Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
203 vulnerabilities found for misp by misp
CVE-2026-39962 (GCVE-0-2026-39962)
Vulnerability from nvd – Published: 2026-04-09 16:37 – Updated: 2026-04-10 14:07
VLAI?
Title
LDAP injection in MISP ApacheAuthenticate when using a user-controlled Apache environment variable
Summary
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled server variable instead of REMOTE_USER (such as in certain proxy setups). An attacker able to control that value can manipulate the LDAP search filter and potentially bypass authentication constraints or cause unauthorized LDAP queries. This vulnerability is fixed in 2.5.36.
Severity ?
CWE
- CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T14:06:56.445635Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T14:07:02.751Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MISP",
"vendor": "MISP",
"versions": [
{
"status": "affected",
"version": "\u003c 2.5.36"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled server variable instead of REMOTE_USER (such as in certain proxy setups). An attacker able to control that value can manipulate the LDAP search filter and potentially bypass authentication constraints or cause unauthorized LDAP queries. This vulnerability is fixed in 2.5.36."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-90",
"description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T16:37:38.880Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/MISP/MISP/security/advisories/GHSA-mc53-48w8-9g63",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/MISP/MISP/security/advisories/GHSA-mc53-48w8-9g63"
},
{
"name": "https://github.com/MISP/MISP/commit/380ee4136a7d9ce2fe63fce06d517839f30aba10",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MISP/MISP/commit/380ee4136a7d9ce2fe63fce06d517839f30aba10"
},
{
"name": "https://github.com/MISP/MISP/commit/d7d671ea8f5822e91207dcad2003c35c30092a32",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MISP/MISP/commit/d7d671ea8f5822e91207dcad2003c35c30092a32"
},
{
"name": "https://github.com/MISP/MISP/releases/tag/v2.5.36",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MISP/MISP/releases/tag/v2.5.36"
}
],
"source": {
"advisory": "GHSA-mc53-48w8-9g63",
"discovery": "UNKNOWN"
},
"title": "LDAP injection in MISP ApacheAuthenticate when using a user-controlled Apache environment variable"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-39962",
"datePublished": "2026-04-09T16:37:38.880Z",
"dateReserved": "2026-04-07T22:40:33.822Z",
"dateUpdated": "2026-04-10T14:07:02.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-67906 (GCVE-0-2025-67906)
Vulnerability from nvd – Published: 2025-12-15 03:25 – Updated: 2025-12-21 01:07
VLAI?
Summary
In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-67906",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T16:04:07.901652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T16:04:11.970Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/franckferman/CVE-2025-67906"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MISP",
"vendor": "MISP",
"versions": [
{
"lessThan": "2.5.28",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.5.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-21T01:07:34.796Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/1f39deb572da7ecb5855e30ff3cc8cbcaa0c1054"
},
{
"url": "https://vulnerability.circl.lu/vuln/gcve-1-2025-0031"
},
{
"url": "https://github.com/franckferman/GCVE-1-2025-0030"
},
{
"url": "https://github.com/MISP/MISP/compare/v2.5.27...v2.5.28"
},
{
"url": "https://github.com/franckferman/CVE-2025-67906"
}
],
"x_generator": {
"engine": "CVE-Request-form 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-67906",
"datePublished": "2025-12-15T03:25:46.324Z",
"dateReserved": "2025-12-15T03:25:45.994Z",
"dateUpdated": "2025-12-21T01:07:34.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66386 (GCVE-0-2025-66386)
Vulnerability from nvd – Published: 2025-11-28 00:00 – Updated: 2025-11-28 15:17
VLAI?
Summary
app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin.
Severity ?
4.1 (Medium)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T15:16:57.258479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T15:17:40.150Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MISP",
"vendor": "MISP",
"versions": [
{
"lessThan": "2.5.27",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.5.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T06:56:34.804Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/7f4a0386d38672eddc139f5735d71c3b749623ce"
},
{
"url": "https://github.com/MISP/MISP/compare/v2.5.26...v2.5.27"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-66386",
"datePublished": "2025-11-28T00:00:00.000Z",
"dateReserved": "2025-11-28T00:00:00.000Z",
"dateUpdated": "2025-11-28T15:17:40.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66384 (GCVE-0-2025-66384)
Vulnerability from nvd – Published: 2025-11-28 00:00 – Updated: 2025-11-28 15:23
VLAI?
Summary
app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name.
Severity ?
8.2 (High)
CWE
- CWE-684 - Incorrect Provision of Specified Functionality
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T15:23:40.777415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T15:23:46.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MISP",
"vendor": "MISP",
"versions": [
{
"lessThan": "2.5.24",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.5.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-684",
"description": "CWE-684 Incorrect Provision of Specified Functionality",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T06:52:41.226Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/misp/misp/commit/6867f0d3157a1959154bdad9ddac009dec6a19f5"
},
{
"url": "https://github.com/MISP/MISP/compare/v2.5.23...v2.5.24"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-66384",
"datePublished": "2025-11-28T00:00:00.000Z",
"dateReserved": "2025-11-28T00:00:00.000Z",
"dateUpdated": "2025-11-28T15:23:46.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-39962 (GCVE-0-2026-39962)
Vulnerability from cvelistv5 – Published: 2026-04-09 16:37 – Updated: 2026-04-10 14:07
VLAI?
Title
LDAP injection in MISP ApacheAuthenticate when using a user-controlled Apache environment variable
Summary
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled server variable instead of REMOTE_USER (such as in certain proxy setups). An attacker able to control that value can manipulate the LDAP search filter and potentially bypass authentication constraints or cause unauthorized LDAP queries. This vulnerability is fixed in 2.5.36.
Severity ?
CWE
- CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T14:06:56.445635Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T14:07:02.751Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MISP",
"vendor": "MISP",
"versions": [
{
"status": "affected",
"version": "\u003c 2.5.36"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled server variable instead of REMOTE_USER (such as in certain proxy setups). An attacker able to control that value can manipulate the LDAP search filter and potentially bypass authentication constraints or cause unauthorized LDAP queries. This vulnerability is fixed in 2.5.36."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-90",
"description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T16:37:38.880Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/MISP/MISP/security/advisories/GHSA-mc53-48w8-9g63",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/MISP/MISP/security/advisories/GHSA-mc53-48w8-9g63"
},
{
"name": "https://github.com/MISP/MISP/commit/380ee4136a7d9ce2fe63fce06d517839f30aba10",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MISP/MISP/commit/380ee4136a7d9ce2fe63fce06d517839f30aba10"
},
{
"name": "https://github.com/MISP/MISP/commit/d7d671ea8f5822e91207dcad2003c35c30092a32",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MISP/MISP/commit/d7d671ea8f5822e91207dcad2003c35c30092a32"
},
{
"name": "https://github.com/MISP/MISP/releases/tag/v2.5.36",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MISP/MISP/releases/tag/v2.5.36"
}
],
"source": {
"advisory": "GHSA-mc53-48w8-9g63",
"discovery": "UNKNOWN"
},
"title": "LDAP injection in MISP ApacheAuthenticate when using a user-controlled Apache environment variable"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-39962",
"datePublished": "2026-04-09T16:37:38.880Z",
"dateReserved": "2026-04-07T22:40:33.822Z",
"dateUpdated": "2026-04-10T14:07:02.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-67906 (GCVE-0-2025-67906)
Vulnerability from cvelistv5 – Published: 2025-12-15 03:25 – Updated: 2025-12-21 01:07
VLAI?
Summary
In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-67906",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T16:04:07.901652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T16:04:11.970Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/franckferman/CVE-2025-67906"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MISP",
"vendor": "MISP",
"versions": [
{
"lessThan": "2.5.28",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.5.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-21T01:07:34.796Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/1f39deb572da7ecb5855e30ff3cc8cbcaa0c1054"
},
{
"url": "https://vulnerability.circl.lu/vuln/gcve-1-2025-0031"
},
{
"url": "https://github.com/franckferman/GCVE-1-2025-0030"
},
{
"url": "https://github.com/MISP/MISP/compare/v2.5.27...v2.5.28"
},
{
"url": "https://github.com/franckferman/CVE-2025-67906"
}
],
"x_generator": {
"engine": "CVE-Request-form 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-67906",
"datePublished": "2025-12-15T03:25:46.324Z",
"dateReserved": "2025-12-15T03:25:45.994Z",
"dateUpdated": "2025-12-21T01:07:34.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66386 (GCVE-0-2025-66386)
Vulnerability from cvelistv5 – Published: 2025-11-28 00:00 – Updated: 2025-11-28 15:17
VLAI?
Summary
app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin.
Severity ?
4.1 (Medium)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T15:16:57.258479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T15:17:40.150Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MISP",
"vendor": "MISP",
"versions": [
{
"lessThan": "2.5.27",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.5.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T06:56:34.804Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/7f4a0386d38672eddc139f5735d71c3b749623ce"
},
{
"url": "https://github.com/MISP/MISP/compare/v2.5.26...v2.5.27"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-66386",
"datePublished": "2025-11-28T00:00:00.000Z",
"dateReserved": "2025-11-28T00:00:00.000Z",
"dateUpdated": "2025-11-28T15:17:40.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66384 (GCVE-0-2025-66384)
Vulnerability from cvelistv5 – Published: 2025-11-28 00:00 – Updated: 2025-11-28 15:23
VLAI?
Summary
app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name.
Severity ?
8.2 (High)
CWE
- CWE-684 - Incorrect Provision of Specified Functionality
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T15:23:40.777415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T15:23:46.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MISP",
"vendor": "MISP",
"versions": [
{
"lessThan": "2.5.24",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.5.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-684",
"description": "CWE-684 Incorrect Provision of Specified Functionality",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T06:52:41.226Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/misp/misp/commit/6867f0d3157a1959154bdad9ddac009dec6a19f5"
},
{
"url": "https://github.com/MISP/MISP/compare/v2.5.23...v2.5.24"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-66384",
"datePublished": "2025-11-28T00:00:00.000Z",
"dateReserved": "2025-11-28T00:00:00.000Z",
"dateUpdated": "2025-11-28T15:23:46.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
GCVE-1-2026-0024 (CVE-2026-39962)
Vulnerability from gna-1 – Published: 2026-04-08 08:28 – Updated: 2026-04-09 04:44
VLAI?
Title
LDAP injection in MISP ApacheAuthenticate when using a user-controlled Apache environment variable
Summary
Improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled server variable instead of REMOTE_USER (such as in certain proxy setups). An attacker able to control that value can manipulate the LDAP search filter and potentially bypass authentication constraints or cause unauthorized LDAP queries.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Relationships ?
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.36",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ayush Parkara"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Luciano Righetti"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eImproper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled server variable instead of REMOTE_USER (such as in certain proxy setups). An attacker able to control that value can manipulate the LDAP search filter and potentially bypass authentication constraints or cause unauthorized LDAP queries.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled server variable instead of REMOTE_USER (such as in certain proxy setups). An attacker able to control that value can manipulate the LDAP search filter and potentially bypass authentication constraints or cause unauthorized LDAP queries."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/MISP/MISP/commit/d7d671ea8f5822e91207dcad2003c35c30092a32"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "LDAP injection in MISP ApacheAuthenticate when using a user-controlled Apache environment variable",
"x_gcve": [
{
"recordType": "advisory",
"vulnId": "gcve-1-2026-0024"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"cveId": "CVE-2026-39962",
"datePublished": "2026-04-08T08:28:00.000Z",
"dateUpdated": "2026-04-09T04:44:04.936665Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "GCVE-1-2026-0024",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2026-04-08T08:28:26.044700Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2026-04-09T04:44:04.936665Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2026-0022
Vulnerability from gna-1 – Published: 2026-03-30 09:48 – Updated: 2026-03-30 09:48
VLAI?
Title
MISP - Beta Overmind UI Stored Cross-Site Scripting in Galaxy and Comment Fields
Summary
Stored XSS in the Overmind UI (not enabled by default) due to missing output escaping of galaxy cluster values and attribute comments, allowing malicious JavaScript execution when crafted content is viewed.
This issue affects misp: from 2.5.30 through 2.5.35 in the beta UI.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Relationships ?
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThanOrEqual": "2.5.35",
"status": "affected",
"version": "2.5.30",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bilal Teke"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Thomas Lacroix"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nStored XSS in the Overmind UI (not enabled by default) due to missing output escaping of galaxy cluster values and attribute comments, allowing malicious JavaScript execution when crafted content is viewed.\u003cbr\u003e\u003cp\u003eThis issue affects misp: from 2.5.30 through 2.5.35 in the beta UI.\u003c/p\u003e"
}
],
"value": "Stored XSS in the Overmind UI (not enabled by default) due to missing output escaping of galaxy cluster values and attribute comments, allowing malicious JavaScript execution when crafted content is viewed.\nThis issue affects misp: from 2.5.30 through 2.5.35 in the beta UI."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/MISP/MISP/commit/b9bc50c715a1e886889f063f14dec1a26e442227"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "MISP - Beta Overmind UI Stored Cross-Site Scripting in Galaxy and Comment Fields",
"x_gcve": [
{
"recordType": "advisory",
"vulnId": "gcve-1-2026-0022"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2026-03-30T09:48:36.968649Z",
"dateUpdated": "2026-03-30T09:48:36.968649Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "GCVE-1-2026-0022",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2026-03-30T09:48:36.968649Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2026-0019
Vulnerability from gna-1 – Published: 2026-02-27 14:55 – Updated: 2026-02-27 15:44
VLAI?
Title
Improper URL validation in MISP dashboard button widget allows external redirection
Summary
A vulnerability in the dashboard button widget component allows improper handling of user-supplied URLs, which could lead to unintended redirection to external websites.
Prior to the fix, the application directly embedded a user-controlled url parameter into an HTML anchor element without validating whether the target was a local path. An attacker able to influence widget configuration could supply a crafted URL containing an external scheme or host, causing users to be redirected to attacker-controlled websites when clicking the dashboard button.
The issue results from insufficient validation of URL components before rendering the link. The patch introduces strict parsing and validation using parse_url() to ensure that only relative paths beginning with / are accepted and rejects URLs containing a scheme, host, or user component.
If an invalid URL is detected, the application now renders a non-clickable button instead of a link.
Severity ?
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Relationships ?
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThanOrEqual": "2.5.32",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "remediation developer",
"value": "Sami Mokaddem"
},
{
"lang": "en",
"type": "finder",
"value": "Maxime ESCOURBIAC from Michelin CERT"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability in the dashboard button widget component allows improper handling of user-supplied URLs, which could lead to unintended redirection to external websites.\u003c/p\u003e\n\u003cp\u003ePrior to the fix, the application directly embedded a user-controlled \u003ccode\u003eurl\u003c/code\u003e parameter into an HTML anchor element without validating whether the target was a local path. An attacker able to influence widget configuration could supply a crafted URL containing an external scheme or host, causing users to be redirected to attacker-controlled websites when clicking the dashboard button.\u003c/p\u003e\n\u003cp\u003eThe issue results from insufficient validation of URL components before rendering the link. The patch introduces strict parsing and validation using \u003ccode\u003eparse_url()\u003c/code\u003e to ensure that only relative paths beginning with \u003ccode\u003e/\u003c/code\u003e are accepted and rejects URLs containing a scheme, host, or user component.\u003c/p\u003e\n\u003cp\u003eIf an invalid URL is detected, the application now renders a non-clickable button instead of a link.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability in the dashboard button widget component allows improper handling of user-supplied URLs, which could lead to unintended redirection to external websites.\n\n\nPrior to the fix, the application directly embedded a user-controlled url parameter into an HTML anchor element without validating whether the target was a local path. An attacker able to influence widget configuration could supply a crafted URL containing an external scheme or host, causing users to be redirected to attacker-controlled websites when clicking the dashboard button.\n\n\nThe issue results from insufficient validation of URL components before rendering the link. The patch introduces strict parsing and validation using parse_url() to ensure that only relative paths beginning with / are accepted and rejects URLs containing a scheme, host, or user component.\n\n\nIf an invalid URL is detected, the application now renders a non-clickable button instead of a link."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/MISP/MISP/commit/f02dafd5086990c6396524ed37ee76d07f23b854"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper URL validation in MISP dashboard button widget allows external redirection",
"x_gcve": [
{
"recordType": "advisory",
"vulnId": "gcve-1-2026-0019"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2026-02-27T14:55:00.000Z",
"dateUpdated": "2026-02-27T15:44:29.998063Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "gcve-1-2026-0019",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2026-02-27T14:55:29.840231Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2026-02-27T15:44:29.998063Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2026-0018
Vulnerability from gna-1 – Published: 2026-02-27 13:25 – Updated: 2026-02-27 13:25
VLAI?
Title
Improper access control in MISP user contact form allows cross-organisation email targeting
Summary
A flaw in the admin_email() action allowed a non–site-admin user to submit the contact/email form in a way that bypassed intended organisation restrictions. The server-side logic did not sufficiently verify that the recipient organisation provided in the request was one the user was authorized to target. As a result, an authenticated user could potentially send emails to users outside their own organisation by manipulating the recipient organisation selection (e.g., by tampering with request parameters).
Severity ?
CWE
Assigner
References
Credits
Relationships ?
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThanOrEqual": "2.5.",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maxime ESCOURBIAC from Michelin CERT"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Sami Mokaddem"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A flaw in the \u003ccode\u003eadmin_email()\u003c/code\u003e action allowed a non\u2013site-admin user to submit the contact/email form in a way that bypassed intended organisation restrictions. The server-side logic did not sufficiently verify that the recipient organisation provided in the request was one the user was authorized to target. As a result, an authenticated user could potentially send emails to users outside their own organisation by manipulating the recipient organisation selection (e.g., by tampering with request parameters)."
}
],
"value": "A flaw in the admin_email() action allowed a non\u2013site-admin user to submit the contact/email form in a way that bypassed intended organisation restrictions. The server-side logic did not sufficiently verify that the recipient organisation provided in the request was one the user was authorized to target. As a result, an authenticated user could potentially send emails to users outside their own organisation by manipulating the recipient organisation selection (e.g., by tampering with request parameters)."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/c7c11678dcb4f7040d3dab1f7af6b011fc3fd568"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper access control in MISP user contact form allows cross-organisation email targeting",
"x_gcve": [
{
"recordType": "advisory",
"vulnId": "gcve-1-2026-0018"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2026-02-27T13:25:32.632362Z",
"dateUpdated": "2026-02-27T13:25:32.632362Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "GCVE-1-2026-0018",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2026-02-27T13:25:32.632362Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2026-0016
Vulnerability from gna-1 – Published: 2026-02-27 10:56 – Updated: 2026-02-27 10:56
VLAI?
Title
Server-Side Request Forgery via Event Report Import From URL in MISP
Summary
A Server-Side Request Forgery (SSRF) vulnerability exists in the Event Report import from URL functionality of MISP prior to the fix introduced in commit `71fb543a1929de73a53a8ce645cb446f684ec243`.
The `importReportFromUrl` endpoint allowed authenticated users with sufficient privileges to instruct the MISP server to fetch content from arbitrary URLs without explicit administrator opt-in. Because requests were performed by the server itself, an attacker could cause the application to initiate HTTP requests to internal or otherwise restricted network resources.
This behavior could allow access to internal services reachable from the MISP host, potentially exposing sensitive information or enabling further network pivoting.
The issue has been addressed by gating the functionality behind a new configuration setting:
The feature is now disabled by default and must be explicitly enabled by an administrator. Additional UI and server-side checks were added to prevent access when the setting is not enabled.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Relationships ?
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThanOrEqual": "2.5.32",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "remediation developer",
"value": "Sami Mokaddem"
},
{
"lang": "en",
"type": "finder",
"value": "Maxime ESCOURBIAC from Michelin CERT"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Server-Side Request Forgery (SSRF) vulnerability exists in the\u0026nbsp;\u003ci\u003eEvent Report import from URL\u003c/i\u003e functionality of MISP prior to the fix introduced in commit `\u003ctt\u003e71fb543a1929de73a53a8ce645cb446f684ec243\u003c/tt\u003e`.\u003cbr\u003e\u003cbr\u003eThe `\u003ctt\u003eimportReportFromUrl\u003c/tt\u003e` endpoint allowed authenticated users with sufficient privileges to instruct the MISP server to fetch content from arbitrary URLs without explicit administrator opt-in. Because requests were performed by the server itself, an attacker could cause the application to initiate HTTP requests to internal or otherwise restricted network resources.\u003cbr\u003e\u003cbr\u003eThis behavior could allow access to internal services reachable from the MISP host, potentially exposing sensitive information or enabling further network pivoting.\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003eThe issue has been addressed by gating the functionality behind a new configuration setting:\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThe feature is now disabled by default and must be explicitly enabled by an administrator. Additional UI and server-side checks were added to prevent access when the setting is not enabled.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "A Server-Side Request Forgery (SSRF) vulnerability exists in the\u00a0Event Report import from URL functionality of MISP prior to the fix introduced in commit `71fb543a1929de73a53a8ce645cb446f684ec243`.\n\nThe `importReportFromUrl` endpoint allowed authenticated users with sufficient privileges to instruct the MISP server to fetch content from arbitrary URLs without explicit administrator opt-in. Because requests were performed by the server itself, an attacker could cause the application to initiate HTTP requests to internal or otherwise restricted network resources.\n\nThis behavior could allow access to internal services reachable from the MISP host, potentially exposing sensitive information or enabling further network pivoting.\n\nThe issue has been addressed by gating the functionality behind a new configuration setting:\n\n\n\n\nThe feature is now disabled by default and must be explicitly enabled by an administrator. Additional UI and server-side checks were added to prevent access when the setting is not enabled."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:N/VA:N/SC:L/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/MISP/MISP/commit/71fb543a1929de73a53a8ce645cb446f684ec243"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Server-Side Request Forgery via Event Report Import From URL in MISP",
"x_gcve": [
{
"recordType": "advisory",
"vulnId": "gcve-1-2026-0016"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2026-02-27T10:56:32.745676Z",
"dateUpdated": "2026-02-27T10:56:32.745676Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "gcve-1-2026-0016",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2026-02-27T10:56:32.745676Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2026-0003
Vulnerability from gna-1 – Published: 2026-01-13 10:50 – Updated: 2026-01-13 10:54
VLAI?
Title
Stored/Reflected XSS via Unsanitized Parameters in URL Generation and JavaScript Context
Summary
A cross-site scripting (XSS) vulnerability exists in the web application due to improper sanitization of user-controlled input when generating URLs and embedding parameters into JavaScript contexts.
In app/View/Elements/genericElements/SideMenu/side_menu.ctp, the $id parameter was passed directly into a JavaScript function call without HTML escaping, allowing an attacker to inject arbitrary JavaScript code via a crafted identifier.
In app/View/Templates/ajax/template_choices.ctp, user-controlled values (Template.id, $id, and template metadata) were embedded directly into an inline onClick handler and HTML attributes without sufficient context-aware escaping, enabling XSS through crafted URLs or manipulated template data.
An attacker able to supply or influence these parameters could craft malicious links that, when clicked by a victim, execute arbitrary JavaScript in the context of the authenticated user. This could lead to session hijacking, account takeover, or unauthorized actions within the application.
The issue requires user interaction (e.g., clicking a crafted link) to be exploited.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Relationships ?
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThanOrEqual": "2.5.31",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mathis Franel"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Sami Mokaddem"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA cross-site scripting (XSS) vulnerability exists in the web application due to improper sanitization of user-controlled input when generating URLs and embedding parameters into JavaScript contexts.\u003c/p\u003e\n\u003cp\u003eIn \u003ccode\u003eapp/View/Elements/genericElements/SideMenu/side_menu.ctp\u003c/code\u003e, the \u003ccode\u003e$id\u003c/code\u003e parameter was passed directly into a JavaScript function call without HTML escaping, allowing an attacker to inject arbitrary JavaScript code via a crafted identifier.\u003c/p\u003e\n\u003cp\u003eIn \u003ccode\u003eapp/View/Templates/ajax/template_choices.ctp\u003c/code\u003e, user-controlled values (\u003ccode\u003eTemplate.id\u003c/code\u003e, \u003ccode\u003e$id\u003c/code\u003e, and template metadata) were embedded directly into an inline \u003ccode\u003eonClick\u003c/code\u003e handler and HTML attributes without sufficient context-aware escaping, enabling XSS through crafted URLs or manipulated template data.\u003c/p\u003e\n\u003cp\u003eAn attacker able to supply or influence these parameters could craft malicious links that, when clicked by a victim, execute arbitrary JavaScript in the context of the authenticated user. This could lead to session hijacking, account takeover, or unauthorized actions within the application.\u003c/p\u003e\n\u003cp\u003eThe issue requires user interaction (e.g., clicking a crafted link) to be exploited.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "A cross-site scripting (XSS) vulnerability exists in the web application due to improper sanitization of user-controlled input when generating URLs and embedding parameters into JavaScript contexts.\n\n\nIn app/View/Elements/genericElements/SideMenu/side_menu.ctp, the $id parameter was passed directly into a JavaScript function call without HTML escaping, allowing an attacker to inject arbitrary JavaScript code via a crafted identifier.\n\n\nIn app/View/Templates/ajax/template_choices.ctp, user-controlled values (Template.id, $id, and template metadata) were embedded directly into an inline onClick handler and HTML attributes without sufficient context-aware escaping, enabling XSS through crafted URLs or manipulated template data.\n\n\nAn attacker able to supply or influence these parameters could craft malicious links that, when clicked by a victim, execute arbitrary JavaScript in the context of the authenticated user. This could lead to session hijacking, account takeover, or unauthorized actions within the application.\n\n\nThe issue requires user interaction (e.g., clicking a crafted link) to be exploited."
}
],
"impacts": [
{
"capecId": "CAPEC-18",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-18 XSS Targeting Non-Script Elements"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/MISP/MISP/commit/48e0376b535ea6d26d631d8259923a29f1a6de4e"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stored/Reflected XSS via Unsanitized Parameters in URL Generation and JavaScript Context",
"x_gcve": [
{
"recordType": "advisory",
"vulnId": "gcve-1-2026-0003"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2026-01-13T10:50:00.000Z",
"dateUpdated": "2026-01-13T10:54:13.659223Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "GCVE-1-2026-0003",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2026-01-13T10:50:48.587127Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2026-01-13T10:54:13.659223Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0040
Vulnerability from gna-1 – Published: 2025-12-13 08:44 – Updated: 2025-12-13 08:44
VLAI?
Summary
A cross-site scripting (XSS) vulnerability was identified in the event index table rendering logic related to organisation logos. The issue could allow attacker-controlled organisation names to be interpreted as executable HTML/JavaScript in a victim’s browser.
The vulnerability was caused by unsafe DOM manipulation in the onError handler of <img> elements used to display organisation logos in the event index view. When an organisation logo failed to load, the application replaced the image element using outerHTML, directly injecting the organisation name into the DOM. Under certain conditions, this could allow maliciously crafted organisation names to trigger XSS.
An authenticated attacker able to control organisation metadata (such as the organisation name) could potentially execute arbitrary JavaScript in the context of another user viewing the event index page. This may lead to session hijacking, UI manipulation, or other client-side attacks.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Relationships ?
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.29",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jeroen Pinoy"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eA cross-site scripting (XSS) vulnerability was identified in the event index table rendering logic related to organisation logos. The issue could allow attacker-controlled organisation names to be interpreted as executable HTML/JavaScript in a victim\u2019s browser.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThe vulnerability was caused by unsafe DOM manipulation in the \u003ccode\u003eonError\u003c/code\u003e handler of \u003ccode\u003e\u0026lt;img\u0026gt;\u003c/code\u003e elements used to display organisation logos in the event index view. When an organisation logo failed to load, the application replaced the image element using \u003ccode\u003eouterHTML\u003c/code\u003e, directly injecting the organisation name into the DOM. Under certain conditions, this could allow maliciously crafted organisation names to trigger XSS.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eAn authenticated attacker able to control organisation metadata (such as the organisation name) could potentially execute arbitrary JavaScript in the context of another user viewing the event index page. This may lead to session hijacking, UI manipulation, or other client-side attacks.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "A cross-site scripting (XSS) vulnerability was identified in the event index table rendering logic related to organisation logos. The issue could allow attacker-controlled organisation names to be interpreted as executable HTML/JavaScript in a victim\u2019s browser.\n\n\n\n\nThe vulnerability was caused by unsafe DOM manipulation in the onError handler of \u003cimg\u003e elements used to display organisation logos in the event index view. When an organisation logo failed to load, the application replaced the image element using outerHTML, directly injecting the organisation name into the DOM. Under certain conditions, this could allow maliciously crafted organisation names to trigger XSS.\n\n\n\n\nAn authenticated attacker able to control organisation metadata (such as the organisation name) could potentially execute arbitrary JavaScript in the context of another user viewing the event index page. This may lead to session hijacking, UI manipulation, or other client-side attacks."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/AU:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/MISP/MISP/commit/78b4859f1c033e4a53cf7ba049c39c056b6810ff"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_gcve": [
{
"recordType": "advisory",
"vulnId": "gcve-1-2025-0040"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-12-13T08:44:32.378924Z",
"dateUpdated": "2025-12-13T08:44:32.378924Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "gcve-1-2025-0040",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-12-13T08:44:32.378924Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0039
Vulnerability from gna-1 – Published: 2025-12-10 14:33 – Updated: 2025-12-10 14:33
VLAI?
Title
XSS Reintroduced in MISP Dashboard World Map Widget Due to Restored Widget Configuration Functionality
Summary
A cross-site scripting (XSS) vulnerability was identified in the MISP dashboard subsystem, specifically in the World Map dashboard widget and the supporting JavaScript logic that handles widget configuration and rendering.
A prior XSS fix related to unsafe handling of widget configuration and tooltip rendering had been in place, but the upgrade to GridStack 1.2 unintentionally broke dashboard widget configuration persistence. When the patch restored correct widget config handling, the previously mitigated XSS vector became reachable again.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Relationships ?
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.27",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jeroen Pinoy"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA cross-site scripting (XSS) vulnerability was identified in the MISP dashboard subsystem, specifically in the \u003cstrong\u003eWorld Map dashboard widget\u003c/strong\u003e and the supporting JavaScript logic that handles widget configuration and rendering.\u003c/p\u003e\n\u003cp\u003eA prior XSS fix related to unsafe handling of widget configuration and tooltip rendering had been in place, but the upgrade to \u003cstrong\u003eGridStack 1.2\u003c/strong\u003e unintentionally broke dashboard widget configuration persistence. When the patch restored correct widget config handling, the previously mitigated XSS vector became reachable again.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "A cross-site scripting (XSS) vulnerability was identified in the MISP dashboard subsystem, specifically in the World Map dashboard widget and the supporting JavaScript logic that handles widget configuration and rendering.\n\n\nA prior XSS fix related to unsafe handling of widget configuration and tooltip rendering had been in place, but the upgrade to GridStack 1.2 unintentionally broke dashboard widget configuration persistence. When the patch restored correct widget config handling, the previously mitigated XSS vector became reachable again."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/MISP/MISP/commit/e651e606f8a2cb2504fc21f2c453395666b68d4f"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XSS Reintroduced in MISP Dashboard World Map Widget Due to Restored Widget Configuration Functionality",
"x_gcve": [
{
"recordType": "advisory",
"vulnId": "gcve-1-2025-0039"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-12-10T14:33:52.856734Z",
"dateUpdated": "2025-12-10T14:33:52.856734Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "gcve-1-2025-0039",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-12-10T14:33:52.856734Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0038
Vulnerability from gna-1 – Published: 2025-12-10 14:10 – Updated: 2025-12-10 14:16
VLAI?
Title
Reflected XSS in MISP Template Tag Removal and MISP Admin User Filter Handling
Summary
A cross-site scripting (XSS) vulnerability was identified in two MISP views:
*
ajaxTemplateTag.ctp
*
Users/admin_index.ctp
1. ajaxTemplateTag.ctp
The JavaScript function call used for removing a template tag included both the tag ID and tag name.
Even though the tag name was escaped with h(), its placement inside a JavaScript string literal within an HTML attribute represents a fragile construction. Under specific conditions, crafted tag names containing special characters may break out of the JavaScript context, enabling XSS. The patch removes the unsafe second parameter:
By eliminating unnecessary exposure of user-controlled data to JavaScript, the potential XSS vector is removed.
2. Users/admin_index.ctp
The admin user list view passed unescaped filter parameters into the getPopup handler.
If $urlparams contained attacker-influenced content, a crafted URL could inject JavaScript that would execute when an administrator clicked “Modify filters.”
The vulnerabilities are classified as low impact and high difficulty, as noted in the patch. Exploitation requires:
*
The attacker to create or manipulate tag names or URL parameters in specific ways.
*
An administrator to interact with the affected UI elements (e.g., clicking “Remove tag” or “Modify filters”).
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Relationships ?
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.27",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jeroen Pinoy"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA cross-site scripting (XSS) vulnerability was identified in two MISP views:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eajaxTemplateTag.ctp\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eUsers/admin_index.ctp\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n1. \u003ccode\u003eajaxTemplateTag.ctp\u003c/code\u003e\n\u003cp\u003eThe JavaScript function call used for removing a template tag included both the tag ID and tag name.\u003c/p\u003e\u003cp\u003eEven though the tag name was escaped with \u003ccode\u003eh()\u003c/code\u003e, its placement inside a JavaScript string literal within an HTML attribute represents a fragile construction. Under specific conditions, crafted tag names containing special characters may break out of the JavaScript context, enabling XSS. The patch removes the unsafe second parameter:\u003cbr\u003e\u003c/p\u003e\u003cdiv\u003eBy eliminating unnecessary exposure of user-controlled data to JavaScript, the potential XSS vector is removed.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e2. \u003ccode\u003eUsers/admin_index.ctp\u003c/code\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThe admin user list view passed unescaped filter parameters into the \u003ccode\u003egetPopup\u003c/code\u003e handler.\u003cbr\u003e\u003cbr\u003eIf $urlparams contained attacker-influenced content, a crafted URL could inject JavaScript that would execute when an administrator clicked \u201cModify filters.\u201d\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eThe vulnerabilities are classified as \u003cstrong\u003elow impact\u003c/strong\u003e and \u003cstrong\u003ehigh difficulty\u003c/strong\u003e, as noted in the patch. Exploitation requires:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe attacker to create or manipulate tag names or URL parameters in specific ways.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAn administrator to interact with the affected UI elements (e.g., clicking \u201cRemove tag\u201d or \u201cModify filters\u201d).\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e"
}
],
"value": "A cross-site scripting (XSS) vulnerability was identified in two MISP views:\n\n\n\n * \najaxTemplateTag.ctp\n\n\n\n\n * \nUsers/admin_index.ctp\n\n\n\n\n\n\n\n1. ajaxTemplateTag.ctp\nThe JavaScript function call used for removing a template tag included both the tag ID and tag name.\n\nEven though the tag name was escaped with h(), its placement inside a JavaScript string literal within an HTML attribute represents a fragile construction. Under specific conditions, crafted tag names containing special characters may break out of the JavaScript context, enabling XSS. The patch removes the unsafe second parameter:\n\n\nBy eliminating unnecessary exposure of user-controlled data to JavaScript, the potential XSS vector is removed.\n\n\n\n\n2. Users/admin_index.ctp\n\n\n\n\nThe admin user list view passed unescaped filter parameters into the getPopup handler.\n\nIf $urlparams contained attacker-influenced content, a crafted URL could inject JavaScript that would execute when an administrator clicked \u201cModify filters.\u201d\n\n\n\n\nThe vulnerabilities are classified as low impact and high difficulty, as noted in the patch. Exploitation requires:\n\n\n\n * \nThe attacker to create or manipulate tag names or URL parameters in specific ways.\n\n\n\n\n * \nAn administrator to interact with the affected UI elements (e.g., clicking \u201cRemove tag\u201d or \u201cModify filters\u201d)."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/MISP/MISP/commit/27f65c52ab66fdc67e86883bd7f28b02a8f24aa0"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Reflected XSS in MISP Template Tag Removal and MISP Admin User Filter Handling",
"x_gcve": [
{
"recordType": "advisory",
"vulnId": "gcve-1-2025-0038"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-12-10T14:10:00.000Z",
"dateUpdated": "2025-12-10T14:16:55.918270Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "gcve-1-2025-0038",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-12-10T14:10:48.440939Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-12-10T14:16:55.918270Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0037
Vulnerability from gna-1 – Published: 2025-12-10 14:01 – Updated: 2025-12-10 14:01
VLAI?
Title
Reflected XSS in MISP Dashboard Widgets via Unescaped Base URL
Summary
A cross-site scripting (XSS) vulnerability was discovered in two dashboard widgets within the MISP application:
*
APIActivityWidget (app/Lib/Dashboard/APIActivityWidget.php)
*
LoginsWidget (app/Lib/Dashboard/LoginsWidget.php)
Both widgets construct HTML output using the instance’s base URL. While MISP.baseurl was properly HTML-escaped, the alternative configuration value MISP.external_baseurl was not escaped when read from configuration.
If an attacker with administrative privileges can set or influence the MISP.external_baseurl configuration value, they can inject arbitrary HTML or JavaScript, which will be rendered in the dashboard widgets of other site administrators. The issue was resolved by enforcing HTML escaping on the external base URL as well.
Because the affected widgets are only visible to administrators and the attack requires the attacker to already be a site administrator, the impact is limited. However, if exploited, an administrative user could inject JavaScript that executes in the browsers of other administrators viewing dashboard widgets, leading to:
*
Session hijacking within admin context (if cookies are accessible)
*
Execution of arbitrary actions as another site admin
*
Defacement or injection of misleading information into dashboards
This is considered low impact but with high exploitation requirements, as noted in the patch.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Relationships ?
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.27",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jeroen Pinoy"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA cross-site scripting (XSS) vulnerability was discovered in two dashboard widgets within the MISP application:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eAPIActivityWidget\u003c/code\u003e (\u003ccode\u003eapp/Lib/Dashboard/APIActivityWidget.php\u003c/code\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eLoginsWidget\u003c/code\u003e (\u003ccode\u003eapp/Lib/Dashboard/LoginsWidget.php\u003c/code\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBoth widgets construct HTML output using the instance\u2019s base URL. While \u003ccode\u003eMISP.baseurl\u003c/code\u003e was properly HTML-escaped, the alternative configuration value \u003ccode\u003eMISP.external_baseurl\u003c/code\u003e was not escaped when read from configuration.\u003c/p\u003e\u003cp\u003eIf an attacker with administrative privileges can set or influence the \u003ccode\u003eMISP.external_baseurl\u003c/code\u003e configuration value, they can inject arbitrary HTML or JavaScript, which will be rendered in the dashboard widgets of other site administrators. The issue was resolved by enforcing HTML escaping on the external base URL as well.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eBecause the affected widgets are only visible to administrators and the attack requires the attacker to already be a site administrator, the impact is limited. However, if exploited, an administrative user could inject JavaScript that executes in the browsers of other administrators viewing dashboard widgets, leading to:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSession hijacking within admin context (if cookies are accessible)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eExecution of arbitrary actions as another site admin\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDefacement or injection of misleading information into dashboards\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis is considered \u003cstrong\u003elow impact\u003c/strong\u003e but with \u003cstrong\u003ehigh exploitation requirements\u003c/strong\u003e, as noted in the patch.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A cross-site scripting (XSS) vulnerability was discovered in two dashboard widgets within the MISP application:\n\n\n\n * \nAPIActivityWidget (app/Lib/Dashboard/APIActivityWidget.php)\n\n\n\n\n * \nLoginsWidget (app/Lib/Dashboard/LoginsWidget.php)\n\n\n\n\n\n\n\nBoth widgets construct HTML output using the instance\u2019s base URL. While MISP.baseurl was properly HTML-escaped, the alternative configuration value MISP.external_baseurl was not escaped when read from configuration.\n\nIf an attacker with administrative privileges can set or influence the MISP.external_baseurl configuration value, they can inject arbitrary HTML or JavaScript, which will be rendered in the dashboard widgets of other site administrators. The issue was resolved by enforcing HTML escaping on the external base URL as well.\n\n\n\nBecause the affected widgets are only visible to administrators and the attack requires the attacker to already be a site administrator, the impact is limited. However, if exploited, an administrative user could inject JavaScript that executes in the browsers of other administrators viewing dashboard widgets, leading to:\n\n\n\n * \nSession hijacking within admin context (if cookies are accessible)\n\n\n\n\n * \nExecution of arbitrary actions as another site admin\n\n\n\n\n * \nDefacement or injection of misleading information into dashboards\n\n\n\n\n\n\n\nThis is considered low impact but with high exploitation requirements, as noted in the patch."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/cac45809bf2001d47e092d6efbb7965306a13148"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Reflected XSS in MISP Dashboard Widgets via Unescaped Base URL",
"x_gcve": [
{
"recordType": "advisory",
"vulnId": "gcve-1-2025-0037"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-12-10T14:01:03.200804Z",
"dateUpdated": "2025-12-10T14:01:03.200804Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "gcve-1-2025-0037",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-12-10T14:01:03.200804Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0036
Vulnerability from gna-1 – Published: 2025-12-10 13:46 – Updated: 2025-12-10 13:46
VLAI?
Title
A reflected cross-site scripting (XSS) vulnerability was identified in the MISp Servers preview index
Summary
A reflected cross-site scripting (XSS) vulnerability was identified in the Servers preview index view (app/View/Servers/preview_index.ctp). The view passes URL parameters directly into the onClickParams argument of the getPopup handler without proper HTML encoding.
Because $urlparams can be attacker-controlled, a specially crafted URL can inject arbitrary JavaScript into the generated page. When a site administrator follows such a malicious link and clicks the “Modify filters” button, the injected script is executed in their browser in the context of the application.
This issue has been fixed by ensuring that the URL parameters are HTML-escaped before being embedded.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Relationships ?
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.27",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jeroen Pinoy"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eA reflected cross-site scripting (XSS) vulnerability was identified in the \u003cem\u003eServers preview index\u003c/em\u003e view (\u003ccode\u003eapp/View/Servers/preview_index.ctp\u003c/code\u003e). The view passes URL parameters directly into the \u003ccode\u003eonClickParams\u003c/code\u003e argument of the \u003ccode\u003egetPopup\u003c/code\u003e handler without proper HTML encoding.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eBecause \u003ccode\u003e$urlparams\u003c/code\u003e can be attacker-controlled, a specially crafted URL can inject arbitrary JavaScript into the generated page. When a site administrator follows such a malicious link and clicks the \u003cstrong\u003e\u201cModify filters\u201d\u003c/strong\u003e button, the injected script is executed in their browser in the context of the application.\u003c/p\u003e\n\u003cp\u003eThis issue has been fixed by ensuring that the URL parameters are HTML-escaped before being embedded.\u003c/p\u003e\u003c/div\u003e"
}
],
"value": "A reflected cross-site scripting (XSS) vulnerability was identified in the Servers preview index view (app/View/Servers/preview_index.ctp). The view passes URL parameters directly into the onClickParams argument of the getPopup handler without proper HTML encoding.\n\n\nBecause $urlparams can be attacker-controlled, a specially crafted URL can inject arbitrary JavaScript into the generated page. When a site administrator follows such a malicious link and clicks the \u201cModify filters\u201d button, the injected script is executed in their browser in the context of the application.\n\n\nThis issue has been fixed by ensuring that the URL parameters are HTML-escaped before being embedded."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/185a9fac1a9de112488013ffb3513644d4a02d59"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A reflected cross-site scripting (XSS) vulnerability was identified in the MISp Servers preview index",
"x_gcve": [
{
"recordType": "advisory",
"vulnId": "gcve-1-2025-0036"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-12-10T13:46:07.170083Z",
"dateUpdated": "2025-12-10T13:46:07.170083Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "GCVE-1-2025-0036",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-12-10T13:46:07.170083Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0031 (CVE-2025-67906)
Vulnerability from gna-1 – Published: 2025-12-03 10:58 – Updated: 2025-12-16 09:36
VLAI?
Title
A cross-site scripting (XSS) vulnerability was identified in the MISP workflow execution-path view
Summary
A cross-site scripting (XSS) vulnerability was identified in the workflow execution-path view in app/View/Elements/Workflows/executionPath.ctp.
Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of the affected application. Depending on the privileges of the targeted user, this may lead to session hijacking, workflow manipulation, data exfiltration, or impersonation within the application.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Relationships ?
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThanOrEqual": "2.5.27",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Franck FERMAN"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Sami Mokaddem"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eA cross-site scripting (XSS) vulnerability was identified in the workflow execution-path view in \u003ccode\u003eapp/View/Elements/Workflows/executionPath.ctp\u003c/code\u003e.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\nSuccessful exploitation allows an attacker to execute arbitrary JavaScript in the context of the affected application. Depending on the privileges of the targeted user, this may lead to session hijacking, workflow manipulation, data exfiltration, or impersonation within the application.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "A cross-site scripting (XSS) vulnerability was identified in the workflow execution-path view in app/View/Elements/Workflows/executionPath.ctp.\n\n\n\n\n\nSuccessful exploitation allows an attacker to execute arbitrary JavaScript in the context of the affected application. Depending on the privileges of the targeted user, this may lead to session hijacking, workflow manipulation, data exfiltration, or impersonation within the application."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/1f39deb572da7ecb5855e30ff3cc8cbcaa0c1054"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A cross-site scripting (XSS) vulnerability was identified in the MISP workflow execution-path view",
"x_gcve": [
{
"recordType": "advisory",
"vulnId": "gcve-1-2025-0031"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"cveId": "CVE-2025-67906",
"datePublished": "2025-12-03T10:58:00.000Z",
"dateUpdated": "2025-12-16T09:36:09.594750Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "gcve-1-2025-0031",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-12-03T10:58:19.835041Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-12-15T21:57:21.449881Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-12-16T09:36:09.594750Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0030
Vulnerability from gna-1 – Published: 2025-12-03 10:53 – Updated: 2025-12-03 10:58
VLAI?
Title
A cross-site scripting (XSS) vulnerability in the MISP “actions” table element template
Summary
A cross-site scripting (XSS) vulnerability in the “actions” table element template in app/View/Elements/genericElements/IndexTable/Fields/actions.ctp allows an attacker to inject arbitrary JavaScript code into the generated HTML.
Successful exploitation allows execution of arbitrary JavaScript in the context of the affected web application, potentially leading to session hijacking, data exfiltration, or UI redressing, depending on the permissions of the targeted user.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Relationships ?
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.27",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Louis PLUVIOSE"
},
{
"lang": "en",
"type": "finder",
"value": "Mathis FRANEL"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eA cross-site scripting (XSS) vulnerability in the \u201cactions\u201d table element template in \u003ccode\u003eapp/View/Elements/genericElements/IndexTable/Fields/actions.ctp\u003c/code\u003e allows an attacker to inject arbitrary JavaScript code into the generated HTML.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\nSuccessful exploitation allows execution of arbitrary JavaScript in the context of the affected web application, potentially leading to session hijacking, data exfiltration, or UI redressing, depending on the permissions of the targeted user.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "A cross-site scripting (XSS) vulnerability in the \u201cactions\u201d table element template in app/View/Elements/genericElements/IndexTable/Fields/actions.ctp allows an attacker to inject arbitrary JavaScript code into the generated HTML.\n\n\n\n\n\nSuccessful exploitation allows execution of arbitrary JavaScript in the context of the affected web application, potentially leading to session hijacking, data exfiltration, or UI redressing, depending on the permissions of the targeted user."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/c7b833839138fd3cef1a225f54863540d72a2fac"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A cross-site scripting (XSS) vulnerability in the MISP \u201cactions\u201d table element template",
"x_gcve": [
{
"recordType": "advisory",
"vulnId": "gcve-1-2025-0030"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-12-03T10:53:00.000Z",
"dateUpdated": "2025-12-03T10:58:55.845341Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "gcve-1-2025-0030",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-12-03T10:53:30.664179Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-12-03T10:58:55.845341Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0029
Vulnerability from gna-1 – Published: 2025-11-27 12:41 – Updated: 2025-11-27 12:48
VLAI?
Title
Reflected cross-site scripting (XSS) vulnerabilities in EventGraph and Template Upload
Summary
MISP contained two reflected cross-site scripting (XSS) vulnerabilities affecting:
*
EventGraph deletion confirmation form (eventGraph_delete_form.ctp)
*
Template file upload form (upload_file.ctp)
Before commit bd3ef20956e680fe12b3faf529efaaaee3e412dc, both templates used unvalidated numeric identifiers ($id and $element_id) directly in the rendered page. An attacker could craft a malicious request with a specially crafted non-numeric value for these parameters, causing untrusted data to be reflected into the HTML or JavaScript context of the forms—triggering arbitrary JavaScript execution in the browser of a logged-in user.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Relationships ?
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dawid Czarnecki of Zigrin Security"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMISP contained two reflected cross-site scripting (XSS) vulnerabilities affecting:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eEventGraph\u003c/code\u003e deletion confirmation form\u003c/strong\u003e (\u003ccode\u003eeventGraph_delete_form.ctp\u003c/code\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eTemplate file upload form\u003c/strong\u003e (\u003ccode\u003eupload_file.ctp\u003c/code\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eBefore commit \u003ccode\u003ebd3ef20956e680fe12b3faf529efaaaee3e412dc\u003c/code\u003e, both templates used unvalidated numeric identifiers (\u003ccode\u003e$id\u003c/code\u003e and \u003ccode\u003e$element_id\u003c/code\u003e) directly in the rendered page. An attacker could craft a malicious request with a specially crafted non-numeric value for these parameters, causing untrusted data to be reflected into the HTML or JavaScript context of the forms\u2014triggering arbitrary JavaScript execution in the browser of a logged-in user.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "MISP contained two reflected cross-site scripting (XSS) vulnerabilities affecting:\n\n\n\n * \nEventGraph deletion confirmation form (eventGraph_delete_form.ctp)\n\n\n\n\n * \nTemplate file upload form (upload_file.ctp)\n\n\n\n\n\nBefore commit bd3ef20956e680fe12b3faf529efaaaee3e412dc, both templates used unvalidated numeric identifiers ($id and $element_id) directly in the rendered page. An attacker could craft a malicious request with a specially crafted non-numeric value for these parameters, causing untrusted data to be reflected into the HTML or JavaScript context of the forms\u2014triggering arbitrary JavaScript execution in the browser of a logged-in user."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/bd3ef20956e680fe12b3faf529efaaaee3e412dc"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Reflected cross-site scripting (XSS) vulnerabilities in EventGraph and Template Upload",
"x_gcve": [
{
"recordType": "advisory",
"vulnId": "gcve-1-2025-0029"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-11-27T12:41:00.000Z",
"dateUpdated": "2025-11-27T12:48:51.085860Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "GCVE-1-2025-0029",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-11-27T12:41:37.265185Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-11-27T12:42:20.272359Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-11-27T12:48:51.085860Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0028
Vulnerability from gna-1 – Published: 2025-11-27 07:23 – Updated: 2025-12-02 08:51
VLAI?
Title
Information leakage vulnerability in the MISP Feed configuration interface
Summary
MISP contained an information leakage vulnerability in the Feed configuration interface when tag collections were used and the “JSONified list” view was accessed. As a result, sensitive fields such as full user records, organisation metadata, or other internal attributes could be exposed to users who should not have had access to them when viewing the JSON output of feed configurations.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Credits
Relationships ?
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.12",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lassi Kapanen of Second Nature Security"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
},
{
"lang": "en",
"type": "finder",
"value": "Teemu Hakkarainen of Second Nature Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "MISP contained an information leakage vulnerability in the \u003cem\u003eFeed configuration\u003c/em\u003e interface when tag collections were used and the \u201cJSONified list\u201d view was accessed. As a result, sensitive fields such as full user records, organisation metadata, or other internal attributes could be exposed to users who should not have had access to them when viewing the JSON output of feed configurations."
}
],
"value": "MISP contained an information leakage vulnerability in the Feed configuration interface when tag collections were used and the \u201cJSONified list\u201d view was accessed. As a result, sensitive fields such as full user records, organisation metadata, or other internal attributes could be exposed to users who should not have had access to them when viewing the JSON output of feed configurations."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/misp/misp/commit/ffe3be4da6fa99fffc85534d730a469c06cd38d8"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information leakage vulnerability in the MISP Feed configuration interface",
"x_gcve": [
{
"recordType": "advisory",
"vulnId": "gcve-1-2025-0028"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-11-27T07:23:00.000Z",
"dateUpdated": "2025-12-02T08:51:35.429494Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "gcve-1-2025-0028",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-11-27T07:23:20.592344Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-12-02T08:51:35.429494Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0027
Vulnerability from gna-1 – Published: 2025-11-27 07:17 – Updated: 2025-12-02 08:51
VLAI?
Title
Reflected cross-site scripting (XSS) vulnerability in the server edit functionality of MISP
Summary
A reflected cross-site scripting (XSS) vulnerability was discovered in the server edit functionality of MISP. In serverRuleElements/pull.ctp and serverRuleElements/push.ctp, the id (server ID) value was written directly into an inline JavaScript variable (var serverID = "…"), without HTML escaping. A remote attacker could craft a URL with a malicious id value that, when visited by an authenticated user with access to the server edit interface, would result in arbitrary JavaScript execution in the victim’s browser.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Relationships ?
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.12",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lassi Kapanen of Second Nature Security"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
},
{
"lang": "en",
"type": "finder",
"value": "Teemu Hakkarainen of Second Nature Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A reflected cross-site scripting (XSS) vulnerability was discovered in the \u003cem\u003eserver edit\u003c/em\u003e functionality of MISP. In \u003ccode\u003eserverRuleElements/pull.ctp\u003c/code\u003e and \u003ccode\u003eserverRuleElements/push.ctp\u003c/code\u003e, the \u003ccode\u003eid\u003c/code\u003e (server ID) value was written directly into an inline JavaScript variable (\u003ccode\u003evar serverID = \"\u2026\"\u003c/code\u003e), without HTML escaping. A remote attacker could craft a URL with a malicious \u003ccode\u003eid\u003c/code\u003e value that, when visited by an authenticated user with access to the server edit interface, would result in arbitrary JavaScript execution in the victim\u2019s browser. \u003cbr\u003e"
}
],
"value": "A reflected cross-site scripting (XSS) vulnerability was discovered in the server edit functionality of MISP. In serverRuleElements/pull.ctp and serverRuleElements/push.ctp, the id (server ID) value was written directly into an inline JavaScript variable (var serverID = \"\u2026\"), without HTML escaping. A remote attacker could craft a URL with a malicious id value that, when visited by an authenticated user with access to the server edit interface, would result in arbitrary JavaScript execution in the victim\u2019s browser."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/misp/misp/commit/b24e37a6c78199a4c68bb3b95f53d37962973d86"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Reflected cross-site scripting (XSS) vulnerability in the server edit functionality of MISP",
"x_gcve": [
{
"recordType": "advisory",
"vulnId": "gcve-1-2025-0027"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-11-27T07:17:00.000Z",
"dateUpdated": "2025-12-02T08:51:04.323899Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "gcve-1-2025-0027",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-11-27T07:17:57.069969Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-11-27T07:24:10.363842Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-12-02T08:51:04.323899Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0026
Vulnerability from gna-1 – Published: 2025-11-26 16:35 – Updated: 2025-12-02 08:50
VLAI?
Title
Reflected cross-site scripting (XSS) vulnerability in the Server Edit interface,
Summary
MISP contained a reflected cross-site scripting (XSS) vulnerability in the Server Edit interface, specifically within the JavaScript initialization code of the push and pull filtering rule elements. Prior to commit b24e37a6c78199a4c68bb3b95f53d37962973d86, the id parameter (server ID) was embedded directly into a JavaScript string without HTML escaping. A maliciously crafted id value containing JavaScript or special characters could be reflected into the page and executed when an authenticated user visited the server edit page.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Relationships ?
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.12",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lassi Kapanen of Second Nature Security"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
},
{
"lang": "en",
"type": "finder",
"value": "Teemu Hakkarainen of Second Nature Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "MISP contained a reflected cross-site scripting (XSS) vulnerability in the \u003cem\u003eServer Edit\u003c/em\u003e interface, specifically within the JavaScript initialization code of the push and pull filtering rule elements. Prior to commit \u003ccode\u003eb24e37a6c78199a4c68bb3b95f53d37962973d86\u003c/code\u003e, the \u003ccode\u003eid\u003c/code\u003e parameter (server ID) was embedded directly into a JavaScript string without HTML escaping.\u0026nbsp;A maliciously crafted \u003ccode\u003eid\u003c/code\u003e value containing JavaScript or special characters could be reflected into the page and executed when an authenticated user visited the server edit page."
}
],
"value": "MISP contained a reflected cross-site scripting (XSS) vulnerability in the Server Edit interface, specifically within the JavaScript initialization code of the push and pull filtering rule elements. Prior to commit b24e37a6c78199a4c68bb3b95f53d37962973d86, the id parameter (server ID) was embedded directly into a JavaScript string without HTML escaping.\u00a0A maliciously crafted id value containing JavaScript or special characters could be reflected into the page and executed when an authenticated user visited the server edit page."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/misp/misp/commit/b24e37a6c78199a4c68bb3b95f53d37962973d86"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Reflected cross-site scripting (XSS) vulnerability in the Server Edit interface,",
"x_gcve": [
{
"recordType": "advisory",
"vulnId": "gcve-1-2025-0026"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-11-26T16:35:00.000Z",
"dateUpdated": "2025-12-02T08:50:46.381572Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "GCVE-1-2025-0026",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-11-26T16:35:06.666237Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-12-02T08:50:46.381572Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0025
Vulnerability from gna-1 – Published: 2025-11-26 16:27 – Updated: 2025-12-02 08:50
VLAI?
Title
Reflected cross-site scripting (XSS) vulnerability in the MISP Attribute Replacement Tool
Summary
MISP contained a reflected cross-site scripting (XSS) vulnerability in the Attribute Replacement Tool. Prior to commit f20e93e289998290946d56273528d2a4dc1c57fc, the event_id parameter was inserted into both the form action URL and an inline JavaScript handler without proper HTML-escaping. A malicious actor could craft a link with a specially crafted event_id value containing JavaScript, which would then be reflected back to the user and executed when the page was rendered.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Relationships ?
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.12",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lassi Kapanen of Second Nature Security"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
},
{
"lang": "en",
"type": "finder",
"value": "Teemu Hakkarainen of Second Nature Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "MISP contained a reflected cross-site scripting (XSS) vulnerability in the \u003cem\u003eAttribute Replacement Tool\u003c/em\u003e. Prior to commit \u003ccode\u003ef20e93e289998290946d56273528d2a4dc1c57fc\u003c/code\u003e, the \u003ccode\u003eevent_id\u003c/code\u003e parameter was inserted into both the form action URL and an inline JavaScript handler without proper HTML-escaping. A malicious actor could craft a link with a specially crafted \u003ccode\u003eevent_id\u003c/code\u003e value containing JavaScript, which would then be reflected back to the user and executed when the page was rendered."
}
],
"value": "MISP contained a reflected cross-site scripting (XSS) vulnerability in the Attribute Replacement Tool. Prior to commit f20e93e289998290946d56273528d2a4dc1c57fc, the event_id parameter was inserted into both the form action URL and an inline JavaScript handler without proper HTML-escaping. A malicious actor could craft a link with a specially crafted event_id value containing JavaScript, which would then be reflected back to the user and executed when the page was rendered."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/misp/misp/commit/f20e93e289998290946d56273528d2a4dc1c57fc"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Reflected cross-site scripting (XSS) vulnerability in the MISP Attribute Replacement Tool",
"x_gcve": [
{
"recordType": "advisory",
"vulnId": "gcve-1-2025-0025"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-11-26T16:27:00.000Z",
"dateUpdated": "2025-12-02T08:50:18.897756Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "GCVE-1-2025-0025",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-11-26T16:27:43.742150Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-11-26T16:29:13.941057Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-12-02T08:50:18.897756Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2026-AVI-0229
Vulnerability from certfr_avis - Published: 2026-03-02 - Updated: 2026-03-02
De multiples vulnérabilités ont été découvertes dans MISP. Certaines d'entre elles permettent à un attaquant de provoquer une falsification de requêtes côté serveur (SSRF), une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MISP versions ant\u00e9rieures \u00e0 2.5.33",
"product": {
"name": "MISP",
"vendor": {
"name": "MISP",
"scada": false
}
}
},
{
"description": "MISP modules versions ant\u00e9rieures \u00e0 3.0.5",
"product": {
"name": "MISP",
"vendor": {
"name": "MISP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2026-03-02T00:00:00",
"last_revision_date": "2026-03-02T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0229",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans MISP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF), une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans MISP",
"vendor_advisories": [
{
"published_at": "2026-03-02",
"title": "Bulletin de s\u00e9curit\u00e9 MISP",
"url": "https://www.misp-project.org/security/"
}
]
}
CERTFR-2026-AVI-0030
Vulnerability from certfr_avis - Published: 2026-01-13 - Updated: 2026-01-13
Une vulnérabilité a été découverte dans MISP. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MISP versions ant\u00e9rieures \u00e0 2.5.32",
"product": {
"name": "MISP",
"vendor": {
"name": "MISP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2026-01-13T00:00:00",
"last_revision_date": "2026-01-13T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0030",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans MISP. Elle permet \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).",
"title": "Vuln\u00e9rabilit\u00e9 dans MISP",
"vendor_advisories": [
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 MISP",
"url": "https://www.misp-project.org/security/"
}
]
}
CERTFR-2025-AVI-1076
Vulnerability from certfr_avis - Published: 2025-12-08 - Updated: 2025-12-24
De multiples vulnérabilités ont été découvertes dans MISP. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MISP versions ant\u00e9rieures \u00e0 2.5.27",
"product": {
"name": "MISP",
"vendor": {
"name": "MISP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-67906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67906"
}
],
"initial_release_date": "2025-12-08T00:00:00",
"last_revision_date": "2025-12-24T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1076",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-08T00:00:00.000000"
},
{
"description": "Ajout de la vuln\u00e9rabilit\u00e9 CVE-2025-67906",
"revision_date": "2025-12-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans MISP. Elles permettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans MISP",
"vendor_advisories": [
{
"published_at": "2025-12-07",
"title": "Bulletin de s\u00e9curit\u00e9 MISP",
"url": "https://www.misp-project.org/security/"
}
]
}
CERTFR-2025-AVI-1045
Vulnerability from certfr_avis - Published: 2025-11-27 - Updated: 2025-11-28
Une vulnérabilité a été découverte dans MISP. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MISP versions ant\u00e9rieures \u00e0 2.5.26",
"product": {
"name": "MISP",
"vendor": {
"name": "MISP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2025-11-27T00:00:00",
"last_revision_date": "2025-11-28T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1045",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-27T00:00:00.000000"
},
{
"description": "Ajout r\u00e9f\u00e9rence CVE",
"revision_date": "2025-11-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans MISP. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Vuln\u00e9rabilit\u00e9 dans MISP",
"vendor_advisories": [
{
"published_at": "2025-12-07",
"title": "Bulletin de s\u00e9curit\u00e9 MISP",
"url": "https://www.misp-project.org/security/"
}
]
}