CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15216
https://notcve.org/view.php?id=CVE-2017-15216
10 Oct 2017 — MISP before 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.js. MISP en versiones anteriores a 2.4.81 tiene XSS reflejado potencial en una acción quickDelete que se usa para borrar un sighting, relacionado con app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp y app/webroot/js/misp.js. • https://github.com/MISP/MISP/commit/ca6f4a783a6ba65532dc8767446bda44773ec627 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14337
https://notcve.org/view.php?id=CVE-2017-14337
12 Sep 2017 — When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user. Cuando MISP en versiones anteriores a la 2.4.80 se configura con la autenticación del certificado X.509 (CertAuth) conjuntamente con una API ReST de gestión de usuarios externos no pertenecie... • https://github.com/MISP/MISP/commit/be111a470204a974c50682054c9c7d4b94396ed9 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13671 – MISP 2.4.79 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-13671
24 Aug 2017 — app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation. app/View/Helper/CommandHelper.php en MISP en versiones anteriores a la 2.4.79 tiene XSS persistente mediante comentarios. Sólo afecta a los usuarios de la misma instancia, debido a que el campo comment no forma parte de la sincronización MISP. MISP (Malware Information Sharing Platform and Threat Sharing) ve... • http://www.securityfocus.com/bid/100533 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7215
https://notcve.org/view.php?id=CVE-2017-7215
21 Mar 2017 — Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP before 2.4.69 allows remote attackers to inject arbitrary web script or HTML. Cross site scripting en algunos elementos de vista en la herramienta de filtro de índice en app/webroot/js/misp2.4.68.js y la página de destino de la organización en app/View/Organisations/ajax/landingpage.ctp de MISP en versiones anteriores a 2... • http://www.fortiguard.com/advisory/FG-VD-17-021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •