CVE-2020-24085: XSS
First published: Tue Jan 26 2021(Updated: )
A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. Due to a lack of controller validation in "path" parameter, an attacker can execute malicious JavaScript code.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Misp Misp | =2.4.128 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-24085?
CVE-2020-24085 is a cross-site scripting (XSS) vulnerability that exists in MISP v2.4.128.
How severe is CVE-2020-24085?
CVE-2020-24085 has a severity level of medium with a CVSS score of 6.1.
How does CVE-2020-24085 work?
CVE-2020-24085 allows an attacker to execute malicious JavaScript code by exploiting a lack of controller validation in the "path" parameter in MISP v2.4.128.
What software versions are affected by CVE-2020-24085?
CVE-2020-24085 affects MISP v2.4.128.
How can CVE-2020-24085 be fixed?
To fix CVE-2020-24085, it is recommended to update to a patched version of MISP, such as the version mentioned in the reference link.
- collector/nvd-index
- vendor/misp
- canonical/misp misp
- version/misp misp/2.4.128