Righel

**Name of the Vulnerable Software and Affected Versions** MISP version 2.4.174 **Description** An issue exists in the DashboardsController.php file, specifically a reflected XSS issue via the `id` parameter when editing a dashboard. **Recommendations** For MISP version 2.4.174, consider disabling the `id` parameter in the DashboardsController.php file until a patch is available. Restrict access to the DashboardsController.php file to minimize the risk of exploitation. Avoid using the `id` parameter in the affected dashboard edit functionality until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MISP version 2.4.148 **Description** The issue allows SQL injection via the `app/Model/Log.php` `$conditions['org']` value in certain configurations. **Recommendations** For MISP version 2.4.148, consider restricting access to the `app/Model/Log.php` file until a patch is available. As a temporary workaround, avoid using the `$conditions['org']` value in the affected configuration to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.