CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24026
https://notcve.org/view.php?id=CVE-2023-24026
20 Jan 2023 — In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload. En MISP 2.4.167, app/webroot/js/event-graph.js tiene una vulnerabilidad XSS a través de un payload de vista previa del gráfico de eventos. • https://github.com/MISP/MISP/commit/a46f794a136001101cbec84fccf3cc824e983493 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24028
https://notcve.org/view.php?id=CVE-2023-24028
20 Jan 2023 — In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function. En MISP 2.4.167, app/Controller/Component/ACLComponent.php tiene un control de acceso incorrecto para la función de importación en decadencia. • https://github.com/MISP/MISP/commit/93bf15d3bd703a32ebfe86cb6c1c9b735cf23e30 • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11245
https://notcve.org/view.php?id=CVE-2018-11245
18 May 2018 — app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex type attributes. app/webroot/js/misp.js en MISP 2.4.91 tiene Cross-Site Scripting (XSS) basado en DOM con atributos de tipo cortex. • https://github.com/MISP/MISP/commit/5efc07b12f82301a6086fd3433fedd69fe7119d3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8948
https://notcve.org/view.php?id=CVE-2018-8948
23 Mar 2018 — In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has multiple XSS issues via a malicious MISP module. En versiones anteriores a la 2.4.89 de MISP, app/View/Events/resolved_attributes.ctp presenta múltiples problemas de Cross-Site Scripting (XSS) debido a un módulo MISP malicioso. • https://github.com/MISP/MISP/commit/01924cd948dbceb8391be671dab672e9f4a0ffe8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8949
https://notcve.org/view.php?id=CVE-2018-8949
23 Mar 2018 — An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an event (without attribute UUIDs but attribute IDs set) could overwrite an existing attribute. Se ha descubierto un problema en app/Model/Attribute.php, en versiones anteriores a la 2.4.89 de MISP. Existe un error crítico de integridad de API que podría permitir a los usuarios eliminar atributos de otros eventos.... • https://github.com/MISP/MISP/commit/37720c38d6c617439df0a13e9396fcb26345dadd • CWE-749: Exposed Dangerous Method or Function •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16802
https://notcve.org/view.php?id=CVE-2017-16802
13 Nov 2017 — In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added. En la función sharingGroupPopulateOrganisations en app/webroot/js/misp.js en MISP 2.4.82 existe XSS mediante un nombre de organización añadido manualmente. • https://github.com/MISP/MISP/commit/a659664447a7b2a383cb9e0f6b43dcb43ec69194 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15216
https://notcve.org/view.php?id=CVE-2017-15216
10 Oct 2017 — MISP before 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.js. MISP en versiones anteriores a 2.4.81 tiene XSS reflejado potencial en una acción quickDelete que se usa para borrar un sighting, relacionado con app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp y app/webroot/js/misp.js. • https://github.com/MISP/MISP/commit/ca6f4a783a6ba65532dc8767446bda44773ec627 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14337
https://notcve.org/view.php?id=CVE-2017-14337
12 Sep 2017 — When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user. Cuando MISP en versiones anteriores a la 2.4.80 se configura con la autenticación del certificado X.509 (CertAuth) conjuntamente con una API ReST de gestión de usuarios externos no pertenecie... • https://github.com/MISP/MISP/commit/be111a470204a974c50682054c9c7d4b94396ed9 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7215
https://notcve.org/view.php?id=CVE-2017-7215
21 Mar 2017 — Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP before 2.4.69 allows remote attackers to inject arbitrary web script or HTML. Cross site scripting en algunos elementos de vista en la herramienta de filtro de índice en app/webroot/js/misp2.4.68.js y la página de destino de la organización en app/View/Organisations/ajax/landingpage.ctp de MISP en versiones anteriores a 2... • http://www.fortiguard.com/advisory/FG-VD-17-021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •