A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. Due to a lack of controller validation in "path" parameter, an attacker can execute malicious JavaScript code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
misp misp 2.4.128 |