Search criteria
280 vulnerabilities found for misp by misp
CVE-2025-66386 (GCVE-0-2025-66386)
Vulnerability from cvelistv5 – Published: 2025-11-28 00:00 – Updated: 2025-11-28 15:17
VLAI?
Summary
app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin.
Severity ?
4.1 (Medium)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T15:16:57.258479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T15:17:40.150Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MISP",
"vendor": "MISP",
"versions": [
{
"lessThan": "2.5.27",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.5.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T06:56:34.804Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/7f4a0386d38672eddc139f5735d71c3b749623ce"
},
{
"url": "https://github.com/MISP/MISP/compare/v2.5.26...v2.5.27"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-66386",
"datePublished": "2025-11-28T00:00:00.000Z",
"dateReserved": "2025-11-28T00:00:00.000Z",
"dateUpdated": "2025-11-28T15:17:40.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66384 (GCVE-0-2025-66384)
Vulnerability from cvelistv5 – Published: 2025-11-28 00:00 – Updated: 2025-11-28 15:23
VLAI?
Summary
app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name.
Severity ?
8.2 (High)
CWE
- CWE-684 - Incorrect Provision of Specified Functionality
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T15:23:40.777415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T15:23:46.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MISP",
"vendor": "MISP",
"versions": [
{
"lessThan": "2.5.24",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.5.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-684",
"description": "CWE-684 Incorrect Provision of Specified Functionality",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T06:52:41.226Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/misp/misp/commit/6867f0d3157a1959154bdad9ddac009dec6a19f5"
},
{
"url": "https://github.com/MISP/MISP/compare/v2.5.23...v2.5.24"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-66384",
"datePublished": "2025-11-28T00:00:00.000Z",
"dateReserved": "2025-11-28T00:00:00.000Z",
"dateUpdated": "2025-11-28T15:23:46.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66386 (GCVE-0-2025-66386)
Vulnerability from nvd – Published: 2025-11-28 00:00 – Updated: 2025-11-28 15:17
VLAI?
Summary
app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin.
Severity ?
4.1 (Medium)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T15:16:57.258479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T15:17:40.150Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MISP",
"vendor": "MISP",
"versions": [
{
"lessThan": "2.5.27",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.5.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T06:56:34.804Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/7f4a0386d38672eddc139f5735d71c3b749623ce"
},
{
"url": "https://github.com/MISP/MISP/compare/v2.5.26...v2.5.27"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-66386",
"datePublished": "2025-11-28T00:00:00.000Z",
"dateReserved": "2025-11-28T00:00:00.000Z",
"dateUpdated": "2025-11-28T15:17:40.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66384 (GCVE-0-2025-66384)
Vulnerability from nvd – Published: 2025-11-28 00:00 – Updated: 2025-11-28 15:23
VLAI?
Summary
app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name.
Severity ?
8.2 (High)
CWE
- CWE-684 - Incorrect Provision of Specified Functionality
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T15:23:40.777415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T15:23:46.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MISP",
"vendor": "MISP",
"versions": [
{
"lessThan": "2.5.24",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.5.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-684",
"description": "CWE-684 Incorrect Provision of Specified Functionality",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T06:52:41.226Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/misp/misp/commit/6867f0d3157a1959154bdad9ddac009dec6a19f5"
},
{
"url": "https://github.com/MISP/MISP/compare/v2.5.23...v2.5.24"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-66384",
"datePublished": "2025-11-28T00:00:00.000Z",
"dateReserved": "2025-11-28T00:00:00.000Z",
"dateUpdated": "2025-11-28T15:23:46.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
GCVE-1-2025-0029
Vulnerability from gna-1 – Published: 2025-11-27 12:41 – Updated: 2025-11-27 12:48
VLAI?
