CVE-2021-3184

MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/globalmenu.ctp user homepage favourite button...

CVE-2021-25323

The default setting of MISP 2.4.136 did not enable the requirements aka requirepasswordconfirmation to provide the previous password when changing a password...

CVE-2021-3184

MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/globalmenu.ctp user homepage favourite button...

CVE-2021-25325

MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs...

CVE-2021-25323

The default setting of MISP 2.4.136 did not enable the requirements aka requirepasswordconfirmation to provide the previous password when changing a password...

CVE-2021-25324

MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp...

Cross site scripting

MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp...

Design/Logic Flaw

MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/globalmenu.ctp user homepage favourite button...

Default credentials

The default setting of MISP 2.4.136 did not enable the requirements aka requirepasswordconfirmation to provide the previous password when changing a password...

CVE-2021-3184

MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/globalmenu.ctp user homepage favourite button...

CVE-2021-25324

MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp...

CVE-2021-25325

MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs...