Fukusuket

#9827of 53,632
28.1Total CVSS
Vulnerabilities · 4
Medium
3
Critical
1
PT-2024-36400
6.1
2024-12-04
Misp · Misp · CVE-2024-54674
**Name of the Vulnerable Software and Affected Versions** MISP versions 2.5.2 and earlier **Description** The issue is related to stored Cross Site Scripting (XSS) in the MISP Galaxy Cluster Export Function. This occurs when exporting custom clusters into the misp-galaxy format. The file `app/View/GalaxyClusters/cluster export misp galaxy.ctp` is specifically affected. **Recommendations** For versions 2.5.2 and earlier, consider disabling the export function of custom clusters to the misp-galaxy format until a patch is available. Restrict access to the `cluster export misp galaxy.ctp` file to minimize the risk of exploitation.
PT-2024-36401
6.1
2024-12-04
Misp · Misp · CVE-2024-54675
**Name of the Vulnerable Software and Affected Versions** MISP versions through 2.5.2 **Description** The issue is related to stored Cross Site Scripting (XSS) in the editor interface for an ad-hoc workflow, specifically in the file app/webroot/js/workflows-editor/workflows-editor.js. **Recommendations** For versions through 2.5.2, consider disabling the workflows-editor interface until a patch is available. Restrict access to the app/webroot/js/workflows-editor/workflows-editor.js file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-31711
9.8
2023-12-15
Misp · Misp · CVE-2023-50918
**Name of the Vulnerable Software and Affected Versions** MISP versions prior to 2.4.182 **Description** The issue is related to the mishandling of ACLs for audit logs in the app/Controller/AuditLogsController.php file. **Recommendations** For versions prior to 2.4.182, update to version 2.4.182 or later to resolve the issue.
PT-2023-31413
6.1
2023-12-03
Misp · Misp · CVE-2023-49926
**Name of the Vulnerable Software and Affected Versions** MISP versions prior to 2.4.179 **Description** The issue allows for XSS in the event timeline widget. This is due to a problem in the app/Lib/Tools/EventTimelineTool.php file. **Recommendations** For versions prior to 2.4.179, update to version 2.4.179 or later to resolve the issue. As a temporary workaround, consider restricting access to the event timeline widget until the update is applied.