CVE-2024-58130

High

Published: 28 March 2025

Published

28 March 2025

Modified

15 July 2025

KEV Added

—

Patch

—

CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

EPSS Score 0.0022 44.0th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-58130 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Misp Misp. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 44.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-15 (Information Output Filtering) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-15 Information Output Filtering good match

prevent

SI-15 directly addresses the lack of sanitization in non-JSON REST responses by requiring output filtering to prevent XSS injection of malicious content.

SI-2 Flaw Remediation good match

prevent

SI-2 mandates timely flaw remediation, directly mitigating this CVE through application of the vendor patch in MISP v2.4.193.

SI-10 Information Input Validation partial match

prevent

SI-10 provides complementary input validation to reject crafted requests containing XSS payloads before they reach the vulnerable response generation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1185 Browser Session Hijacking Collection

Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.

attack.mitre.org →

Why these techniques?

XSS in public-facing REST endpoints of MISP enables remote exploitation of the application (T1190) and facilitates browser session hijacking via injected scripts (T1185), as explicitly noted in the description.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses.

Deeper analysisAI

CVE-2024-58130 is a vulnerability in MISP (Malware Information Sharing Platform) versions prior to 2.4.193, located in the app/Controller/Component/RestResponseComponent.php file. It arises from a lack of sanitization for non-JSON responses in REST endpoints, mapped to CWE-79 (Cross-Site Scripting). The issue carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N), indicating high severity due to its network accessibility, low attack complexity, and lack of prerequisites.

The vulnerability can be exploited by unauthenticated remote attackers with no user interaction required. By sending crafted requests to affected REST endpoints that produce non-JSON responses, attackers can inject malicious content due to insufficient sanitization. This enables cross-site scripting, resulting in limited impacts to confidentiality and integrity across the changed scope, such as potential session hijacking or data manipulation for users interacting with the MISP instance.

Mitigation is addressed in the MISP v2.4.193 release, available at https://github.com/MISP/MISP/releases/tag/v2.4.193, which incorporates the fixing commit at https://github.com/MISP/MISP/commit/f08a2eaec25f0212c22b225c0b654bd60d089ef9. Security practitioners should upgrade to version 2.4.193 or later to remediate the issue.