What the vulnerability does
01Description
In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path.
CVSS base score
5.4/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Key dates
02Disclosure timeline
December 15, 2025
CVE published
December 21, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2018-0251
CVE-2026-27746 SPIP jeux < 4.1.1 Reflected XSS via index Parameters
CVE-2026-46361 phpMyFAQ - Stored Cross-Site Scripting via raw Filter in search.twig
CVE-2021-38315 SP Project & Document Manager <= 4.25 Reflected Cross-Site Scripting
CVE-2021-47857 Moodle 3.10.3 - 'label' Persistent Cross Site Scripting
