7 matches found
CVE-2026-44364
The CVE affects the MISP-modules component in MISP modules’ home blueprint prior to 3.0.7, where CSRF protection was disabled, allowing an authenticated user to trigger unintended requests and potentially modify session query data. The issue was fixed by enabling CSRF protection for the affected ...
CVE-2026-44364 misp-modules website - Missing CSRF protection in the website home blueprint
MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerabili...
CVE-2026-44364 misp-modules website - Missing CSRF protection in the website home blueprint
MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerabili...
GHSA-J4RH-7JCR-QM69 misp-modules website - Missing CSRF protection in the website home blueprint
A Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerability was due to the home blueprint being exempted from CSRF protection. This could allow modification of sessi...
Cross-site Request Forgery (CSRF)
Overview misp-modules is a MISP modules are autonomous modules that can be used for expansion and other services in MISP Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the home blueprint, which was exempted from CSRF protection. An attacker can perform...
misp-modules website - Missing CSRF protection in the website home blueprint
A Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerability was due to the home blueprint being exempted from CSRF protection. This could allow modification of sessi...
PT-2026-38309
Name of the Vulnerable Software and Affected Versions MISP modules versions 3.0.7 and earlier Description A Cross-Site Request Forgery CSRF issue in the MISP Modules website allows an attacker to trick an authenticated user into submitting unintended requests to the "/home" endpoint. This occurs...