6 matches found
CVE-2026-54394
MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and uuid without ensuring that the resolved file remains inside the intended APP/files/img/orgs/...
EUVD-2026-36563
MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and uuid without ensuring that the resolved file remains inside the intended APP/files/img/orgs/...
PT-2026-48996
Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description A path traversal issue exists in the getOrgLogo function of the OrganisationsController. The software constructs file paths for organization logos using fields controlled by the organization, su...
CVE-2022-29533
An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page."...
Design/Logic Flaw
An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page."...
PT-2022-19683 · Misp · Misp
Name of the Vulnerable Software and Affected Versions: MISP versions prior to 2.4.158 Description: The issue is related to a Cross-Site Scripting XSS vulnerability in the app/Controller/OrganisationsController.php file, specifically in situations involving a "weird single checkbox page."...