MISP 2.4.171 – Stored XSS

Exploit Database
78 阅读

作者： Mücahit Çeri

日期： 2024-02-05
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/51780/

# Exploit Title: MISP 2.4.171 Stored XSS [CVE-2023-37307] (Authenticated)
# Date: 8th October 2023
# Exploit Author: Mücahit Çeri
# Vendor Homepage: https://www.circl.lu/
# Software Link: https://github.com/MISP/MISP
# Version: 2.4.171
# Tested on: Ubuntu 20.04
# CVE : CVE-2023-37307

# Exploit:
Logged in as low privileged account

1)Click on the "Galaxies" button in the top menu
2)Click "Add Cluster" in the left menu.
3)Enter the payload "</title><script>alert(1)</script>" in the Name parameter.
4)Other fields are filled randomly. Click on Submit button.
5)When the relevant cluster is displayed, we see that alert(1) is running

last Exploits
MISP 2.4.171 – Stored XSS的更多信息

Dolphin 7.0.4 – Multiple Cross-Site Scripting Vulnerabilities：
Testa Online Test Management System 3.4.7 – ‘q’ SQL Injection：
Pluck CMS 4.7 – HTML Code Injection：
Joomla! Component Zap Calendar Lite 4.3.4 – SQL Injection：
TomatoCart – ‘json.php’ Security Bypass：
FS Care Clone – ‘sitterService’ SQL Injection：
TinyCMS 1.3 – ‘index.php?page’ Traversal Local File Inclusion：
WordPress Theme White-Label Framework 2.0.6 – Cross-Site Scripting：