will trigger an alert. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.","url":"https://cyber-sec.space/ja/cve/CVE-2020-37044","inLanguage":"ja","datePublished":"2026-01-30T23:16:10.257+00:00","dateModified":"2026-02-13T17:55:30.91+00:00","author":{"@type":"Organization","name":"Cyber-Sec.Space"},"about":{"@type":"Thing","name":"Software Vulnerability","identifier":"CVE-2020-37044"}}

CVE-2020-37044

MEDIUM

5.4

CVSS Severity Score

EPSS Score0.1110%

EPSS Percentile38.28th

Published2026年1月30日

Last Modified2026年2月13日

Vulnerability Description

OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. For example, a request to /graphql?'"--></style></scRipt><scRipt>alert('Raif_Berkay')</scRipt> will trigger an alert. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.

Affected Platforms (CPE)

📦

Citeum

Opencti

= 3.3.1

References & Advisories

🔗 https://github.com/OpenCTI-Platform/opencti

🔗 https://www.exploit-db.com/exploits/48595

🔗 https://www.opencti.io/

🔗 https://www.vulncheck.com/advisories/opencti-cross-site-scripting

Vulnerability Description

Affected Platforms (CPE)

Opencti

References & Advisories

関連する脆弱性情報