Primary

Context

MISP Non-JSON Response Sanitization Vulnerability in REST Endpoints

Vulnerability

Patched

A vulnerability exists in MISP versions prior to 2.4.193 within the RestResponseComponent. This issue arises from REST endpoints not properly sanitizing response data when it is not in JSON format. As a result, non-JSON response bodies could potentially be exploited.

Impact

Exploitation of this vulnerability could lead to the injection of unsanitized data into response bodies, creating a risk of cross-site scripting (XSS) attacks.

Remediation

Users can upgrade to MISP version 2.4.193 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.0

exploitability

8.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.0

exploitability

8.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MISP Non-JSON Response Sanitization Vulnerability in REST Endpoints

Vulnerability

Impact

Remediation

Affected Products

MISP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating