By vendor

Citeum vulnerabilities

Known CVEs affecting Citeum products, prioritized by severity, with SEC.co remediation and detection guidance.

1 published vulnerability

  • CVE-2026-35212MEDIUM 6.1

    OpenCTI, an open-source threat intelligence platform, contains a cross-site scripting (XSS) vulnerability in how it renders email message data. An attacker can craft a malicious email observable with unsanitized content in the message body, which executes JavaScript in a victim's browser when they view it. Because threat intelligence is often shared across teams via STIX files or automated ingesters, this could be weaponized to steal session cookies at scale, potentially compromising multiple analysts' accounts. The vulnerability requires user interaction—someone must view the crafted email observable—but the attack surface is broad given how threat intelligence is typically distributed.