Search criteria
48 vulnerabilities found for malware_information_sharing_platform by misp-project
FKIE_CVE-2023-48656
Vulnerability from fkie_nvd - Published: 2023-11-17 05:15 - Updated: 2024-11-21 08:32
Severity
Summary
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| misp-project | malware_information_sharing_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BBA7CBC-4331-4A5C-A738-3AC216AFC03A",
"versionEndExcluding": "2.4.176",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en MISP antes de la versi\u00f3n 2.4.176. app/Model/AppModel.php maneja mal las cl\u00e1usulas de pedido."
}
],
"id": "CVE-2023-48656",
"lastModified": "2024-11-21T08:32:12.333",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-17T05:15:12.690",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/MISP/MISP/commit/d6ad402b31547c95280a6d8320f8f87a8f609074"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"source": "cve@mitre.org",
"url": "https://zigrin.com/advisories/misp-blind-sql-injection-in-order-parameter/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/MISP/MISP/commit/d6ad402b31547c95280a6d8320f8f87a8f609074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://zigrin.com/advisories/misp-blind-sql-injection-in-order-parameter/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-48657
Vulnerability from fkie_nvd - Published: 2023-11-17 05:15 - Updated: 2024-11-21 08:32
Severity
Summary
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| misp-project | malware_information_sharing_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BBA7CBC-4331-4A5C-A738-3AC216AFC03A",
"versionEndExcluding": "2.4.176",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en MISP antes de la versi\u00f3n 2.4.176. app/Model/AppModel.php maneja mal los filtros."
}
],
"id": "CVE-2023-48657",
"lastModified": "2024-11-21T08:32:12.510",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-17T05:15:12.740",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/MISP/MISP/commit/08bd23281ead288de678de666ef43ed6de1899fc"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Release Notes"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"source": "cve@mitre.org",
"url": "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/MISP/MISP/commit/08bd23281ead288de678de666ef43ed6de1899fc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Release Notes"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-48659
Vulnerability from fkie_nvd - Published: 2023-11-17 05:15 - Updated: 2024-11-21 08:32
Severity
Summary
An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| misp-project | malware_information_sharing_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BBA7CBC-4331-4A5C-A738-3AC216AFC03A",
"versionEndExcluding": "2.4.176",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en MISP antes de la versi\u00f3n 2.4.176. app/Controller/AppController.php maneja mal el an\u00e1lisis de par\u00e1metros."
}
],
"id": "CVE-2023-48659",
"lastModified": "2024-11-21T08:32:12.820",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-17T05:15:12.847",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/MISP/MISP/commit/37ecf81b84a01baa4d4b1fade4de94a9018c32ed"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Release Notes"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"source": "cve@mitre.org",
"url": "https://zigrin.com/advisories/misp-reflected-cross-site-scripting-in-galaxies/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/MISP/MISP/commit/37ecf81b84a01baa4d4b1fade4de94a9018c32ed"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Release Notes"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://zigrin.com/advisories/misp-reflected-cross-site-scripting-in-galaxies/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-48655
Vulnerability from fkie_nvd - Published: 2023-11-17 05:15 - Updated: 2024-11-21 08:32
Severity
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| misp-project | malware_information_sharing_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BBA7CBC-4331-4A5C-A738-3AC216AFC03A",
"versionEndExcluding": "2.4.176",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en MISP antes de la versi\u00f3n 2.4.176. app/Controller/Component/IndexFilterComponent.php no filtra correctamente los par\u00e1metros de consulta."
}
],
"id": "CVE-2023-48655",
"lastModified": "2024-11-21T08:32:12.087",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-11-17T05:15:12.640",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/MISP/MISP/commit/158c8b2f788b75e0d26e9249a75e1be291e59d4b"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"source": "cve@mitre.org",
"url": "https://zigrin.com/advisories/misp-blind-sql-injection-in-array-input-parameters/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/MISP/MISP/commit/158c8b2f788b75e0d26e9249a75e1be291e59d4b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://zigrin.com/advisories/misp-blind-sql-injection-in-array-input-parameters/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-48658
Vulnerability from fkie_nvd - Published: 2023-11-17 05:15 - Updated: 2024-11-21 08:32
Severity
Summary
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| misp-project | malware_information_sharing_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BBA7CBC-4331-4A5C-A738-3AC216AFC03A",
"versionEndExcluding": "2.4.176",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en MISP antes de la versi\u00f3n 2.4.176. app/Model/AppModel.php carece de una funci\u00f3n checkParam para caracteres alfanum\u00e9ricos, guiones bajos, guiones, puntos y espacios."
}
],
"id": "CVE-2023-48658",
"lastModified": "2024-11-21T08:32:12.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-17T05:15:12.793",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/MISP/MISP/commit/168621521b57b2437331174186f84a6aa3e71f0d"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Release Notes"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"source": "cve@mitre.org",
"url": "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/MISP/MISP/commit/168621521b57b2437331174186f84a6aa3e71f0d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Release Notes"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-37306
Vulnerability from fkie_nvd - Published: 2023-06-30 17:15 - Updated: 2024-11-21 08:11
Severity
Summary
MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| misp-project | malware_information_sharing_platform | 2.4.172 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:misp-project:malware_information_sharing_platform:2.4.172:*:*:*:*:*:*:*",
"matchCriteriaId": "08CB9C04-9845-4D45-B9A3-D473B10E5E0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages."
}
],
"id": "CVE-2023-37306",
"lastModified": "2024-11-21T08:11:27.000",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-30T17:15:09.757",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/MISP/MISP/commit/f125630c1c2d0f5d11079d3653ab7bb2ab5cd908"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/MISP/MISP/commit/f125630c1c2d0f5d11079d3653ab7bb2ab5cd908"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-37307
Vulnerability from fkie_nvd - Published: 2023-06-30 17:15 - Updated: 2024-11-21 08:11
Severity
Summary
In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| misp-project | malware_information_sharing_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B85DED7-7D47-4040-B652-630964AF10A1",
"versionEndExcluding": "2.4.172",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts."
}
],
"id": "CVE-2023-37307",
"lastModified": "2024-11-21T08:11:27.160",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-30T17:15:09.800",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/176975/MISP-2.4.171-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/MISP/MISP/commit/286c84fab0047726a6a396ceefaae1bb666fc485"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Product"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.171...v2.4.172"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://zigrin.com/advisories/misp-stored-xss/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/176975/MISP-2.4.171-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/MISP/MISP/commit/286c84fab0047726a6a396ceefaae1bb666fc485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Product"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.171...v2.4.172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://zigrin.com/advisories/misp-stored-xss/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-28884
Vulnerability from fkie_nvd - Published: 2023-03-27 03:15 - Updated: 2024-11-21 07:56
Severity
Summary
In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| misp-project | malware_information_sharing_platform | 2.4.169 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:misp-project:malware_information_sharing_platform:2.4.169:*:*:*:*:*:*:*",
"matchCriteriaId": "25FB0E6F-32FA-4A98-87BC-723C1484FE57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index."
}
],
"id": "CVE-2023-28884",
"lastModified": "2024-11-21T07:56:13.503",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-27T03:15:07.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/MISP/MISP/commit/b94c7978e5e6b1db369abeedbbf00bca975b08b7"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://zigrin.com/advisories/misp-dom-based-xss/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/MISP/MISP/commit/b94c7978e5e6b1db369abeedbbf00bca975b08b7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://zigrin.com/advisories/misp-dom-based-xss/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-28606
Vulnerability from fkie_nvd - Published: 2023-03-18 18:15 - Updated: 2025-02-26 19:15
Severity
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| misp-project | malware_information_sharing_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E5675A8-EDC0-493D-9A7F-DF05832BCFBC",
"versionEndExcluding": "2.4.169",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips."
}
],
"id": "CVE-2023-28606",
"lastModified": "2025-02-26T19:15:19.193",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-03-18T18:15:54.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/MISP/MISP/commit/30255b8d683df4ec54f856282b3bde9106d5ae1a"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.168...v2.4.169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/MISP/MISP/commit/30255b8d683df4ec54f856282b3bde9106d5ae1a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.168...v2.4.169"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-28607
Vulnerability from fkie_nvd - Published: 2023-03-18 18:15 - Updated: 2025-02-26 21:15
Severity
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| misp-project | malware_information_sharing_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E5675A8-EDC0-493D-9A7F-DF05832BCFBC",
"versionEndExcluding": "2.4.169",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip."
}
],
"id": "CVE-2023-28607",
"lastModified": "2025-02-26T21:15:16.313",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-03-18T18:15:54.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/MISP/MISP/commit/78f423451a4c795991e739ee970bc5215c061591"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.168...v2.4.169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/MISP/MISP/commit/78f423451a4c795991e739ee970bc5215c061591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.168...v2.4.169"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2023-48655 (GCVE-0-2023-48655)
Vulnerability from cvelistv5 – Published: 2023-11-17 00:00 – Updated: 2024-10-15 17:47
VLAI
Summary
An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters.
Severity
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:53.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/commit/158c8b2f788b75e0d26e9249a75e1be291e59d4b"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/advisories/misp-blind-sql-injection-in-array-input-parameters/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-48655",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:36:18.793964Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:47:48.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T23:30:02.498Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"url": "https://github.com/MISP/MISP/commit/158c8b2f788b75e0d26e9249a75e1be291e59d4b"
},
{
"url": "https://zigrin.com/advisories/misp-blind-sql-injection-in-array-input-parameters/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-48655",
"datePublished": "2023-11-17T00:00:00.000Z",
"dateReserved": "2023-11-17T00:00:00.000Z",
"dateUpdated": "2024-10-15T17:47:48.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48657 (GCVE-0-2023-48657)
Vulnerability from cvelistv5 – Published: 2023-11-17 00:00 – Updated: 2024-08-02 21:37
VLAI
Summary
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/commit/08bd23281ead288de678de666ef43ed6de1899fc"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T23:30:06.313Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"url": "https://github.com/MISP/MISP/commit/08bd23281ead288de678de666ef43ed6de1899fc"
},
{
"url": "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-48657",
"datePublished": "2023-11-17T00:00:00.000Z",
"dateReserved": "2023-11-17T00:00:00.000Z",
"dateUpdated": "2024-08-02T21:37:54.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48658 (GCVE-0-2023-48658)
Vulnerability from cvelistv5 – Published: 2023-11-17 00:00 – Updated: 2024-08-02 21:37
VLAI
Summary
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/commit/168621521b57b2437331174186f84a6aa3e71f0d"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T23:30:12.309Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"url": "https://github.com/MISP/MISP/commit/168621521b57b2437331174186f84a6aa3e71f0d"
},
{
"url": "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-48658",
"datePublished": "2023-11-17T00:00:00.000Z",
"dateReserved": "2023-11-17T00:00:00.000Z",
"dateUpdated": "2024-08-02T21:37:54.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48659 (GCVE-0-2023-48659)
Vulnerability from cvelistv5 – Published: 2023-11-17 00:00 – Updated: 2024-08-02 21:37
VLAI
Summary
An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/commit/37ecf81b84a01baa4d4b1fade4de94a9018c32ed"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/advisories/misp-reflected-cross-site-scripting-in-galaxies/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T23:30:30.112Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"url": "https://github.com/MISP/MISP/commit/37ecf81b84a01baa4d4b1fade4de94a9018c32ed"
},
{
"url": "https://zigrin.com/advisories/misp-reflected-cross-site-scripting-in-galaxies/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-48659",
"datePublished": "2023-11-17T00:00:00.000Z",
"dateReserved": "2023-11-17T00:00:00.000Z",
"dateUpdated": "2024-08-02T21:37:54.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48656 (GCVE-0-2023-48656)
Vulnerability from cvelistv5 – Published: 2023-11-17 00:00 – Updated: 2024-11-26 20:17
VLAI
Summary
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/commit/d6ad402b31547c95280a6d8320f8f87a8f609074"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/advisories/misp-blind-sql-injection-in-order-parameter/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48656",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T20:16:12.412008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T20:17:35.293Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T23:29:59.472Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"url": "https://github.com/MISP/MISP/commit/d6ad402b31547c95280a6d8320f8f87a8f609074"
},
{
"url": "https://zigrin.com/advisories/misp-blind-sql-injection-in-order-parameter/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-48656",
"datePublished": "2023-11-17T00:00:00.000Z",
"dateReserved": "2023-11-17T00:00:00.000Z",
"dateUpdated": "2024-11-26T20:17:35.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37306 (GCVE-0-2023-37306)
Vulnerability from cvelistv5 – Published: 2023-06-30 00:00 – Updated: 2024-11-27 18:38
VLAI
Summary
MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:09:34.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/commit/f125630c1c2d0f5d11079d3653ab7bb2ab5cd908"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37306",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T18:37:51.660085Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T18:38:01.042Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle"
},
{
"url": "https://github.com/MISP/MISP/commit/f125630c1c2d0f5d11079d3653ab7bb2ab5cd908"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-37306",
"datePublished": "2023-06-30T00:00:00.000Z",
"dateReserved": "2023-06-30T00:00:00.000Z",
"dateUpdated": "2024-11-27T18:38:01.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37307 (GCVE-0-2023-37307)
Vulnerability from cvelistv5 – Published: 2023-06-30 00:00 – Updated: 2024-08-02 17:09
VLAI
Summary
In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:09:34.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/commit/286c84fab0047726a6a396ceefaae1bb666fc485"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.171...v2.4.172"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/advisories/misp-stored-xss/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176975/MISP-2.4.171-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-05T17:06:15.366Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/286c84fab0047726a6a396ceefaae1bb666fc485"
},
{
"url": "https://github.com/MISP/MISP/compare/v2.4.171...v2.4.172"
},
{
"url": "https://zigrin.com/advisories/misp-stored-xss/"
},
{
"url": "http://packetstormsecurity.com/files/176975/MISP-2.4.171-Cross-Site-Scripting.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-37307",
"datePublished": "2023-06-30T00:00:00.000Z",
"dateReserved": "2023-06-30T00:00:00.000Z",
"dateUpdated": "2024-08-02T17:09:34.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28884 (GCVE-0-2023-28884)
Vulnerability from cvelistv5 – Published: 2023-03-27 00:00 – Updated: 2024-08-02 13:51
VLAI
Summary
In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/commit/b94c7978e5e6b1db369abeedbbf00bca975b08b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/advisories/misp-dom-based-xss/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T21:18:16.356Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/b94c7978e5e6b1db369abeedbbf00bca975b08b7"
},
{
"url": "https://zigrin.com/advisories/misp-dom-based-xss/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-28884",
"datePublished": "2023-03-27T00:00:00.000Z",
"dateReserved": "2023-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-02T13:51:38.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28606 (GCVE-0-2023-28606)
Vulnerability from cvelistv5 – Published: 2023-03-18 00:00 – Updated: 2025-02-26 19:04
VLAI
Summary
js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.
Severity
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:23.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/commit/30255b8d683df4ec54f856282b3bde9106d5ae1a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.168...v2.4.169"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28606",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T19:04:44.972213Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T19:04:59.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-18T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/30255b8d683df4ec54f856282b3bde9106d5ae1a"
},
{
"url": "https://github.com/MISP/MISP/compare/v2.4.168...v2.4.169"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-28606",
"datePublished": "2023-03-18T00:00:00.000Z",
"dateReserved": "2023-03-18T00:00:00.000Z",
"dateUpdated": "2025-02-26T19:04:59.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28607 (GCVE-0-2023-28607)
Vulnerability from cvelistv5 – Published: 2023-03-18 00:00 – Updated: 2025-02-26 20:45
VLAI
Summary
js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.
Severity
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:22.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.168...v2.4.169"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/commit/78f423451a4c795991e739ee970bc5215c061591"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28607",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T20:45:13.053578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T20:45:23.601Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-18T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/MISP/MISP/compare/v2.4.168...v2.4.169"
},
{
"url": "https://github.com/MISP/MISP/commit/78f423451a4c795991e739ee970bc5215c061591"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-28607",
"datePublished": "2023-03-18T00:00:00.000Z",
"dateReserved": "2023-03-18T00:00:00.000Z",
"dateUpdated": "2025-02-26T20:45:23.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48655 (GCVE-0-2023-48655)
Vulnerability from nvd – Published: 2023-11-17 00:00 – Updated: 2024-10-15 17:47
VLAI
Summary
An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters.
Severity
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:53.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/commit/158c8b2f788b75e0d26e9249a75e1be291e59d4b"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/advisories/misp-blind-sql-injection-in-array-input-parameters/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-48655",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:36:18.793964Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:47:48.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T23:30:02.498Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"url": "https://github.com/MISP/MISP/commit/158c8b2f788b75e0d26e9249a75e1be291e59d4b"
},
{
"url": "https://zigrin.com/advisories/misp-blind-sql-injection-in-array-input-parameters/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-48655",
"datePublished": "2023-11-17T00:00:00.000Z",
"dateReserved": "2023-11-17T00:00:00.000Z",
"dateUpdated": "2024-10-15T17:47:48.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48657 (GCVE-0-2023-48657)
Vulnerability from nvd – Published: 2023-11-17 00:00 – Updated: 2024-08-02 21:37
VLAI
Summary
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/commit/08bd23281ead288de678de666ef43ed6de1899fc"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T23:30:06.313Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"url": "https://github.com/MISP/MISP/commit/08bd23281ead288de678de666ef43ed6de1899fc"
},
{
"url": "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-48657",
"datePublished": "2023-11-17T00:00:00.000Z",
"dateReserved": "2023-11-17T00:00:00.000Z",
"dateUpdated": "2024-08-02T21:37:54.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48658 (GCVE-0-2023-48658)
Vulnerability from nvd – Published: 2023-11-17 00:00 – Updated: 2024-08-02 21:37
VLAI
Summary
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/commit/168621521b57b2437331174186f84a6aa3e71f0d"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T23:30:12.309Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"url": "https://github.com/MISP/MISP/commit/168621521b57b2437331174186f84a6aa3e71f0d"
},
{
"url": "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-48658",
"datePublished": "2023-11-17T00:00:00.000Z",
"dateReserved": "2023-11-17T00:00:00.000Z",
"dateUpdated": "2024-08-02T21:37:54.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48659 (GCVE-0-2023-48659)
Vulnerability from nvd – Published: 2023-11-17 00:00 – Updated: 2024-08-02 21:37
VLAI
Summary
An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/commit/37ecf81b84a01baa4d4b1fade4de94a9018c32ed"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/advisories/misp-reflected-cross-site-scripting-in-galaxies/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T23:30:30.112Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"url": "https://github.com/MISP/MISP/commit/37ecf81b84a01baa4d4b1fade4de94a9018c32ed"
},
{
"url": "https://zigrin.com/advisories/misp-reflected-cross-site-scripting-in-galaxies/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-48659",
"datePublished": "2023-11-17T00:00:00.000Z",
"dateReserved": "2023-11-17T00:00:00.000Z",
"dateUpdated": "2024-08-02T21:37:54.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48656 (GCVE-0-2023-48656)
Vulnerability from nvd – Published: 2023-11-17 00:00 – Updated: 2024-11-26 20:17
VLAI
Summary
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/commit/d6ad402b31547c95280a6d8320f8f87a8f609074"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/advisories/misp-blind-sql-injection-in-order-parameter/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48656",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T20:16:12.412008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T20:17:35.293Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T23:29:59.472Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176"
},
{
"url": "https://github.com/MISP/MISP/commit/d6ad402b31547c95280a6d8320f8f87a8f609074"
},
{
"url": "https://zigrin.com/advisories/misp-blind-sql-injection-in-order-parameter/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-48656",
"datePublished": "2023-11-17T00:00:00.000Z",
"dateReserved": "2023-11-17T00:00:00.000Z",
"dateUpdated": "2024-11-26T20:17:35.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37306 (GCVE-0-2023-37306)
Vulnerability from nvd – Published: 2023-06-30 00:00 – Updated: 2024-11-27 18:38
VLAI
Summary
MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:09:34.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/commit/f125630c1c2d0f5d11079d3653ab7bb2ab5cd908"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37306",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T18:37:51.660085Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T18:38:01.042Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle"
},
{
"url": "https://github.com/MISP/MISP/commit/f125630c1c2d0f5d11079d3653ab7bb2ab5cd908"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-37306",
"datePublished": "2023-06-30T00:00:00.000Z",
"dateReserved": "2023-06-30T00:00:00.000Z",
"dateUpdated": "2024-11-27T18:38:01.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37307 (GCVE-0-2023-37307)
Vulnerability from nvd – Published: 2023-06-30 00:00 – Updated: 2024-08-02 17:09
VLAI
Summary
In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:09:34.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/commit/286c84fab0047726a6a396ceefaae1bb666fc485"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.171...v2.4.172"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/advisories/misp-stored-xss/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176975/MISP-2.4.171-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-05T17:06:15.366Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/286c84fab0047726a6a396ceefaae1bb666fc485"
},
{
"url": "https://github.com/MISP/MISP/compare/v2.4.171...v2.4.172"
},
{
"url": "https://zigrin.com/advisories/misp-stored-xss/"
},
{
"url": "http://packetstormsecurity.com/files/176975/MISP-2.4.171-Cross-Site-Scripting.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-37307",
"datePublished": "2023-06-30T00:00:00.000Z",
"dateReserved": "2023-06-30T00:00:00.000Z",
"dateUpdated": "2024-08-02T17:09:34.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28884 (GCVE-0-2023-28884)
Vulnerability from nvd – Published: 2023-03-27 00:00 – Updated: 2024-08-02 13:51
VLAI
Summary
In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/commit/b94c7978e5e6b1db369abeedbbf00bca975b08b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/advisories/misp-dom-based-xss/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T21:18:16.356Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/b94c7978e5e6b1db369abeedbbf00bca975b08b7"
},
{
"url": "https://zigrin.com/advisories/misp-dom-based-xss/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-28884",
"datePublished": "2023-03-27T00:00:00.000Z",
"dateReserved": "2023-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-02T13:51:38.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28606 (GCVE-0-2023-28606)
Vulnerability from nvd – Published: 2023-03-18 00:00 – Updated: 2025-02-26 19:04
VLAI
Summary
js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.
Severity
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:23.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/commit/30255b8d683df4ec54f856282b3bde9106d5ae1a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.168...v2.4.169"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28606",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T19:04:44.972213Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T19:04:59.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-18T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/30255b8d683df4ec54f856282b3bde9106d5ae1a"
},
{
"url": "https://github.com/MISP/MISP/compare/v2.4.168...v2.4.169"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-28606",
"datePublished": "2023-03-18T00:00:00.000Z",
"dateReserved": "2023-03-18T00:00:00.000Z",
"dateUpdated": "2025-02-26T19:04:59.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28607 (GCVE-0-2023-28607)
Vulnerability from nvd – Published: 2023-03-18 00:00 – Updated: 2025-02-26 20:45
VLAI
Summary
js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.
Severity
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:22.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/compare/v2.4.168...v2.4.169"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MISP/MISP/commit/78f423451a4c795991e739ee970bc5215c061591"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28607",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T20:45:13.053578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T20:45:23.601Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-18T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/MISP/MISP/compare/v2.4.168...v2.4.169"
},
{
"url": "https://github.com/MISP/MISP/commit/78f423451a4c795991e739ee970bc5215c061591"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-28607",
"datePublished": "2023-03-18T00:00:00.000Z",
"dateReserved": "2023-03-18T00:00:00.000Z",
"dateUpdated": "2025-02-26T20:45:23.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}