CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50918
https://notcve.org/view.php?id=CVE-2023-50918
15 Dec 2023 — app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs. app/Controller/AuditLogsController.php en MISP anterior a 2.4.182 maneja mal las ACL para los registros de auditoría. • https://github.com/MISP/MISP/commit/92888b1376246c0f20c256aaa3c57b6f12115fa1 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49926
https://notcve.org/view.php?id=CVE-2023-49926
03 Dec 2023 — app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget. app/Lib/Tools/EventTimelineTool.php en MISP anterior a 2.4.179 permite XSS en el widget de línea de tiempo de eventos. • https://github.com/MISP/MISP/commit/dc73287ee2000476e3a5800ded402825ca10f7e8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48655
https://notcve.org/view.php?id=CVE-2023-48655
17 Nov 2023 — An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters. Se descubrió un problema en MISP antes de la versión 2.4.176. app/Controller/Component/IndexFilterComponent.php no filtra correctamente los parámetros de consulta. • https://github.com/MISP/MISP/commit/158c8b2f788b75e0d26e9249a75e1be291e59d4b • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48656
https://notcve.org/view.php?id=CVE-2023-48656
17 Nov 2023 — An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses. Se descubrió un problema en MISP antes de la versión 2.4.176. app/Model/AppModel.php maneja mal las cláusulas de pedido. • https://github.com/MISP/MISP/commit/d6ad402b31547c95280a6d8320f8f87a8f609074 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48657
https://notcve.org/view.php?id=CVE-2023-48657
17 Nov 2023 — An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters. Se descubrió un problema en MISP antes de la versión 2.4.176. app/Model/AppModel.php maneja mal los filtros. • https://github.com/MISP/MISP/commit/08bd23281ead288de678de666ef43ed6de1899fc •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48658
https://notcve.org/view.php?id=CVE-2023-48658
17 Nov 2023 — An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space. Se descubrió un problema en MISP antes de la versión 2.4.176. app/Model/AppModel.php carece de una función checkParam para caracteres alfanuméricos, guiones bajos, guiones, puntos y espacios. • https://github.com/MISP/MISP/commit/168621521b57b2437331174186f84a6aa3e71f0d •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48659
https://notcve.org/view.php?id=CVE-2023-48659
17 Nov 2023 — An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing. Se descubrió un problema en MISP antes de la versión 2.4.176. app/Controller/AppController.php maneja mal el análisis de parámetros. • https://github.com/MISP/MISP/commit/37ecf81b84a01baa4d4b1fade4de94a9018c32ed •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41098
https://notcve.org/view.php?id=CVE-2023-41098
23 Aug 2023 — An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit. Se ha descubierto un problema en MISP v2.4.174. En el fichero "app/Controller/DashboardsController.php" existe un problema de Cross-Site Scripting (XSS) reflejado a través del parámetro "id" al editar un panel de control. • https://github.com/MISP/MISP/commit/09fb0cba65eab9341e81f1cbebc2ae10be34a2b7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40224
https://notcve.org/view.php?id=CVE-2023-40224
10 Aug 2023 — MISP 2.4.174 allows XSS in app/View/Events/index.ctp. La versión 2.4.174 de MISP permite un XSS en app/View/Events/index.ctp. • https://github.com/MISP/MISP/commit/0274f8b6332e82317c9529b583d03897adf5883e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37306
https://notcve.org/view.php?id=CVE-2023-37306
30 Jun 2023 — MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages. • https://github.com/MISP/MISP/commit/f125630c1c2d0f5d11079d3653ab7bb2ab5cd908 • CWE-209: Generation of Error Message Containing Sensitive Information •