Vulnerabilities > Strangebee > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-01-19 CVE-2024-22876 Cross-site Scripting vulnerability in Strangebee Thehive
StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL.
network
low complexity
strangebee CWE-79
5.4
5.4
2024-01-19 CVE-2024-22877 Cross-site Scripting vulnerability in Strangebee Thehive 5.2.0/5.2.8
StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality.
network
low complexity
strangebee CWE-79
5.4
5.4