CVE-2024-58129 Information

Description

In MISP before 2.4.193 menu_custom_right_link_html parameters can be set via the UI (i.e. without using the CLI) and thus attackers with admin privileges can conduct XSS attacks against every page.

Reference

https://github.com/MISP/MISP/commit/09a43870e733f79ffa33753ddc7bce3cbb5a5647 https://github.com/MISP/MISP/releases/tag/v2.4.193