Vulnerabilites related to misp-project - malware_information_sharing_platform
Vulnerability from fkie_nvd
Published
2023-03-27 03:15
Modified
2024-11-21 07:56
Severity ?
Summary
In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| misp-project | malware_information_sharing_platform | 2.4.169 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:misp-project:malware_information_sharing_platform:2.4.169:*:*:*:*:*:*:*", matchCriteriaId: "25FB0E6F-32FA-4A98-87BC-723C1484FE57", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.", }, ], id: "CVE-2023-28884", lastModified: "2024-11-21T07:56:13.503", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-27T03:15:07.233", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/MISP/MISP/commit/b94c7978e5e6b1db369abeedbbf00bca975b08b7", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://zigrin.com/advisories/misp-dom-based-xss/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/MISP/MISP/commit/b94c7978e5e6b1db369abeedbbf00bca975b08b7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://zigrin.com/advisories/misp-dom-based-xss/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-18 18:15
Modified
2025-02-26 19:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| misp-project | malware_information_sharing_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "3E5675A8-EDC0-493D-9A7F-DF05832BCFBC", versionEndExcluding: "2.4.169", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.", }, ], id: "CVE-2023-28606", lastModified: "2025-02-26T19:15:19.193", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-03-18T18:15:54.270", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/MISP/MISP/commit/30255b8d683df4ec54f856282b3bde9106d5ae1a", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/MISP/MISP/compare/v2.4.168...v2.4.169", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/MISP/MISP/commit/30255b8d683df4ec54f856282b3bde9106d5ae1a", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/MISP/MISP/compare/v2.4.168...v2.4.169", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-22 23:15
Modified
2024-11-21 07:32
Severity ?
Summary
In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| misp-project | malware_information_sharing_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "16FA3B29-9E30-444C-9193-F13E3665F139", versionEndExcluding: "2.4.167", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp.", }, { lang: "es", value: "En MISP anterior a 2.4.167, hay XSS en las cargas de archivos de plantilla en app/View/Templates/upload_file.ctp.", }, ], id: "CVE-2022-47928", lastModified: "2024-11-21T07:32:32.790", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-22T23:15:10.413", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/MISP/MISP/commit/684d3e51398d4ea032b06fa4a1cd2bdf7d8b0ede", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://zigrin.com/advisories/misp-reflected-xss-in-uploadfile-action-of-the-templates-controllermisp/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/MISP/MISP/commit/684d3e51398d4ea032b06fa4a1cd2bdf7d8b0ede", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://zigrin.com/advisories/misp-reflected-xss-in-uploadfile-action-of-the-templates-controllermisp/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-09-03 20:59
Modified
2024-11-21 02:33
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| misp-project | malware_information_sharing_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "361906F3-7B94-45B4-863A-94DB991A8CB0", versionEndIncluding: "2.3.89", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js.", }, { lang: "es", value: "Múltiples vulnerabilidades de XSS en la funcionalidad de creación de plantilla en Malware Information Sharing Platform (MISP) en versiones anteriores a 2.3.90 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores que implican (1) add.ctp, (2) edit.ctp y (3) ajaxification.js.", }, ], id: "CVE-2015-5720", lastModified: "2024-11-21T02:33:42.470", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-09-03T20:59:01.483", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/92738", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/MISP/MISP/commit/812ac878c3645c02e2a599287117418424cbd4cf", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.circl.lu/advisory/CVE-2015-5720/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/92738", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/MISP/MISP/commit/812ac878c3645c02e2a599287117418424cbd4cf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.circl.lu/advisory/CVE-2015-5720/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-09-03 20:59
Modified
2024-11-21 02:33
Severity ?
Summary
Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| misp-project | malware_information_sharing_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "361906F3-7B94-45B4-863A-94DB991A8CB0", versionEndIncluding: "2.3.89", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.", }, { lang: "es", value: "Malware Information Sharing Platform (MISP) en versiones anteriores a 2.3.90 permite a atacantes remotos llevar a cabo ataques de inyección de objeto PHP a través de datos serializados manipulados, relacionado con TemplatesController.php y populate_event_from_template_attributes.ctp.", }, ], id: "CVE-2015-5721", lastModified: "2024-11-21T02:33:42.610", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-09-03T20:59:02.733", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/92739", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/MISP/MISP/commit/415d85102d5aa5f96f4f11a17c86b59bb9cc0d56", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.circl.lu/advisory/CVE-2015-5721/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/92739", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/MISP/MISP/commit/415d85102d5aa5f96f4f11a17c86b59bb9cc0d56", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.circl.lu/advisory/CVE-2015-5721/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-17 05:15
Modified
2024-11-21 08:32
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| misp-project | malware_information_sharing_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "2BBA7CBC-4331-4A5C-A738-3AC216AFC03A", versionEndExcluding: "2.4.176", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters.", }, { lang: "es", value: "Se descubrió un problema en MISP antes de la versión 2.4.176. app/Controller/Component/IndexFilterComponent.php no filtra correctamente los parámetros de consulta.", }, ], id: "CVE-2023-48655", lastModified: "2024-11-21T08:32:12.087", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-11-17T05:15:12.640", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/MISP/MISP/commit/158c8b2f788b75e0d26e9249a75e1be291e59d4b", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", }, { source: "cve@mitre.org", url: "https://zigrin.com/advisories/misp-blind-sql-injection-in-array-input-parameters/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/MISP/MISP/commit/158c8b2f788b75e0d26e9249a75e1be291e59d4b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://zigrin.com/advisories/misp-blind-sql-injection-in-array-input-parameters/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-116", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-17 05:15
Modified
2024-11-21 08:32
Severity ?
Summary
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| misp-project | malware_information_sharing_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "2BBA7CBC-4331-4A5C-A738-3AC216AFC03A", versionEndExcluding: "2.4.176", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.", }, { lang: "es", value: "Se descubrió un problema en MISP antes de la versión 2.4.176. app/Model/AppModel.php maneja mal las cláusulas de pedido.", }, ], id: "CVE-2023-48656", lastModified: "2024-11-21T08:32:12.333", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-17T05:15:12.690", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/MISP/MISP/commit/d6ad402b31547c95280a6d8320f8f87a8f609074", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", }, { source: "cve@mitre.org", url: "https://zigrin.com/advisories/misp-blind-sql-injection-in-order-parameter/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/MISP/MISP/commit/d6ad402b31547c95280a6d8320f8f87a8f609074", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://zigrin.com/advisories/misp-blind-sql-injection-in-order-parameter/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-17 05:15
Modified
2024-11-21 08:32
Severity ?
Summary
An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| misp-project | malware_information_sharing_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "2BBA7CBC-4331-4A5C-A738-3AC216AFC03A", versionEndExcluding: "2.4.176", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing.", }, { lang: "es", value: "Se descubrió un problema en MISP antes de la versión 2.4.176. app/Controller/AppController.php maneja mal el análisis de parámetros.", }, ], id: "CVE-2023-48659", lastModified: "2024-11-21T08:32:12.820", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-17T05:15:12.847", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/MISP/MISP/commit/37ecf81b84a01baa4d4b1fade4de94a9018c32ed", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Release Notes", ], url: "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", }, { source: "cve@mitre.org", url: "https://zigrin.com/advisories/misp-reflected-cross-site-scripting-in-galaxies/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/MISP/MISP/commit/37ecf81b84a01baa4d4b1fade4de94a9018c32ed", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Release Notes", ], url: "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://zigrin.com/advisories/misp-reflected-cross-site-scripting-in-galaxies/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-17 05:15
Modified
2024-11-21 08:32
Severity ?
Summary
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| misp-project | malware_information_sharing_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "2BBA7CBC-4331-4A5C-A738-3AC216AFC03A", versionEndExcluding: "2.4.176", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.", }, { lang: "es", value: "Se descubrió un problema en MISP antes de la versión 2.4.176. app/Model/AppModel.php maneja mal los filtros.", }, ], id: "CVE-2023-48657", lastModified: "2024-11-21T08:32:12.510", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-17T05:15:12.740", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/MISP/MISP/commit/08bd23281ead288de678de666ef43ed6de1899fc", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Release Notes", ], url: "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", }, { source: "cve@mitre.org", url: "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/MISP/MISP/commit/08bd23281ead288de678de666ef43ed6de1899fc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Release Notes", ], url: "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-30 17:15
Modified
2024-11-21 08:11
Severity ?
Summary
In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| misp-project | malware_information_sharing_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "5B85DED7-7D47-4040-B652-630964AF10A1", versionEndExcluding: "2.4.172", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.", }, ], id: "CVE-2023-37307", lastModified: "2024-11-21T08:11:27.160", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-30T17:15:09.800", references: [ { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/176975/MISP-2.4.171-Cross-Site-Scripting.html", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/MISP/MISP/commit/286c84fab0047726a6a396ceefaae1bb666fc485", }, { source: "cve@mitre.org", tags: [ "Patch", "Product", ], url: "https://github.com/MISP/MISP/compare/v2.4.171...v2.4.172", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://zigrin.com/advisories/misp-stored-xss/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/176975/MISP-2.4.171-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/MISP/MISP/commit/286c84fab0047726a6a396ceefaae1bb666fc485", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Product", ], url: "https://github.com/MISP/MISP/compare/v2.4.171...v2.4.172", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://zigrin.com/advisories/misp-stored-xss/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-18 18:15
Modified
2025-02-26 21:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| misp-project | malware_information_sharing_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "3E5675A8-EDC0-493D-9A7F-DF05832BCFBC", versionEndExcluding: "2.4.169", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.", }, ], id: "CVE-2023-28607", lastModified: "2025-02-26T21:15:16.313", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-03-18T18:15:54.333", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/MISP/MISP/commit/78f423451a4c795991e739ee970bc5215c061591", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/MISP/MISP/compare/v2.4.168...v2.4.169", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/MISP/MISP/commit/78f423451a4c795991e739ee970bc5215c061591", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/MISP/MISP/compare/v2.4.168...v2.4.169", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-30 17:15
Modified
2024-11-21 08:11
Severity ?
Summary
MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| misp-project | malware_information_sharing_platform | 2.4.172 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:misp-project:malware_information_sharing_platform:2.4.172:*:*:*:*:*:*:*", matchCriteriaId: "08CB9C04-9845-4D45-B9A3-D473B10E5E0D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.", }, ], id: "CVE-2023-37306", lastModified: "2024-11-21T08:11:27.000", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-30T17:15:09.757", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/MISP/MISP/commit/f125630c1c2d0f5d11079d3653ab7bb2ab5cd908", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/MISP/MISP/commit/f125630c1c2d0f5d11079d3653ab7bb2ab5cd908", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-209", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-17 05:15
Modified
2024-11-21 08:32
Severity ?
Summary
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| misp-project | malware_information_sharing_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "2BBA7CBC-4331-4A5C-A738-3AC216AFC03A", versionEndExcluding: "2.4.176", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space.", }, { lang: "es", value: "Se descubrió un problema en MISP antes de la versión 2.4.176. app/Model/AppModel.php carece de una función checkParam para caracteres alfanuméricos, guiones bajos, guiones, puntos y espacios.", }, ], id: "CVE-2023-48658", lastModified: "2024-11-21T08:32:12.670", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-17T05:15:12.793", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/MISP/MISP/commit/168621521b57b2437331174186f84a6aa3e71f0d", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Release Notes", ], url: "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", }, { source: "cve@mitre.org", url: "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/MISP/MISP/commit/168621521b57b2437331174186f84a6aa3e71f0d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Release Notes", ], url: "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-23 05:15
Modified
2024-11-21 07:47
Severity ?
Summary
app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/MISP/MISP/commit/f7238fe5e71ac065daa43c8607d02f8ac682f18f | Patch, Third Party Advisory | |
| cve@mitre.org | https://zigrin.com/advisories/misp-xss-in-add-action-of-the-authkeys-controller/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/MISP/MISP/commit/f7238fe5e71ac065daa43c8607d02f8ac682f18f | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zigrin.com/advisories/misp-xss-in-add-action-of-the-authkeys-controller/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| misp-project | malware_information_sharing_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "D575BDC7-FF19-4808-910F-FAD15CDD75B8", versionEndIncluding: "2.4.167", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field.", }, { lang: "es", value: "app/View/AuthKeys/authkey_display.ctp en MISP hasta 2.4.167 tiene un XSS en authkey agregado a través de un campo Referer.", }, ], id: "CVE-2023-24070", lastModified: "2024-11-21T07:47:22.360", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-23T05:15:18.997", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/MISP/MISP/commit/f7238fe5e71ac065daa43c8607d02f8ac682f18f", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://zigrin.com/advisories/misp-xss-in-add-action-of-the-authkeys-controller/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/MISP/MISP/commit/f7238fe5e71ac065daa43c8607d02f8ac682f18f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://zigrin.com/advisories/misp-xss-in-add-action-of-the-authkeys-controller/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-10 05:15
Modified
2024-11-21 07:25
Severity ?
Summary
app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/MISP/MISP/commit/934b9cd4fc6d6378ad349ea630ad9f1319ac82f5 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/MISP/MISP/commit/934b9cd4fc6d6378ad349ea630ad9f1319ac82f5 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| misp-project | malware_information_sharing_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "F7EA2E78-D405-4479-8E95-FA571878982F", versionEndExcluding: "2.4.164", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have).", }, { lang: "es", value: "El archivo app/Controller/UsersController.php en MISP versiones anteriores a 2.4.164, permite a atacantes detectar los nombres de los roles (esta es una información que sólo el administrador del sitio debería tener)", }, ], id: "CVE-2022-42724", lastModified: "2024-11-21T07:25:13.970", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-10T05:15:09.237", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/MISP/MISP/commit/934b9cd4fc6d6378ad349ea630ad9f1319ac82f5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/MISP/MISP/commit/934b9cd4fc6d6378ad349ea630ad9f1319ac82f5", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-09-03 20:59
Modified
2024-11-21 02:33
Severity ?
Summary
app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| misp-project | malware_information_sharing_platform | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "FC0C651C-5962-47D4-AA2E-220BB4B1A1B2", versionEndIncluding: "2.3.91", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors.", }, { lang: "es", value: "app/Controller/TemplatesController.php en Malware Information Sharing Platform (MISP) en versiones anteriores a 2.3.92 no restringe adecuadamente nombres de archivo bajo el directorio tmp/files/, lo que tiene un impacto y vectores de ataque no especificados.", }, ], id: "CVE-2015-5719", lastModified: "2024-11-21T02:33:42.317", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-09-03T20:59:00.153", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/92740", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/MISP/MISP/commit/27cc167c3355ec76292235d7f5f4e0016bfd7699", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.circl.lu/advisory/CVE-2015-5719/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/92740", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/MISP/MISP/commit/27cc167c3355ec76292235d7f5f4e0016bfd7699", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.circl.lu/advisory/CVE-2015-5719/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2023-48658
Vulnerability from cvelistv5
Published
2023-11-17 00:00
Modified
2024-08-02 21:37
Severity ?
EPSS score ?
Summary
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:37:54.466Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", }, { tags: [ "x_transferred", ], url: "https://github.com/MISP/MISP/commit/168621521b57b2437331174186f84a6aa3e71f0d", }, { tags: [ "x_transferred", ], url: "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-09T23:30:12.309052", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", }, { url: "https://github.com/MISP/MISP/commit/168621521b57b2437331174186f84a6aa3e71f0d", }, { url: "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-48658", datePublished: "2023-11-17T00:00:00", dateReserved: "2023-11-17T00:00:00", dateUpdated: "2024-08-02T21:37:54.466Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28884
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2024-08-02 13:51
Severity ?
EPSS score ?
Summary
In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T13:51:38.979Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/MISP/MISP/commit/b94c7978e5e6b1db369abeedbbf00bca975b08b7", }, { tags: [ "x_transferred", ], url: "https://zigrin.com/advisories/misp-dom-based-xss/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-30T21:18:16.356312", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/MISP/MISP/commit/b94c7978e5e6b1db369abeedbbf00bca975b08b7", }, { url: "https://zigrin.com/advisories/misp-dom-based-xss/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-28884", datePublished: "2023-03-27T00:00:00", dateReserved: "2023-03-27T00:00:00", dateUpdated: "2024-08-02T13:51:38.979Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-48657
Vulnerability from cvelistv5
Published
2023-11-17 00:00
Modified
2024-08-02 21:37
Severity ?
EPSS score ?
Summary
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:37:54.227Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", }, { tags: [ "x_transferred", ], url: "https://github.com/MISP/MISP/commit/08bd23281ead288de678de666ef43ed6de1899fc", }, { tags: [ "x_transferred", ], url: "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-09T23:30:06.313011", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", }, { url: "https://github.com/MISP/MISP/commit/08bd23281ead288de678de666ef43ed6de1899fc", }, { url: "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-48657", datePublished: "2023-11-17T00:00:00", dateReserved: "2023-11-17T00:00:00", dateUpdated: "2024-08-02T21:37:54.227Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-24070
Vulnerability from cvelistv5
Published
2023-01-23 00:00
Modified
2024-08-02 10:49
Severity ?
EPSS score ?
Summary
app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:49:09.024Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/MISP/MISP/commit/f7238fe5e71ac065daa43c8607d02f8ac682f18f", }, { tags: [ "x_transferred", ], url: "https://zigrin.com/advisories/misp-xss-in-add-action-of-the-authkeys-controller/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-30T21:17:53.726637", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/MISP/MISP/commit/f7238fe5e71ac065daa43c8607d02f8ac682f18f", }, { url: "https://zigrin.com/advisories/misp-xss-in-add-action-of-the-authkeys-controller/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-24070", datePublished: "2023-01-23T00:00:00", dateReserved: "2023-01-23T00:00:00", dateUpdated: "2024-08-02T10:49:09.024Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28607
Vulnerability from cvelistv5
Published
2023-03-18 00:00
Modified
2025-02-26 20:45
Severity ?
EPSS score ?
Summary
js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T13:43:22.896Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/MISP/MISP/compare/v2.4.168...v2.4.169", }, { tags: [ "x_transferred", ], url: "https://github.com/MISP/MISP/commit/78f423451a4c795991e739ee970bc5215c061591", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-28607", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T20:45:13.053578Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-26T20:45:23.601Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-18T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/MISP/MISP/compare/v2.4.168...v2.4.169", }, { url: "https://github.com/MISP/MISP/commit/78f423451a4c795991e739ee970bc5215c061591", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-28607", datePublished: "2023-03-18T00:00:00.000Z", dateReserved: "2023-03-18T00:00:00.000Z", dateUpdated: "2025-02-26T20:45:23.601Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37306
Vulnerability from cvelistv5
Published
2023-06-30 00:00
Modified
2024-11-27 18:38
Severity ?
EPSS score ?
Summary
MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:09:34.223Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle", }, { tags: [ "x_transferred", ], url: "https://github.com/MISP/MISP/commit/f125630c1c2d0f5d11079d3653ab7bb2ab5cd908", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-37306", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-27T18:37:51.660085Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-27T18:38:01.042Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-30T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle", }, { url: "https://github.com/MISP/MISP/commit/f125630c1c2d0f5d11079d3653ab7bb2ab5cd908", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-37306", datePublished: "2023-06-30T00:00:00", dateReserved: "2023-06-30T00:00:00", dateUpdated: "2024-11-27T18:38:01.042Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-48656
Vulnerability from cvelistv5
Published
2023-11-17 00:00
Modified
2024-11-26 20:17
Severity ?
EPSS score ?
Summary
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:37:54.628Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", }, { tags: [ "x_transferred", ], url: "https://github.com/MISP/MISP/commit/d6ad402b31547c95280a6d8320f8f87a8f609074", }, { tags: [ "x_transferred", ], url: "https://zigrin.com/advisories/misp-blind-sql-injection-in-order-parameter/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-48656", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-26T20:16:12.412008Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-26T20:17:35.293Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-09T23:29:59.472123", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", }, { url: "https://github.com/MISP/MISP/commit/d6ad402b31547c95280a6d8320f8f87a8f609074", }, { url: "https://zigrin.com/advisories/misp-blind-sql-injection-in-order-parameter/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-48656", datePublished: "2023-11-17T00:00:00", dateReserved: "2023-11-17T00:00:00", dateUpdated: "2024-11-26T20:17:35.293Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37307
Vulnerability from cvelistv5
Published
2023-06-30 00:00
Modified
2024-08-02 17:09
Severity ?
EPSS score ?
Summary
In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:09:34.144Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/MISP/MISP/commit/286c84fab0047726a6a396ceefaae1bb666fc485", }, { tags: [ "x_transferred", ], url: "https://github.com/MISP/MISP/compare/v2.4.171...v2.4.172", }, { tags: [ "x_transferred", ], url: "https://zigrin.com/advisories/misp-stored-xss/", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/176975/MISP-2.4.171-Cross-Site-Scripting.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-05T17:06:15.366023", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/MISP/MISP/commit/286c84fab0047726a6a396ceefaae1bb666fc485", }, { url: "https://github.com/MISP/MISP/compare/v2.4.171...v2.4.172", }, { url: "https://zigrin.com/advisories/misp-stored-xss/", }, { url: "http://packetstormsecurity.com/files/176975/MISP-2.4.171-Cross-Site-Scripting.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-37307", datePublished: "2023-06-30T00:00:00", dateReserved: "2023-06-30T00:00:00", dateUpdated: "2024-08-02T17:09:34.144Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-5719
Vulnerability from cvelistv5
Published
2016-09-03 20:00
Modified
2024-08-06 06:59
Severity ?
EPSS score ?
Summary
app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.circl.lu/advisory/CVE-2015-5719/ | x_refsource_CONFIRM | |
| https://github.com/MISP/MISP/commit/27cc167c3355ec76292235d7f5f4e0016bfd7699 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/92740 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:59:04.258Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.circl.lu/advisory/CVE-2015-5719/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/MISP/MISP/commit/27cc167c3355ec76292235d7f5f4e0016bfd7699", }, { name: "92740", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/92740", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-08-04T00:00:00", descriptions: [ { lang: "en", value: "app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-25T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.circl.lu/advisory/CVE-2015-5719/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/MISP/MISP/commit/27cc167c3355ec76292235d7f5f4e0016bfd7699", }, { name: "92740", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/92740", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-5719", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.circl.lu/advisory/CVE-2015-5719/", refsource: "CONFIRM", url: "https://www.circl.lu/advisory/CVE-2015-5719/", }, { name: "https://github.com/MISP/MISP/commit/27cc167c3355ec76292235d7f5f4e0016bfd7699", refsource: "CONFIRM", url: "https://github.com/MISP/MISP/commit/27cc167c3355ec76292235d7f5f4e0016bfd7699", }, { name: "92740", refsource: "BID", url: "http://www.securityfocus.com/bid/92740", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-5719", datePublished: "2016-09-03T20:00:00", dateReserved: "2015-08-03T00:00:00", dateUpdated: "2024-08-06T06:59:04.258Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-5721
Vulnerability from cvelistv5
Published
2016-09-03 20:00
Modified
2024-08-06 06:59
Severity ?
EPSS score ?
Summary
Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/MISP/MISP/commit/415d85102d5aa5f96f4f11a17c86b59bb9cc0d56 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/92739 | vdb-entry, x_refsource_BID | |
| https://www.circl.lu/advisory/CVE-2015-5721/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:59:04.339Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/MISP/MISP/commit/415d85102d5aa5f96f4f11a17c86b59bb9cc0d56", }, { name: "92739", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/92739", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.circl.lu/advisory/CVE-2015-5721/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-08-04T00:00:00", descriptions: [ { lang: "en", value: "Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-25T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/MISP/MISP/commit/415d85102d5aa5f96f4f11a17c86b59bb9cc0d56", }, { name: "92739", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/92739", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.circl.lu/advisory/CVE-2015-5721/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-5721", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/MISP/MISP/commit/415d85102d5aa5f96f4f11a17c86b59bb9cc0d56", refsource: "CONFIRM", url: "https://github.com/MISP/MISP/commit/415d85102d5aa5f96f4f11a17c86b59bb9cc0d56", }, { name: "92739", refsource: "BID", url: "http://www.securityfocus.com/bid/92739", }, { name: "https://www.circl.lu/advisory/CVE-2015-5721/", refsource: "CONFIRM", url: "https://www.circl.lu/advisory/CVE-2015-5721/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-5721", datePublished: "2016-09-03T20:00:00", dateReserved: "2015-08-03T00:00:00", dateUpdated: "2024-08-06T06:59:04.339Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-47928
Vulnerability from cvelistv5
Published
2022-12-22 00:00
Modified
2024-08-03 15:02
Severity ?
EPSS score ?
Summary
In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:02:36.632Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/MISP/MISP/commit/684d3e51398d4ea032b06fa4a1cd2bdf7d8b0ede", }, { tags: [ "x_transferred", ], url: "https://zigrin.com/advisories/misp-reflected-xss-in-uploadfile-action-of-the-templates-controllermisp/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-30T21:28:21.455420", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/MISP/MISP/commit/684d3e51398d4ea032b06fa4a1cd2bdf7d8b0ede", }, { url: "https://zigrin.com/advisories/misp-reflected-xss-in-uploadfile-action-of-the-templates-controllermisp/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-47928", datePublished: "2022-12-22T00:00:00", dateReserved: "2022-12-22T00:00:00", dateUpdated: "2024-08-03T15:02:36.632Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-48659
Vulnerability from cvelistv5
Published
2023-11-17 00:00
Modified
2024-08-02 21:37
Severity ?
EPSS score ?
Summary
An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:37:54.432Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", }, { tags: [ "x_transferred", ], url: "https://github.com/MISP/MISP/commit/37ecf81b84a01baa4d4b1fade4de94a9018c32ed", }, { tags: [ "x_transferred", ], url: "https://zigrin.com/advisories/misp-reflected-cross-site-scripting-in-galaxies/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-09T23:30:30.112024", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", }, { url: "https://github.com/MISP/MISP/commit/37ecf81b84a01baa4d4b1fade4de94a9018c32ed", }, { url: "https://zigrin.com/advisories/misp-reflected-cross-site-scripting-in-galaxies/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-48659", datePublished: "2023-11-17T00:00:00", dateReserved: "2023-11-17T00:00:00", dateUpdated: "2024-08-02T21:37:54.432Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28606
Vulnerability from cvelistv5
Published
2023-03-18 00:00
Modified
2025-02-26 19:04
Severity ?
EPSS score ?
Summary
js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T13:43:23.290Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/MISP/MISP/commit/30255b8d683df4ec54f856282b3bde9106d5ae1a", }, { tags: [ "x_transferred", ], url: "https://github.com/MISP/MISP/compare/v2.4.168...v2.4.169", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-28606", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T19:04:44.972213Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-26T19:04:59.334Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-18T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/MISP/MISP/commit/30255b8d683df4ec54f856282b3bde9106d5ae1a", }, { url: "https://github.com/MISP/MISP/compare/v2.4.168...v2.4.169", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-28606", datePublished: "2023-03-18T00:00:00.000Z", dateReserved: "2023-03-18T00:00:00.000Z", dateUpdated: "2025-02-26T19:04:59.334Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-48655
Vulnerability from cvelistv5
Published
2023-11-17 00:00
Modified
2024-10-15 17:47
Severity ?
EPSS score ?
Summary
An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:37:53.577Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", }, { tags: [ "x_transferred", ], url: "https://github.com/MISP/MISP/commit/158c8b2f788b75e0d26e9249a75e1be291e59d4b", }, { tags: [ "x_transferred", ], url: "https://zigrin.com/advisories/misp-blind-sql-injection-in-array-input-parameters/", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-48655", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T17:36:18.793964Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-116", description: "CWE-116 Improper Encoding or Escaping of Output", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-15T17:47:48.314Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-09T23:30:02.498454", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", }, { url: "https://github.com/MISP/MISP/commit/158c8b2f788b75e0d26e9249a75e1be291e59d4b", }, { url: "https://zigrin.com/advisories/misp-blind-sql-injection-in-array-input-parameters/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-48655", datePublished: "2023-11-17T00:00:00", dateReserved: "2023-11-17T00:00:00", dateUpdated: "2024-10-15T17:47:48.314Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-5720
Vulnerability from cvelistv5
Published
2016-09-03 20:00
Modified
2024-08-06 06:59
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.circl.lu/advisory/CVE-2015-5720/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/92738 | vdb-entry, x_refsource_BID | |
| https://github.com/MISP/MISP/commit/812ac878c3645c02e2a599287117418424cbd4cf | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:59:04.092Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.circl.lu/advisory/CVE-2015-5720/", }, { name: "92738", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/92738", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/MISP/MISP/commit/812ac878c3645c02e2a599287117418424cbd4cf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-08-04T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-25T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.circl.lu/advisory/CVE-2015-5720/", }, { name: "92738", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/92738", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/MISP/MISP/commit/812ac878c3645c02e2a599287117418424cbd4cf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-5720", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.circl.lu/advisory/CVE-2015-5720/", refsource: "CONFIRM", url: "https://www.circl.lu/advisory/CVE-2015-5720/", }, { name: "92738", refsource: "BID", url: "http://www.securityfocus.com/bid/92738", }, { name: "https://github.com/MISP/MISP/commit/812ac878c3645c02e2a599287117418424cbd4cf", refsource: "CONFIRM", url: "https://github.com/MISP/MISP/commit/812ac878c3645c02e2a599287117418424cbd4cf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-5720", datePublished: "2016-09-03T20:00:00", dateReserved: "2015-08-03T00:00:00", dateUpdated: "2024-08-06T06:59:04.092Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42724
Vulnerability from cvelistv5
Published
2022-10-10 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have).
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:10:41.466Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/MISP/MISP/commit/934b9cd4fc6d6378ad349ea630ad9f1319ac82f5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-10T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/MISP/MISP/commit/934b9cd4fc6d6378ad349ea630ad9f1319ac82f5", }, ], source: { discovery: "INTERNAL", }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-42724", datePublished: "2022-10-10T00:00:00", dateReserved: "2022-10-10T00:00:00", dateUpdated: "2024-08-03T13:10:41.466Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }