CVE-2026-8080— MISP core - Stored XSS in MISP template (old engine) element attribute type

MISP core - Stored XSS in MISP template (old engine) element attribute type

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted arbitrary values for the TemplateElementAttribute type and category fields without validating them against the known MISP attribute type and category definitions. An attacker with permission to create or modify template element attributes could store a crafted type value. This affects the old templating (not more accessible in 2.5.37) engine from MISP which will be removed in 2.5.38

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

MISP 跨站脚本漏洞

MISP是MISP开源的一套开源的软件解决方案。该产品用于收集、存储、分发、共享网络安全指标，并具有威胁网络安全事件分析和恶意软件分析等功能。 MISP 2.5.37之前版本存在跨站脚本漏洞，该漏洞源于模板元素属性处理逻辑中Web页面生成时输入中和不当，可能导致存储型跨站脚本攻击。

N/A

N/A