CVE-2021-25324

MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp...

MISP Cross-Site Scripting Vulnerability (CNVD-2021-06525)

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in MISP version 2.4.136, which originates from...

MISP cross-site scripting vulnerability (CNVD-2021-06526)

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in MISP version 2.4.136, which originates in...

CVE-2021-3184

MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/globalmenu.ctp user homepage favourite button...

CVE-2021-25323

The default setting of MISP 2.4.136 did not enable the requirements aka requirepasswordconfirmation to provide the previous password when changing a password...

CVE-2021-3184

MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/globalmenu.ctp user homepage favourite button...

CVE-2021-25323

The default setting of MISP 2.4.136 did not enable the requirements aka requirepasswordconfirmation to provide the previous password when changing a password...

CVE-2021-25325

MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs...

CVE-2021-25324

MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp...

Design/Logic Flaw

MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/globalmenu.ctp user homepage favourite button...

Cross site scripting

MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp...

Default credentials

The default setting of MISP 2.4.136 did not enable the requirements aka requirepasswordconfirmation to provide the previous password when changing a password...

CVE-2021-3184

MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/globalmenu.ctp user homepage favourite button...

CVE-2021-25324

MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp...

CVE-2021-25324

CVE-2021-25324 affects MISP 2.4.136 with a Stored XSS flaw in the galaxy cluster view (app/View/GalaxyClusters/view.ctp). Root cause details are not fully disclosed in the provided documents, but the vulnerability is described by multiple sources as a cross-site scripting issue that could impact ...

CVE-2021-25325

MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs...

MISP 跨站脚本漏洞

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in MISP version 2.4.136, which originates in...

MISP 跨站脚本漏洞

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in MISP version 2.4.136, which originates from...