CVE-2022-29529
published 2022-04-20CVE-2022-29529: An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field.
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.79%
51.5th percentile
An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| misp-project | misp | < 2.4.158 | 2.4.158 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
MISP up to 2.4.157 LinOTP Login cross site scripting (EUVD-2022-33865)
vuldb·2026-05-23·CVSS 5.4
CVE-2022-29529 [MEDIUM] MISP up to 2.4.157 LinOTP Login cross site scripting (EUVD-2022-33865)
A vulnerability was found in MISP up to 2.4.157. It has been classified as problematic. This impacts an unknown function of the component LinOTP Login. Performing a manipulation results in cross site scripting.
This vulnerability was named CVE-2022-29529. The attack may be initiated remotely. There is no available exploit.
Upgrading the affected component is recommended.
GHSA
GHSA-8238-x248-8577: An issue was discovered in MISP before 2
ghsa_unreviewed·2022-04-22
CVE-2022-29529 [MEDIUM] CWE-79 GHSA-8238-x248-8577: An issue was discovered in MISP before 2
An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/MISP/MISP/commit/9623de2f5cca011afc581d55cfa5ce87682894fdhttps://github.com/MISP/MISP/compare/v2.4.157...v2.4.158https://zigrin.com/advisories/misp-stored-xss-via-the-linotp-login-field/https://zigrin.com/cakephp-application-cybersecurity-research-protect-your-website-from-stored-xss-attacks-understanding-and-preventing-vulnerabilities-in-open-source-applications/https://github.com/MISP/MISP/commit/9623de2f5cca011afc581d55cfa5ce87682894fdhttps://github.com/MISP/MISP/compare/v2.4.157...v2.4.158https://zigrin.com/advisories/misp-stored-xss-via-the-linotp-login-field/https://zigrin.com/cakephp-application-cybersecurity-research-protect-your-website-from-stored-xss-attacks-understanding-and-preventing-vulnerabilities-in-open-source-applications/
2022-04-20
Published