EUVD-2021-24223

Malware in sbrugna...

CVE-2022-29530

An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters...

Vulnerabilities fixed in MISP

The MISP project has fixed two vulnerabilities in MISP. A malicious party can exploit the vulnerabilities to manipulate threat information when shared via Galaxy Clusters and/or Tags. No CVE ID has yet been released for these vulnerabilities and little further little substantive information known...

CVE-2022-29530

An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters...

CVE-2022-29530

An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters...

CVE-2022-29530

An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters...

Cross site scripting

An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters...

CVE-2022-29530

CVE-2022-29530 – MISP stored XSS in galaxy clusters affects MISP versions prior to 2.4.158. The vulnerability arises from a lack of data validation/filtering of user-supplied data and its output in galaxy clusters, allowing an attacker to execute JavaScript in a victim’s browser (stored XSS). Pub...

MISP 跨站脚本漏洞

MISP is an open source software solution. The product is used to collect, store, distribute, and share network security metrics and has features such as threat network security event analysis and malware analysis. cross-site scripting vulnerability exists in versions prior to MISP 2.4.158, which...

CVE-2022-29530

An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters...

PT-2022-19680 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP versions prior to 2.4.158 Description: The issue is related to stored XSS in the galaxy clusters. Recommendations: For versions prior to 2.4.158, update to version 2.4.158 or later to resolve the issue...

CVE-2021-37742

app/View/Elements/GalaxyClusters/viewrelationtree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships...

Cross site scripting

app/View/Elements/GalaxyClusters/viewrelationtree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships...

CVE-2021-37742

Summary: CVE-2021-37742 affects MISP 2.4.147 with a Stored XSS in the view file app/View/Elements/GalaxyClusters/view_relation_tree.ctp when viewing galaxy cluster relationships. The issue originates from that view template; exploitation could occur in the user’s browser when rendering the affect...

CVE-2021-37534

The CVE-2021-37534 entry concerns MISP 2.4.146 where a Stored XSS flaw exists in app/View/GalaxyClusters/add.ctp when forking a galaxy cluster. Affected component is the Galaxy Clusters feature; the root cause is an XSS condition that can allow injected script to run in a victim's browser. Impact...

MISP 跨站脚本漏洞

MISP is an open source software solution. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. MISP suffers from a cross-site scripting vulnerability that stems from...

CVE-2021-25324

MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp...

CVE-2021-25324

MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp...

MISP 跨站脚本漏洞

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in MISP version 2.4.136, which originates from...