CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48655
https://notcve.org/view.php?id=CVE-2023-48655
17 Nov 2023 — An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters. Se descubrió un problema en MISP antes de la versión 2.4.176. app/Controller/Component/IndexFilterComponent.php no filtra correctamente los parámetros de consulta. • https://github.com/MISP/MISP/commit/158c8b2f788b75e0d26e9249a75e1be291e59d4b • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48656
https://notcve.org/view.php?id=CVE-2023-48656
17 Nov 2023 — An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses. Se descubrió un problema en MISP antes de la versión 2.4.176. app/Model/AppModel.php maneja mal las cláusulas de pedido. • https://github.com/MISP/MISP/commit/d6ad402b31547c95280a6d8320f8f87a8f609074 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48657
https://notcve.org/view.php?id=CVE-2023-48657
17 Nov 2023 — An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters. Se descubrió un problema en MISP antes de la versión 2.4.176. app/Model/AppModel.php maneja mal los filtros. • https://github.com/MISP/MISP/commit/08bd23281ead288de678de666ef43ed6de1899fc •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48658
https://notcve.org/view.php?id=CVE-2023-48658
17 Nov 2023 — An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space. Se descubrió un problema en MISP antes de la versión 2.4.176. app/Model/AppModel.php carece de una función checkParam para caracteres alfanuméricos, guiones bajos, guiones, puntos y espacios. • https://github.com/MISP/MISP/commit/168621521b57b2437331174186f84a6aa3e71f0d •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48659
https://notcve.org/view.php?id=CVE-2023-48659
17 Nov 2023 — An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing. Se descubrió un problema en MISP antes de la versión 2.4.176. app/Controller/AppController.php maneja mal el análisis de parámetros. • https://github.com/MISP/MISP/commit/37ecf81b84a01baa4d4b1fade4de94a9018c32ed •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37307 – MISP 2.4.171 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2023-37307
30 Jun 2023 — In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts. MISP version 2.4.171 suffers from a persistent cross site scripting vulnerability. • https://packetstorm.news/files/id/176975 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28606
https://notcve.org/view.php?id=CVE-2023-28606
18 Mar 2023 — js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips. • https://github.com/MISP/MISP/commit/30255b8d683df4ec54f856282b3bde9106d5ae1a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28607
https://notcve.org/view.php?id=CVE-2023-28607
18 Mar 2023 — js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip. • https://github.com/MISP/MISP/commit/78f423451a4c795991e739ee970bc5215c061591 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24070
https://notcve.org/view.php?id=CVE-2023-24070
23 Jan 2023 — app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field. app/View/AuthKeys/authkey_display.ctp en MISP hasta 2.4.167 tiene un XSS en authkey agregado a través de un campo Referer. • https://github.com/MISP/MISP/commit/f7238fe5e71ac065daa43c8607d02f8ac682f18f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47928
https://notcve.org/view.php?id=CVE-2022-47928
22 Dec 2022 — In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp. En MISP anterior a 2.4.167, hay XSS en las cargas de archivos de plantilla en app/View/Templates/upload_file.ctp. • https://github.com/MISP/MISP/commit/684d3e51398d4ea032b06fa4a1cd2bdf7d8b0ede • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •