CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27246
https://notcve.org/view.php?id=CVE-2022-27246
18 Mar 2022 — An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default. Se ha detectado un problema en MISP versiones anteriores a 2.4.156. Un logotipo SVG org (que puede contener JavaScript) no está prohibido por defecto • https://github.com/MISP/MISP/commit/08a07a38ae81f3b55d81cfcd4501ac1eb1c9c4dc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39302
https://notcve.org/view.php?id=CVE-2021-39302
19 Aug 2021 — MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value. MISP versión 2.4.148, en determinadas configuraciones, permite una inyección SQL por medio del valor $conditions["org"] del componente app/Model/Log.php. • https://github.com/MISP/MISP/commit/20d9020b76d1f6790c4d84e020d0cc97c929f66b • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •