Mokaddem

**Name of the Vulnerable Software and Affected Versions** Cerebrate versions prior to 1.15 **Description** The issue is related to the lack of the Secure attribute for the session cookie. This means that the session cookie is transmitted over an insecure channel, potentially allowing an attacker to intercept and exploit it. **Recommendations** For versions prior to 1.15, update to version 1.15 or later to ensure the Secure attribute is set for the session cookie, thereby encrypting the transmission of the session cookie.

**Name of the Vulnerable Software and Affected Versions** MISP versions prior to 2.4.169 **Description** The issue allows for XSS via the event-graph relationship tooltip in the js/event-graph.js file. **Recommendations** For versions prior to 2.4.169, update to version 2.4.169 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: MISP version 2.4.147 Description: The issue allows Stored XSS when viewing galaxy cluster elements in JSON format. This occurs in the app/View/GalaxyElements/ajax/index.ctp file. Recommendations: For MISP version 2.4.147, update to a version that contains a fix for this issue to prevent Stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the app/View/GalaxyElements/ajax/index.ctp file or disabling the viewing of galaxy cluster elements in JSON format until a patch is available.

Name of the Vulnerable Software and Affected Versions: MISP version 2.4.144 Description: The issue is related to the `app/View/Elements/genericElements/IndexTable/Fields/generic field.ctp` file in MISP, which does not properly sanitize certain data related to `generic-template:index`. Recommendations: For MISP version 2.4.144, at the moment, there is no information about a newer version that contains a fix for this vulnerability.