CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-48328
https://notcve.org/view.php?id=CVE-2022-48328
20 Feb 2023 — app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters. • https://github.com/MISP/MISP/commit/1edbc2569989f844799261a5f90edfa433d7dbcc • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48329
https://notcve.org/view.php?id=CVE-2022-48329
20 Feb 2023 — MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php. • https://github.com/MISP/MISP/commit/a73c1c461bc6f8a048eae92b5e99823afd892d1e • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24028
https://notcve.org/view.php?id=CVE-2023-24028
20 Jan 2023 — In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function. En MISP 2.4.167, app/Controller/Component/ACLComponent.php tiene un control de acceso incorrecto para la función de importación en decadencia. • https://github.com/MISP/MISP/commit/93bf15d3bd703a32ebfe86cb6c1c9b735cf23e30 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24026
https://notcve.org/view.php?id=CVE-2023-24026
20 Jan 2023 — In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload. En MISP 2.4.167, app/webroot/js/event-graph.js tiene una vulnerabilidad XSS a través de un payload de vista previa del gráfico de eventos. • https://github.com/MISP/MISP/commit/a46f794a136001101cbec84fccf3cc824e983493 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24027
https://notcve.org/view.php?id=CVE-2023-24027
20 Jan 2023 — In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name. En MISP 2.4.167, app/webroot/js/action_table.js permite XSS a través de un nombre de historial de red. • https://github.com/MISP/MISP/commit/72c5424034c378583d128fc1e769aae33fb1c8b9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29528
https://notcve.org/view.php?id=CVE-2022-29528
20 Apr 2022 — An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur. Se ha detectado un problema en MISP versiones anteriores a 2.4.158. Puede producirse una deserialización de PHAR • https://github.com/MISP/MISP/commit/0108f1bde2117ac5c1e28d124128f60c8bb09a8e • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29529
https://notcve.org/view.php?id=CVE-2022-29529
20 Apr 2022 — An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field. Se ha detectado un problema en MISP versiones anteriores a 2.4.158. Se presenta una vulnerabilidad de tipo XSS almacenado por medio del campo de inicio de sesión de LinOTP • https://github.com/MISP/MISP/commit/9623de2f5cca011afc581d55cfa5ce87682894fd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29530
https://notcve.org/view.php?id=CVE-2022-29530
20 Apr 2022 — An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters. Se ha detectado un problema en MISP versiones anteriores a 2.4.158. Se presenta una vulnerabilidad de tipo XSS almacenado en los clusters de galaxias • https://github.com/MISP/MISP/commit/107e271d78c255d658ce998285fe6f6c4f291b41 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29531
https://notcve.org/view.php?id=CVE-2022-29531
20 Apr 2022 — An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name. Se ha detectado un problema en MISP versiones anteriores a 2.4.158. Se presenta una vulnerabilidad de tipo XSS almacenado en el gráfico de eventos por medio de un nombre de etiqueta • https://github.com/MISP/MISP/commit/bb3b7a7e91862742cae228c43b3091bad476dcc0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29532
https://notcve.org/view.php?id=CVE-2022-29532
20 Apr 2022 — An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it. Se ha detectado un problema en MISP versiones anteriores a 2.4.158. Se presenta una vulnerabilidad de tipo XSS en la visualización cerebrada si un administrador pone un javascript: URL en el campo URL, y otro administrador hace clic en él • https://github.com/MISP/MISP/commit/60c85b80e3ab05c3ef015bca5630e95eddbb1436 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •