CVE-2019-14286 in MISP
Summary
by MITRE
In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. A malicious MISP event must be crafted in order to trigger the vulnerability.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 06/23/2026
The vulnerability identified as CVE-2019-14286 represents a critical stored cross-site scripting flaw within the MISP (Malware Information Sharing Platform) 2.4.111 software ecosystem. This security weakness resides in the event-graph.js JavaScript file located within the webroot/js directory structure, specifically manifesting when users interact with the event graph visualization feature. The vulnerability operates through a sophisticated attack vector that requires the creation of maliciously crafted MISP events as prerequisites for exploitation, making it particularly insidious as it leverages legitimate platform functionality to deliver malicious payloads.
The technical implementation of this vulnerability stems from inadequate input validation and output encoding within the event graph rendering component. When users toggle between different event graph views, the application processes user-supplied data without sufficient sanitization mechanisms, allowing malicious JavaScript code to be stored within the MISP event database. This stored payload executes whenever other users access the affected event graph view, creating a persistent threat that can compromise multiple users within the same MISP instance. The vulnerability aligns with CWE-79, which specifically addresses cross-site scripting flaws, and demonstrates how improper handling of user-controllable data can lead to unauthorized code execution in web applications.
The operational impact of this vulnerability extends beyond simple data theft or defacement, as it enables attackers to establish persistent footholds within security operations centers that rely on MISP for threat intelligence sharing. When malicious actors craft specially constructed events containing malicious JavaScript payloads, they can execute arbitrary code on victim machines, potentially leading to full system compromise, data exfiltration, or the establishment of command and control channels. This threat model particularly concerns organizations using MISP for collaborative threat intelligence sharing, as compromised instances can serve as attack vectors for lateral movement across connected systems. The vulnerability's exploitation requires minimal user interaction beyond viewing the affected event graph, making it particularly dangerous in environments where multiple security analysts regularly access shared threat intelligence databases.
Mitigation strategies for CVE-2019-14286 should prioritize immediate patch application to MISP version 2.4.112 or later, which contains the necessary fixes for the stored XSS vulnerability. Organizations should implement additional defensive measures including strict input validation for all user-supplied data within MISP events, enhanced output encoding in JavaScript rendering components, and regular security scanning of MISP instances for similar vulnerabilities. Network segmentation and access controls should be reinforced to limit exposure, while security teams should monitor for suspicious event creation patterns that might indicate malicious activity. The vulnerability also highlights the importance of following ATT&CK framework principles for defensive security, particularly in the context of web application security where stored XSS represents a common attack pathway for initial compromise and persistent access. Regular security awareness training for MISP users should emphasize the risks of viewing untrusted events and the importance of maintaining updated software versions to protect against known vulnerabilities.