VYPR
will trigger an alert. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.","additionalType":"https://schema.org/SoftwareApplication","sameAs":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-37044"]},"keywords":"CVE-2020-37044, Opencti Platform Opencti, Opencti Platform Opencti","mentions":[{"@type":"SoftwareApplication","name":"Opencti","applicationCategory":"SecurityApplication","publisher":{"@type":"Organization","name":"Opencti Platform"}},{"@type":"SoftwareApplication","name":"Opencti","applicationCategory":"SecurityApplication","publisher":{"@type":"Organization","name":"Opencti Platform"}}],"isAccessibleForFree":true},{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://portal.vyprsec.ai/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://portal.vyprsec.ai/cves"},{"@type":"ListItem","position":3,"name":"CVE-2020-37044","item":"https://portal.vyprsec.ai/cves/CVE-2020-37044"}]}]}
Unrated severityOSV Advisory· Published Jan 30, 2026· Updated Mar 5, 2026

OpenCTI 3.3.1 - Cross Site Scripting

CVE-2020-37044

Description

OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. For example, a request to /graphql?'"--> will trigger an alert. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • 1.0.0, 1.0.1, 1.0.2, …+ 1 more
    • (no CPE)range: 1.0.0, 1.0.1, 1.0.2, …
    • (no CPE)range: = 3.3.1

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.