CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48655
https://notcve.org/view.php?id=CVE-2023-48655
17 Nov 2023 — An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters. Se descubrió un problema en MISP antes de la versión 2.4.176. app/Controller/Component/IndexFilterComponent.php no filtra correctamente los parámetros de consulta. • https://github.com/MISP/MISP/commit/158c8b2f788b75e0d26e9249a75e1be291e59d4b • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48656
https://notcve.org/view.php?id=CVE-2023-48656
17 Nov 2023 — An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses. Se descubrió un problema en MISP antes de la versión 2.4.176. app/Model/AppModel.php maneja mal las cláusulas de pedido. • https://github.com/MISP/MISP/commit/d6ad402b31547c95280a6d8320f8f87a8f609074 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48657
https://notcve.org/view.php?id=CVE-2023-48657
17 Nov 2023 — An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters. Se descubrió un problema en MISP antes de la versión 2.4.176. app/Model/AppModel.php maneja mal los filtros. • https://github.com/MISP/MISP/commit/08bd23281ead288de678de666ef43ed6de1899fc •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48658
https://notcve.org/view.php?id=CVE-2023-48658
17 Nov 2023 — An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space. Se descubrió un problema en MISP antes de la versión 2.4.176. app/Model/AppModel.php carece de una función checkParam para caracteres alfanuméricos, guiones bajos, guiones, puntos y espacios. • https://github.com/MISP/MISP/commit/168621521b57b2437331174186f84a6aa3e71f0d •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48659
https://notcve.org/view.php?id=CVE-2023-48659
17 Nov 2023 — An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing. Se descubrió un problema en MISP antes de la versión 2.4.176. app/Controller/AppController.php maneja mal el análisis de parámetros. • https://github.com/MISP/MISP/commit/37ecf81b84a01baa4d4b1fade4de94a9018c32ed •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37306
https://notcve.org/view.php?id=CVE-2023-37306
30 Jun 2023 — MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages. • https://github.com/MISP/MISP/commit/f125630c1c2d0f5d11079d3653ab7bb2ab5cd908 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37307 – MISP 2.4.171 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2023-37307
30 Jun 2023 — In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts. MISP version 2.4.171 suffers from a persistent cross site scripting vulnerability. • https://packetstorm.news/files/id/176975 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28884
https://notcve.org/view.php?id=CVE-2023-28884
27 Mar 2023 — In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index. • https://github.com/MISP/MISP/commit/b94c7978e5e6b1db369abeedbbf00bca975b08b7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28606
https://notcve.org/view.php?id=CVE-2023-28606
18 Mar 2023 — js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips. • https://github.com/MISP/MISP/commit/30255b8d683df4ec54f856282b3bde9106d5ae1a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28607
https://notcve.org/view.php?id=CVE-2023-28607
18 Mar 2023 — js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip. • https://github.com/MISP/MISP/commit/78f423451a4c795991e739ee970bc5215c061591 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •