25 matches found
CVE-2021-27904
An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors...
CVE-2026-27570 Discourse Vulnerable to Stored XSS via Shared AI Conversation Onebox
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the onebox method in the SharedAiConversation model renders the conversation title directly into HTML without proper sanitization. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 conta...
CVE-2026-27570 Discourse Vulnerable to Stored XSS via Shared AI Conversation Onebox
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the onebox method in the SharedAiConversation model renders the conversation title directly into HTML without proper sanitization. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 conta...
EUVD-2026-13192
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the onebox method in the SharedAiConversation model renders the conversation title directly into HTML without proper sanitization. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 conta...
PT-2026-26360
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, t...
EUVD-2021-22833
Malware in sbrugna...
EUVD-2021-14639
Malware in sbrugna...
EUVD-2022-30001
Malicious code in bioql PyPI...
CVE-2021-36212
app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view...
CVE-2022-25318
An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing groups...
CVE-2022-25318
An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing groups...
CVE-2022-25318
An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing groups...
Design/Logic Flaw
An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing groups...
CVE-2022-25318
CVE-2022-25318 affects Cerebrate up to version 1.4. The issue stems from an incorrect sharing group ACL that allows an unprivileged user to edit and modify sharing groups. Reported across multiple feeds, the vulnerability enables modification of sharing-group configuration by non-privileged users...
CVE-2022-25318
An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing groups...
CVE-2021-36212
app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view...
CVE-2021-36212
app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view...
Cross site scripting
app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view...
CVE-2021-36212
CVE-2021-36212 affects MISP prior to version 2.4.146, with stored XSS in the file path app/View/SharingGroups/view.ctp affecting the sharing groups view. The NVD/CVE data show a CVSSv3.1 base score of 6.1 (NETWORK, LOW attack complexity, UI REQUIRED, CHANGED scope; Impact: LOW confidentiality/int...
CVE-2021-36212
app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view...