StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL. The vulnerability can be used to coerce a victim account to perform specific actions on the application as helping an analyst becoming administrator.
References
Link | Resource |
---|---|
https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2023-002.md | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2024-01-19T00:00:00
Updated: 2024-01-19T14:03:30.018634
Reserved: 2024-01-11T00:00:00
Link: CVE-2024-22876
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-19T14:15:13.510
Modified: 2024-01-25T18:19:25.647
Link: CVE-2024-22876
JSON object: View
Redhat Information
No data.
CWE