD-202601-4986
Related CVE
- CNNVD Published: 2026-01-30
Description (Chinese)
OpenCTI是OpenCTI开源的一个开放网络威胁情报平台。 OpenCTI 3.3.1版本存在跨站脚本漏洞,该漏洞源于graphql端点存在反射型跨站脚本,可能导致在受害者浏览器中执行JavaScript代码。
Description (English)
OpenCTI is an open web threat information platform for OpenCTI open sources. The OpenCTI version 3.3.1 has a cross-site script loophole, which stems from the reflection-type cross-site script at the graphql endpoint, which may result in the implementation of JavaScript code in the victim browser.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
OpenCTI
Published
2026-01-30
Last Modified
2026-02-24
References
https://github.com/OpenCTI-Platform/opencti https://www.exploit-db.com/exploits/48595 https://www.opencti.io/ https://www.vulncheck.com/advisories/opencti-cross-site-scripting
Patch
https://github.com/OpenCTI-Platform/opencti/releases
Share on: