CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48655
https://notcve.org/view.php?id=CVE-2023-48655
17 Nov 2023 — An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters. Se descubrió un problema en MISP antes de la versión 2.4.176. app/Controller/Component/IndexFilterComponent.php no filtra correctamente los parámetros de consulta. • https://github.com/MISP/MISP/commit/158c8b2f788b75e0d26e9249a75e1be291e59d4b • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48656
https://notcve.org/view.php?id=CVE-2023-48656
17 Nov 2023 — An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses. Se descubrió un problema en MISP antes de la versión 2.4.176. app/Model/AppModel.php maneja mal las cláusulas de pedido. • https://github.com/MISP/MISP/commit/d6ad402b31547c95280a6d8320f8f87a8f609074 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48657
https://notcve.org/view.php?id=CVE-2023-48657
17 Nov 2023 — An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters. Se descubrió un problema en MISP antes de la versión 2.4.176. app/Model/AppModel.php maneja mal los filtros. • https://github.com/MISP/MISP/commit/08bd23281ead288de678de666ef43ed6de1899fc •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48658
https://notcve.org/view.php?id=CVE-2023-48658
17 Nov 2023 — An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space. Se descubrió un problema en MISP antes de la versión 2.4.176. app/Model/AppModel.php carece de una función checkParam para caracteres alfanuméricos, guiones bajos, guiones, puntos y espacios. • https://github.com/MISP/MISP/commit/168621521b57b2437331174186f84a6aa3e71f0d •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48659
https://notcve.org/view.php?id=CVE-2023-48659
17 Nov 2023 — An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing. Se descubrió un problema en MISP antes de la versión 2.4.176. app/Controller/AppController.php maneja mal el análisis de parámetros. • https://github.com/MISP/MISP/commit/37ecf81b84a01baa4d4b1fade4de94a9018c32ed •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37307 – MISP 2.4.171 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2023-37307
30 Jun 2023 — In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts. MISP version 2.4.171 suffers from a persistent cross site scripting vulnerability. • https://packetstorm.news/files/id/176975 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28884
https://notcve.org/view.php?id=CVE-2023-28884
27 Mar 2023 — In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index. • https://github.com/MISP/MISP/commit/b94c7978e5e6b1db369abeedbbf00bca975b08b7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •