Show filters
16 Total Results
Displaying 1-10 of 16
Sort by:
Attacker Value
Unknown

CVE-2023-48659

Disclosure Date: November 17, 2023 (last updated November 23, 2023)
An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-48658

Disclosure Date: November 17, 2023 (last updated November 23, 2023)
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-48657

Disclosure Date: November 17, 2023 (last updated January 10, 2024)
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-48656

Disclosure Date: November 17, 2023 (last updated January 10, 2024)
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-48655

Disclosure Date: November 17, 2023 (last updated January 10, 2024)
An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-37307

Disclosure Date: June 30, 2023 (last updated January 09, 2024)
In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-37306

Disclosure Date: June 30, 2023 (last updated October 08, 2023)
MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-28884

Disclosure Date: March 27, 2023 (last updated October 08, 2023)
In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-28607

Disclosure Date: March 18, 2023 (last updated October 08, 2023)
js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-28606

Disclosure Date: March 18, 2023 (last updated October 08, 2023)
js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
View More Topics  Next >