StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL. The vulnerability can be used to coerce a victim account to perform specific actions on the application as helping an analyst becoming administrator.
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2024-01-19T00:00:00

Updated: 2024-01-19T14:03:30.018634

Reserved: 2024-01-11T00:00:00


Link: CVE-2024-22876

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2024-01-19T14:15:13.510

Modified: 2024-01-25T18:19:25.647


Link: CVE-2024-22876

JSON object: View

cve-icon Redhat Information

No data.

CWE