CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48655
https://notcve.org/view.php?id=CVE-2023-48655
17 Nov 2023 — An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters. Se descubrió un problema en MISP antes de la versión 2.4.176. app/Controller/Component/IndexFilterComponent.php no filtra correctamente los parámetros de consulta. • https://github.com/MISP/MISP/commit/158c8b2f788b75e0d26e9249a75e1be291e59d4b • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48656
https://notcve.org/view.php?id=CVE-2023-48656
17 Nov 2023 — An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses. Se descubrió un problema en MISP antes de la versión 2.4.176. app/Model/AppModel.php maneja mal las cláusulas de pedido. • https://github.com/MISP/MISP/commit/d6ad402b31547c95280a6d8320f8f87a8f609074 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48657
https://notcve.org/view.php?id=CVE-2023-48657
17 Nov 2023 — An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters. Se descubrió un problema en MISP antes de la versión 2.4.176. app/Model/AppModel.php maneja mal los filtros. • https://github.com/MISP/MISP/commit/08bd23281ead288de678de666ef43ed6de1899fc •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48658
https://notcve.org/view.php?id=CVE-2023-48658
17 Nov 2023 — An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space. Se descubrió un problema en MISP antes de la versión 2.4.176. app/Model/AppModel.php carece de una función checkParam para caracteres alfanuméricos, guiones bajos, guiones, puntos y espacios. • https://github.com/MISP/MISP/commit/168621521b57b2437331174186f84a6aa3e71f0d •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48659
https://notcve.org/view.php?id=CVE-2023-48659
17 Nov 2023 — An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing. Se descubrió un problema en MISP antes de la versión 2.4.176. app/Controller/AppController.php maneja mal el análisis de parámetros. • https://github.com/MISP/MISP/commit/37ecf81b84a01baa4d4b1fade4de94a9018c32ed •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37306
https://notcve.org/view.php?id=CVE-2023-37306
30 Jun 2023 — MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages. • https://github.com/MISP/MISP/commit/f125630c1c2d0f5d11079d3653ab7bb2ab5cd908 • CWE-209: Generation of Error Message Containing Sensitive Information •