Latest misp-project malware information sharing platform Vulnerabilities

CVE-2023-48658
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space.
<2.4.176
CVE-2023-48657
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.
Misp-project Malware Information Sharing Platform<2.4.176
CVE-2023-48655
An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters.
Misp-project Malware Information Sharing Platform<2.4.176
CVE-2023-48656
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.
Misp-project Malware Information Sharing Platform<2.4.176
CVE-2023-48659
An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing.
Misp-project Malware Information Sharing Platform<2.4.176
CVE-2023-37306
MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.
Misp-project Malware Information Sharing Platform=2.4.172
CVE-2023-37307
In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.
Misp-project Malware Information Sharing Platform<2.4.172
CVE-2023-28884
In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
Misp-project Malware Information Sharing Platform=2.4.169
CVE-2023-28606
js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.
Misp-project Malware Information Sharing Platform<2.4.169
CVE-2023-28607
js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.
Misp-project Malware Information Sharing Platform<2.4.169
CVE-2023-24070
app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field.
Misp-project Malware Information Sharing Platform<=2.4.167
CVE-2022-47928
In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp.
Misp-project Malware Information Sharing Platform<2.4.167
CVE-2022-42724
app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have).
Misp-project Malware Information Sharing Platform<2.4.164

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203