CVE-2024-22877

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jan 19, 2024

Updated: Jan 25, 2024

CWE ID 79

Summary

CVE-2024-22877 refers to a Cross Site Scripting (XSS) vulnerability affecting TheHive versions 5.2.0 to 5.2.8. This issue is linked to the case reporting functionality, which allows an attacker to inject malicious JavaScript code into templates or variables. Upon opening the HTML report, the code will be executed in TheHive's application context, potentially leading to unintended actions or data theft.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uGxp3q
https://www.cve.org/CVERecord?id=CVE-2024-22877
https://nvd.nist.gov/vuln/detail/CVE-2024-22877

Back to Vulnerability Database

CVE-2024-22877

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations