CVE-2022-27244: XSS
First published: Fri Mar 18 2022(Updated: )
An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Misp Misp | <2.4.156 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-27244?
CVE-2022-27244 refers to an issue discovered in MISP before version 2.4.156, where a malicious site administrator could store a cross-site scripting (XSS) payload in the custom auth name.
How severe is CVE-2022-27244?
CVE-2022-27244 has a severity value of 4.8, which is categorized as medium.
How does CVE-2022-27244 affect MISP?
CVE-2022-27244 affects MISP versions up to and excluding 2.4.156, where a malicious site administrator could execute an XSS payload stored in the custom auth name when modifying a user.
How can I fix CVE-2022-27244?
To fix CVE-2022-27244, it is recommended to update MISP to version 2.4.156 or later, as this vulnerability has been addressed in that release.
What is the Common Weakness Enumeration (CWE) associated with CVE-2022-27244?
The CWE associated with CVE-2022-27244 is CWE-79, which corresponds to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
- collector/nvd-index
- vendor/misp
- canonical/misp misp