Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-58129

In MISP before 2.4.193, menu_custom_right_link_html parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks against every page.

Published

2025-03-28T22:15:17.333

Last Modified

2025-07-08T17:30:50.003

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	misp	misp	< 2.4.193	Yes

References

https://github.com/MISP/MISP/commit/09a43870e733f79ffa33753ddc7bce3cbb5a5647 Patch ([email protected])
https://github.com/MISP/MISP/releases/tag/v2.4.193 Release Notes ([email protected])