CVE-2020-13153 in MISP
Summary
by MITRE
app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 06/23/2026
The vulnerability identified as CVE-2020-13153 affects the MISP (Malware Information Sharing Platform) software version prior to 2.4.126, specifically within the resolved attributes view functionality. This issue manifests as a cross-site scripting vulnerability that allows attackers to inject malicious scripts into the application's user interface. The affected file path app/View/Events/resolved_attributes.ctp indicates that the vulnerability exists in the view layer responsible for displaying resolved event attributes, making it accessible to users who interact with the MISP platform's event resolution features.
The technical flaw stems from insufficient input validation and output encoding within the resolved attributes view component. When MISP processes and displays event attributes that have been resolved through various correlation mechanisms, the application fails to properly sanitize user-supplied data before rendering it in the web interface. This inadequate sanitization allows malicious actors to inject JavaScript code or other malicious payloads that execute in the context of other users' browsers who view the affected content. The vulnerability operates under CWE-79 which categorizes cross-site scripting flaws as weaknesses in input validation and output encoding, specifically targeting the improper handling of untrusted data in web applications.
The operational impact of this vulnerability is significant as it can be exploited by attackers to perform various malicious activities within the MISP environment. An attacker who can influence the content of resolved attributes could execute scripts that steal session cookies, redirect users to malicious sites, or manipulate the MISP interface to hide or alter critical threat intelligence data. Since MISP is designed for sharing threat intelligence among security professionals, this vulnerability could enable adversaries to compromise the integrity of shared intelligence, potentially affecting multiple organizations that rely on the platform for collaborative threat hunting and incident response activities.
The exploitation of this vulnerability aligns with ATT&CK technique T1566 which covers social engineering tactics including spearphishing with malicious attachments and links. Attackers could craft malicious event attributes that, when resolved and displayed, would trigger XSS payloads in the browsers of other MISP users. This vulnerability particularly affects the MISP community since it undermines the trust model of the platform where users expect to view resolved threat intelligence without risk of script injection. Organizations using MISP for threat intelligence sharing could face serious consequences including unauthorized access to sensitive threat data, data corruption, and potential lateral movement within their security infrastructure through session hijacking or credential theft.
Mitigation strategies for CVE-2020-13153 include immediate deployment of the patched MISP version 2.4.126 which addresses the XSS vulnerability through proper input sanitization and output encoding mechanisms. Organizations should also implement additional defensive measures such as web application firewalls that can detect and block XSS patterns, regular security scanning of the MISP application, and strict access controls limiting who can submit or modify event attributes. Network segmentation and monitoring for suspicious attribute submissions can help detect potential exploitation attempts. Security teams should also consider implementing Content Security Policy headers to provide additional protection against script execution in the MISP environment, ensuring that only trusted scripts can execute within the application context.