Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted arbitrary values for the TemplateElementAttribute type and category fields without validating them against the known MISP attribute type and category definitions. An attacker with permission to create or modify template element attributes could store a crafted type value. This affects the old templating (not more accessible in 2.5.37) engine from MISP which will be removed in 2.5.38

INFO

Published Date :

2026-05-07T12:07:59.273Z

Last Modified :

2026-05-07T14:57:26.231Z

Source :

CIRCL
AFFECTED PRODUCTS

The following products are affected by CVE-2026-8080 vulnerability.

Vendors Products
Misp
  • Misp
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-8080.

URL Resource
https://github.com/MISP/MISP/commit/62824e5ca0056d01b195f70466ea0d382cca06d0 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability