Cyber Resilience

CVE-2024-58130

High

Published: 28 March 2025

Published
28 March 2025
Modified
15 July 2025
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
EPSS Score 0.0022 44.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-58130 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Misp Misp. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 44.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-15 (Information Output Filtering) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-58130 is a vulnerability in MISP (Malware Information Sharing Platform) versions prior to 2.4.193, located in the app/Controller/Component/RestResponseComponent.php file. It arises from a lack of sanitization for non-JSON responses in REST endpoints, mapped to CWE-79 (Cross-Site Scripting). The issue carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N), indicating high severity due to its network accessibility, low attack complexity, and lack of prerequisites.

The vulnerability can be exploited by unauthenticated remote attackers with no user interaction required. By sending crafted requests to affected REST endpoints that produce non-JSON responses, attackers can inject malicious content due to insufficient sanitization. This enables cross-site scripting, resulting in limited impacts to confidentiality and integrity across the changed scope, such as potential session hijacking or data manipulation for users interacting with the MISP instance.

Mitigation is addressed in the MISP v2.4.193 release, available at https://github.com/MISP/MISP/releases/tag/v2.4.193, which incorporates the fixing commit at https://github.com/MISP/MISP/commit/f08a2eaec25f0212c22b225c0b654bd60d089ef9. Security practitioners should upgrade to version 2.4.193 or later to remediate the issue.

EU & UK References

Vulnerability details

In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1185 Browser Session Hijacking Collection
Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.
Why these techniques?

XSS in public-facing REST endpoints of MISP enables remote exploitation of the application (T1190) and facilitates browser session hijacking via injected scripts (T1185), as explicitly noted in the description.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-39962Same product: Misp Misp
CVE-2026-1843Shared CWE-79
CVE-2026-42678Shared CWE-79
CVE-2023-49186Shared CWE-79
CVE-2025-22586Shared CWE-79
CVE-2026-1316Shared CWE-79
CVE-2025-23451Shared CWE-79
CVE-2026-34564Shared CWE-79
CVE-2025-23744Shared CWE-79
CVE-2025-23923Shared CWE-79

Affected Assets

misp
misp
≤ 2.4.193

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-15 directly addresses the lack of sanitization in non-JSON REST responses by requiring output filtering to prevent XSS injection of malicious content.

prevent

SI-2 mandates timely flaw remediation, directly mitigating this CVE through application of the vendor patch in MISP v2.4.193.

prevent

SI-10 provides complementary input validation to reject crafted requests containing XSS payloads before they reach the vulnerable response generation.

References