Executive Summary

This vulnerability is a stored Cross-Site Scripting (XSS) issue in the MISP platform before version 2.5.37. It occurs because the application accepts arbitrary values for the TemplateElementAttribute type and category fields without validating them against known attribute type and category definitions. An attacker with permission to create or modify template element attributes can store malicious code in these fields, which can then be executed when the data is viewed, leading to XSS attacks.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow an attacker with limited permissions to inject malicious scripts into the MISP platform's templates. When other users view these templates, the malicious scripts can execute in their browsers, potentially leading to unauthorized actions such as session hijacking, data theft, or performing actions on behalf of the user without their consent.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate the stored Cross-Site Scripting (XSS) vulnerability in MISP, you should upgrade to version 2.5.37 or later, as the old templating engine vulnerable to this issue is removed in version 2.5.38.

The vulnerability was fixed by adding validation in the TemplateElementAttribute model to ensure that the 'type' and 'category' fields are checked against predefined valid definitions, preventing arbitrary values that could lead to XSS.

Additionally, proper encoding was added in the template editing view to prevent XSS attacks through improperly handled attribute types.

• Upgrade your MISP installation to version 2.5.37 or later.
• Apply the security patch that validates TemplateElementAttribute fields as described in the fix.
• Avoid using the old templating engine which is removed in version 2.5.38.

Useful 0 Not Useful 0

Compliance Impact

The provided information does not specify how the stored cross-site scripting (XSS) vulnerability in MISP affects compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability is a stored Cross-Site Scripting (XSS) issue in the MISP platform affecting template element attribute handling. Detection involves identifying if your MISP instance is running a version before 2.5.37 and if it allows creation or modification of template element attributes with arbitrary 'type' or 'category' values.

Since this vulnerability is related to improper input validation in the web application, network-level detection commands are not straightforward. Instead, detection should focus on inspecting the MISP database or application logs for suspicious or unexpected attribute types or categories in template elements.

Suggested approach to detect the vulnerability:

• Check the MISP version: Ensure your MISP instance is version 2.5.37 or later, as the vulnerability affects versions before 2.5.37.
• Query the database for template element attributes with unexpected or arbitrary 'type' or 'category' values that do not match known MISP attribute type and category definitions.
• Review application logs or audit trails for creation or modification of template element attributes by users with permission to do so.

No specific network commands or signatures are provided in the available resources to detect exploitation attempts. Detection is primarily through version checking and database inspection.

Useful 0 Not Useful 0