# Exploit Title: MISP 2.4.171 Stored XSS [CVE-2023-37307] (Authenticated) # Date: 8th October 2023 # Exploit Author: Mücahit Çeri # Vendor Homepage: https://www.circl.lu/ # Software Link: https://github.com/MISP/MISP # Version: 2.4.171 # Tested on: Ubuntu 20.04 # CVE : CVE-2023-37307 # Exploit: Logged in as low privileged account 1)Click on the "Galaxies" button in the top menu 2)Click "Add Cluster" in the left menu. 3)Enter the payload "</title><script>alert(1)</script>" in the Name parameter. 4)Other fields are filled randomly. Click on Submit button. 5)When the relevant cluster is displayed, we see that alert(1) is running
Credits and Partners
All rights reserved nPulse.net 2009 - 2024
Powered by: MVCP2 / BVCP / ASPF-MILTER / PHP 8.3 / NGINX / FreeBSD