Summary
MISP contained two reflected cross-site scripting (XSS) vulnerabilities affecting:
*
EventGraph deletion confirmation form (eventGraph_delete_form.ctp)
*
Template file upload form (upload_file.ctp)
Before commit bd3ef20956e680fe12b3faf529efaaaee3e412dc, both templates used unvalidated numeric identifiers ($id and $element_id) directly in the rendered page. An attacker could craft a malicious request with a specially crafted non-numeric value for these parameters, causing untrusted data to be reflected into the HTML or JavaScript context of the forms—triggering arbitrary JavaScript execution in the browser of a logged-in user.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Dawid Czarnecki of Zigrin Security
Andras Iklody (the Insomniac MISP lead dev)
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dawid Czarnecki of Zigrin Security"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMISP contained two reflected cross-site scripting (XSS) vulnerabilities affecting:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eEventGraph\u003c/code\u003e deletion confirmation form\u003c/strong\u003e (\u003ccode\u003eeventGraph_delete_form.ctp\u003c/code\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eTemplate file upload form\u003c/strong\u003e (\u003ccode\u003eupload_file.ctp\u003c/code\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eBefore commit \u003ccode\u003ebd3ef20956e680fe12b3faf529efaaaee3e412dc\u003c/code\u003e, both templates used unvalidated numeric identifiers (\u003ccode\u003e$id\u003c/code\u003e and \u003ccode\u003e$element_id\u003c/code\u003e) directly in the rendered page. An attacker could craft a malicious request with a specially crafted non-numeric value for these parameters, causing untrusted data to be reflected into the HTML or JavaScript context of the forms\u2014triggering arbitrary JavaScript execution in the browser of a logged-in user.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "MISP contained two reflected cross-site scripting (XSS) vulnerabilities affecting:\n\n\n\n * \nEventGraph deletion confirmation form (eventGraph_delete_form.ctp)\n\n\n\n\n * \nTemplate file upload form (upload_file.ctp)\n\n\n\n\n\nBefore commit bd3ef20956e680fe12b3faf529efaaaee3e412dc, both templates used unvalidated numeric identifiers ($id and $element_id) directly in the rendered page. An attacker could craft a malicious request with a specially crafted non-numeric value for these parameters, causing untrusted data to be reflected into the HTML or JavaScript context of the forms\u2014triggering arbitrary JavaScript execution in the browser of a logged-in user."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/bd3ef20956e680fe12b3faf529efaaaee3e412dc"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Reflected cross-site scripting (XSS) vulnerabilities in EventGraph and Template Upload",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-11-27T12:41:00.000Z",
"dateUpdated": "2025-11-27T12:48:51.085860Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "GCVE-1-2025-0029",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-11-27T12:41:37.265185Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-11-27T12:42:20.272359Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-11-27T12:48:51.085860Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0028
Vulnerability from gna-1 – Published: 2025-11-27 07:23 – Updated: 2025-12-02 08:51
VLAI?
Summary
MISP contained an information leakage vulnerability in the Feed configuration interface when tag collections were used and the “JSONified list” view was accessed. As a result, sensitive fields such as full user records, organisation metadata, or other internal attributes could be exposed to users who should not have had access to them when viewing the JSON output of feed configurations.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Credits
Lassi Kapanen of Second Nature Security
Andras Iklody (the Insomniac MISP lead dev)
Teemu Hakkarainen of Second Nature Security
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.12",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lassi Kapanen of Second Nature Security"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
},
{
"lang": "en",
"type": "finder",
"value": "Teemu Hakkarainen of Second Nature Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "MISP contained an information leakage vulnerability in the \u003cem\u003eFeed configuration\u003c/em\u003e interface when tag collections were used and the \u201cJSONified list\u201d view was accessed. As a result, sensitive fields such as full user records, organisation metadata, or other internal attributes could be exposed to users who should not have had access to them when viewing the JSON output of feed configurations."
}
],
"value": "MISP contained an information leakage vulnerability in the Feed configuration interface when tag collections were used and the \u201cJSONified list\u201d view was accessed. As a result, sensitive fields such as full user records, organisation metadata, or other internal attributes could be exposed to users who should not have had access to them when viewing the JSON output of feed configurations."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/misp/misp/commit/ffe3be4da6fa99fffc85534d730a469c06cd38d8"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information leakage vulnerability in the MISP Feed configuration interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-11-27T07:23:00.000Z",
"dateUpdated": "2025-12-02T08:51:35.429494Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "gcve-1-2025-0028",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-11-27T07:23:20.592344Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-12-02T08:51:35.429494Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0027
Vulnerability from gna-1 – Published: 2025-11-27 07:17 – Updated: 2025-12-02 08:51
VLAI?
Summary
A reflected cross-site scripting (XSS) vulnerability was discovered in the server edit functionality of MISP. In serverRuleElements/pull.ctp and serverRuleElements/push.ctp, the id (server ID) value was written directly into an inline JavaScript variable (var serverID = "…"), without HTML escaping. A remote attacker could craft a URL with a malicious id value that, when visited by an authenticated user with access to the server edit interface, would result in arbitrary JavaScript execution in the victim’s browser.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Lassi Kapanen of Second Nature Security
Andras Iklody (the Insomniac MISP lead dev)
Teemu Hakkarainen of Second Nature Security
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.12",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lassi Kapanen of Second Nature Security"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
},
{
"lang": "en",
"type": "finder",
"value": "Teemu Hakkarainen of Second Nature Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A reflected cross-site scripting (XSS) vulnerability was discovered in the \u003cem\u003eserver edit\u003c/em\u003e functionality of MISP. In \u003ccode\u003eserverRuleElements/pull.ctp\u003c/code\u003e and \u003ccode\u003eserverRuleElements/push.ctp\u003c/code\u003e, the \u003ccode\u003eid\u003c/code\u003e (server ID) value was written directly into an inline JavaScript variable (\u003ccode\u003evar serverID = \"\u2026\"\u003c/code\u003e), without HTML escaping. A remote attacker could craft a URL with a malicious \u003ccode\u003eid\u003c/code\u003e value that, when visited by an authenticated user with access to the server edit interface, would result in arbitrary JavaScript execution in the victim\u2019s browser. \u003cbr\u003e"
}
],
"value": "A reflected cross-site scripting (XSS) vulnerability was discovered in the server edit functionality of MISP. In serverRuleElements/pull.ctp and serverRuleElements/push.ctp, the id (server ID) value was written directly into an inline JavaScript variable (var serverID = \"\u2026\"), without HTML escaping. A remote attacker could craft a URL with a malicious id value that, when visited by an authenticated user with access to the server edit interface, would result in arbitrary JavaScript execution in the victim\u2019s browser."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/misp/misp/commit/b24e37a6c78199a4c68bb3b95f53d37962973d86"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Reflected cross-site scripting (XSS) vulnerability in the server edit functionality of MISP",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-11-27T07:17:00.000Z",
"dateUpdated": "2025-12-02T08:51:04.323899Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "gcve-1-2025-0027",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-11-27T07:17:57.069969Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-11-27T07:24:10.363842Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-12-02T08:51:04.323899Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0026
Vulnerability from gna-1 – Published: 2025-11-26 16:35 – Updated: 2025-12-02 08:50
VLAI?
Summary
MISP contained a reflected cross-site scripting (XSS) vulnerability in the Server Edit interface, specifically within the JavaScript initialization code of the push and pull filtering rule elements. Prior to commit b24e37a6c78199a4c68bb3b95f53d37962973d86, the id parameter (server ID) was embedded directly into a JavaScript string without HTML escaping. A maliciously crafted id value containing JavaScript or special characters could be reflected into the page and executed when an authenticated user visited the server edit page.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Lassi Kapanen of Second Nature Security
Andras Iklody (the Insomniac MISP lead dev)
Teemu Hakkarainen of Second Nature Security
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.12",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lassi Kapanen of Second Nature Security"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
},
{
"lang": "en",
"type": "finder",
"value": "Teemu Hakkarainen of Second Nature Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "MISP contained a reflected cross-site scripting (XSS) vulnerability in the \u003cem\u003eServer Edit\u003c/em\u003e interface, specifically within the JavaScript initialization code of the push and pull filtering rule elements. Prior to commit \u003ccode\u003eb24e37a6c78199a4c68bb3b95f53d37962973d86\u003c/code\u003e, the \u003ccode\u003eid\u003c/code\u003e parameter (server ID) was embedded directly into a JavaScript string without HTML escaping.\u0026nbsp;A maliciously crafted \u003ccode\u003eid\u003c/code\u003e value containing JavaScript or special characters could be reflected into the page and executed when an authenticated user visited the server edit page."
}
],
"value": "MISP contained a reflected cross-site scripting (XSS) vulnerability in the Server Edit interface, specifically within the JavaScript initialization code of the push and pull filtering rule elements. Prior to commit b24e37a6c78199a4c68bb3b95f53d37962973d86, the id parameter (server ID) was embedded directly into a JavaScript string without HTML escaping.\u00a0A maliciously crafted id value containing JavaScript or special characters could be reflected into the page and executed when an authenticated user visited the server edit page."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/misp/misp/commit/b24e37a6c78199a4c68bb3b95f53d37962973d86"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Reflected cross-site scripting (XSS) vulnerability in the Server Edit interface,",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-11-26T16:35:00.000Z",
"dateUpdated": "2025-12-02T08:50:46.381572Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "GCVE-1-2025-0026",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-11-26T16:35:06.666237Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-12-02T08:50:46.381572Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0025
Vulnerability from gna-1 – Published: 2025-11-26 16:27 – Updated: 2025-12-02 08:50
VLAI?
Summary
MISP contained a reflected cross-site scripting (XSS) vulnerability in the Attribute Replacement Tool. Prior to commit f20e93e289998290946d56273528d2a4dc1c57fc, the event_id parameter was inserted into both the form action URL and an inline JavaScript handler without proper HTML-escaping. A malicious actor could craft a link with a specially crafted event_id value containing JavaScript, which would then be reflected back to the user and executed when the page was rendered.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Lassi Kapanen of Second Nature Security
Andras Iklody (the Insomniac MISP lead dev)
Teemu Hakkarainen of Second Nature Security
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.12",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lassi Kapanen of Second Nature Security"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
},
{
"lang": "en",
"type": "finder",
"value": "Teemu Hakkarainen of Second Nature Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "MISP contained a reflected cross-site scripting (XSS) vulnerability in the \u003cem\u003eAttribute Replacement Tool\u003c/em\u003e. Prior to commit \u003ccode\u003ef20e93e289998290946d56273528d2a4dc1c57fc\u003c/code\u003e, the \u003ccode\u003eevent_id\u003c/code\u003e parameter was inserted into both the form action URL and an inline JavaScript handler without proper HTML-escaping. A malicious actor could craft a link with a specially crafted \u003ccode\u003eevent_id\u003c/code\u003e value containing JavaScript, which would then be reflected back to the user and executed when the page was rendered."
}
],
"value": "MISP contained a reflected cross-site scripting (XSS) vulnerability in the Attribute Replacement Tool. Prior to commit f20e93e289998290946d56273528d2a4dc1c57fc, the event_id parameter was inserted into both the form action URL and an inline JavaScript handler without proper HTML-escaping. A malicious actor could craft a link with a specially crafted event_id value containing JavaScript, which would then be reflected back to the user and executed when the page was rendered."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/misp/misp/commit/f20e93e289998290946d56273528d2a4dc1c57fc"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Reflected cross-site scripting (XSS) vulnerability in the MISP Attribute Replacement Tool",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-11-26T16:27:00.000Z",
"dateUpdated": "2025-12-02T08:50:18.897756Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "GCVE-1-2025-0025",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-11-26T16:27:43.742150Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-11-26T16:29:13.941057Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-12-02T08:50:18.897756Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0024
Vulnerability from gna-1 – Published: 2025-11-26 16:14 – Updated: 2025-12-02 08:50
VLAI?
Summary
MISP contained a reflected cross-site scripting (XSS) vulnerability in the showAttributeTag / tag selection UI.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Lassi Kapanen of Second Nature Security
Andras Iklody (the Insomniac MISP lead dev)
Teemu Hakkarainen of Second Nature Security
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.12",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lassi Kapanen of Second Nature Security"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
},
{
"lang": "en",
"type": "finder",
"value": "Teemu Hakkarainen of Second Nature Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "MISP contained a reflected cross-site scripting (XSS) vulnerability in the \u003cem\u003eshowAttributeTag\u003c/em\u003e / tag selection UI."
}
],
"value": "MISP contained a reflected cross-site scripting (XSS) vulnerability in the showAttributeTag / tag selection UI."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/misp/misp/commit/cbfcf1cdd2797de8f3da439f217bb8b9f0cd8cef"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "cross-site scripting (XSS) vulnerability in the MISP showAttributeTag",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-11-26T16:14:00.000Z",
"dateUpdated": "2025-12-02T08:50:01.482327Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "GCVE-1-2025-0024",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-11-26T16:14:57.013842Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-11-26T16:15:27.131244Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-12-02T08:50:01.482327Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0023
Vulnerability from gna-1 – Published: 2025-11-26 16:10 – Updated: 2025-12-02 08:49
VLAI?
Summary
MISP contained a cross-site scripting (XSS) vulnerability in the Server Comparison tool. Prior to commit 83cc0b50971798bbf4be674e9ba744a8e874233a, certain fields displayed in the comparison view were not properly sanitized before being inserted into the HTML output. A malicious or compromised site-admin could inject crafted HTML/JavaScript payloads into comparison content, which would then execute in the browser of another site-admin viewing the Server Comparison interface.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Lassi Kapanen of Second Nature Security
Andras Iklody (the Insomniac MISP lead dev)
Teemu Hakkarainen of Second Nature Security
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.12",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lassi Kapanen of Second Nature Security"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
},
{
"lang": "en",
"type": "finder",
"value": "Teemu Hakkarainen of Second Nature Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "MISP contained a cross-site scripting (XSS) vulnerability in the \u003cem\u003eServer Comparison\u003c/em\u003e tool. Prior to commit \u003ccode\u003e83cc0b50971798bbf4be674e9ba744a8e874233a\u003c/code\u003e, certain fields displayed in the comparison view were not properly sanitized before being inserted into the HTML output. A malicious or compromised site-admin could inject crafted HTML/JavaScript payloads into comparison content, which would then execute in the browser of another site-admin viewing the Server Comparison interface."
}
],
"value": "MISP contained a cross-site scripting (XSS) vulnerability in the Server Comparison tool. Prior to commit 83cc0b50971798bbf4be674e9ba744a8e874233a, certain fields displayed in the comparison view were not properly sanitized before being inserted into the HTML output. A malicious or compromised site-admin could inject crafted HTML/JavaScript payloads into comparison content, which would then execute in the browser of another site-admin viewing the Server Comparison interface."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/misp/misp/commit/83cc0b50971798bbf4be674e9ba744a8e874233a"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XSS in MISP server comparison tool",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-11-26T16:10:00.000Z",
"dateUpdated": "2025-12-02T08:49:24.626168Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "GCVE-1-2025-0023",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-11-26T16:10:30.111214Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-12-02T08:49:24.626168Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0022
Vulnerability from gna-1 – Published: 2025-11-26 16:04 – Updated: 2025-12-02 08:49
VLAI?
Summary
download_attachments_on_load is set to true by default, but setting this to false introduces a potential security risk. Clarified this in the setting
Severity ?
CWE
Assigner
References
Credits
Lassi Kapanen of Second Nature Security
Andras Iklody (the Insomniac MISP lead dev)
Teemu Hakkarainen of Second Nature Security
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.12",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lassi Kapanen of Second Nature Security"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
},
{
"lang": "en",
"type": "finder",
"value": "Teemu Hakkarainen of Second Nature Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "download_attachments_on_load is set to true by default, but setting this to false introduces a potential security risk. Clarified this in the setting"
}
],
"value": "download_attachments_on_load is set to true by default, but setting this to false introduces a potential security risk. Clarified this in the setting"
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/misp/misp/commit/5410685896b89aed11ace870b9c22c17752d1807"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Clarified setting\u0027s impact on download_attachments_on_load",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-11-26T16:04:00.000Z",
"dateUpdated": "2025-12-02T08:49:04.510294Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "GCVE-1-2025-0022",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-11-26T16:04:54.084661Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-12-02T08:49:04.510294Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0021
Vulnerability from gna-1 – Published: 2025-11-26 15:55 – Updated: 2025-12-02 08:48
VLAI?
Summary
In MISP, the “REST client” interface that allows viewing data returned by modules suffered from a cross-site scripting (XSS) vulnerability when presenting “HTML view” of arbitrary JSON data. Prior to commit d718c026d5d69a50e3bbd51847a05ad8f386ec6c, the application did not sufficiently validate or restrict the type of response before offering to render it as HTML, allowing malicious JSON responses to be rendered in HTML context. This could allow an attacker (via a compromised or malicious module) to supply JSON containing content that, when interpreted as HTML, executes as script in the user’s browser.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Lassi Kapanen of Second Nature Security
Andras Iklody (the Insomniac MISP lead dev)
Teemu Hakkarainen of Second Nature Security
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.12",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lassi Kapanen of Second Nature Security"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
},
{
"lang": "en",
"type": "finder",
"value": "Teemu Hakkarainen of Second Nature Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In MISP, the \u201cREST client\u201d interface that allows viewing data returned by modules suffered from a cross-site scripting (XSS) vulnerability when presenting \u201cHTML view\u201d of arbitrary JSON data. Prior to commit \u003ccode\u003ed718c026d5d69a50e3bbd51847a05ad8f386ec6c\u003c/code\u003e, the application did not sufficiently validate or restrict the type of response before offering to render it as HTML, allowing malicious JSON responses to be rendered in HTML context. This could allow an attacker (via a compromised or malicious module) to supply JSON containing content that, when interpreted as HTML, executes as script in the user\u2019s browser."
}
],
"value": "In MISP, the \u201cREST client\u201d interface that allows viewing data returned by modules suffered from a cross-site scripting (XSS) vulnerability when presenting \u201cHTML view\u201d of arbitrary JSON data. Prior to commit d718c026d5d69a50e3bbd51847a05ad8f386ec6c, the application did not sufficiently validate or restrict the type of response before offering to render it as HTML, allowing malicious JSON responses to be rendered in HTML context. This could allow an attacker (via a compromised or malicious module) to supply JSON containing content that, when interpreted as HTML, executes as script in the user\u2019s browser."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/misp/misp/commit/d718c026d5d69a50e3bbd51847a05ad8f386ec6c"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XSS in MISP ReST client in HTML view",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-11-26T15:55:00.000Z",
"dateUpdated": "2025-12-02T08:48:41.869838Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "GCVE-1-2025-0021",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-11-26T15:55:16.468388Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-12-02T08:48:41.869838Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0020
Vulnerability from gna-1 – Published: 2025-11-26 15:49 – Updated: 2025-12-02 08:47
VLAI?
Summary
The “Galaxy element JSON view", a functionality that renders JSON representations of “galaxy elements”, contained a cross-site scripting (XSS) vulnerability.
The issue could allow a malicious user (with the ability to influence galaxy element data) to inject JavaScript payloads that would execute in the browser of another user viewing the JSON view.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
Lassi Kapanen of Second Nature Security
Andras Iklody (the Insomniac MISP lead dev)
Teemu Hakkarainen of Second Nature Security
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.12",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lassi Kapanen of Second Nature Security"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
},
{
"lang": "en",
"type": "finder",
"value": "Teemu Hakkarainen of Second Nature Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe \u201cGalaxy element JSON view\", a functionality that renders JSON representations of \u201cgalaxy elements\u201d, contained a cross-site scripting (XSS) vulnerability.\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThe issue could allow a malicious user (with the ability to influence galaxy element data) to inject JavaScript payloads that would execute in the browser of another user viewing the JSON view.\u0026nbsp;\u003c/div\u003e"
}
],
"value": "The \u201cGalaxy element JSON view\", a functionality that renders JSON representations of \u201cgalaxy elements\u201d, contained a cross-site scripting (XSS) vulnerability.\u00a0\n\n\n\n\nThe issue could allow a malicious user (with the ability to influence galaxy element data) to inject JavaScript payloads that would execute in the browser of another user viewing the JSON view."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/misp/misp/commit/aa882b23425dd4ef45d0a5f33ff0b5eed36ec9a4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "cross-site scripting (XSS) in Galaxy element JSON view",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-11-26T15:49:00.000Z",
"dateUpdated": "2025-12-02T08:47:41.151429Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "gcve-1-2025-0020",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-11-26T15:49:06.903712Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-12-02T08:47:41.151429Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0019
Vulnerability from gna-1 – Published: 2025-11-26 14:47 – Updated: 2025-11-28 07:27
VLAI?
Summary
The “view picture” functionality in EventReport for site-administrators suffered from a path traversal vulnerability. When a specially crafted filename or alias was provided, the application could be tricked into returning arbitrary files from the server’s file system rather than only allowed image assets.
Severity ?
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Credits
Esteban (Zerotistic) Tonglet during Hack the Government 2025 in Belgium
Sami Mokaddem (aka Graphman)
📸 Alexandre Dulaunoy 🎨
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThanOrEqual": "2.5.26",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Esteban (Zerotistic) Tonglet during Hack the Government 2025 in Belgium"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Sami Mokaddem"
},
{
"lang": "en",
"type": "coordinator",
"value": "Alexandre Dulaunoy"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The \u201cview picture\u201d functionality in EventReport for site-administrators suffered from a path traversal vulnerability. When a specially crafted filename or alias was provided, the application could be tricked into returning arbitrary files from the server\u2019s file system rather than only allowed image assets."
}
],
"value": "The \u201cview picture\u201d functionality in EventReport for site-administrators suffered from a path traversal vulnerability. When a specially crafted filename or alias was provided, the application could be tricked into returning arbitrary files from the server\u2019s file system rather than only allowed image assets."
}
],
"impacts": [
{
"capecId": "CAPEC-73",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-73 User-Controlled Filename"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/7f4a0386d38672eddc139f5735d71c3b749623ce"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Path traversal vulnerability in EventReport for site-admin",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"cveId": "CVE-2025-66386",
"datePublished": "2025-11-26T14:47:00.000Z",
"dateUpdated": "2025-11-28T07:27:42.721350Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "gcve-1-2025-0019",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-11-26T14:47:47.489637Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-11-26T14:48:49.272047Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-11-28T07:23:06.918616Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-11-28T07:27:42.721350Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0016
Vulnerability from gna-1 – Published: 2025-11-04 09:20 – Updated: 2025-11-04 09:56
VLAI?
Summary
Local file inclusion in [ImportFromUrl() URL handling component in MISP event report (with pandoc support) on server-side document import feature / web application allows an attacker who can supply a URL to read local filesystem documents and disclose sensitive information (limited to document file types) via providing file:// URLs to ImportFromUrl() that are fetched without proper scheme/host validation.
Severity ?
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Credits
🕵️♂️ Jeroen Pinoy 🐞
Raphael Lob from NATO Cyber Security Center
📸 Alexandre Dulaunoy 🎨
Andras Iklody (the Insomniac MISP lead dev)
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.24",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jeroen Pinoy"
},
{
"lang": "en",
"type": "finder",
"value": "Raphael Lob from NATO Cyber Security Center"
},
{
"lang": "en",
"type": "coordinator",
"value": "Alexandre Dulaunoy"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Local file inclusion in [ImportFromUrl() URL handling component in MISP event report (with pandoc support) on server-side document import feature / web application allows an attacker who can supply a URL to read local filesystem documents and disclose sensitive information (limited to document file types) via providing file:// URLs to ImportFromUrl() that are fetched without proper scheme/host validation."
}
],
"value": "Local file inclusion in [ImportFromUrl() URL handling component in MISP event report (with pandoc support) on server-side document import feature / web application allows an attacker who can supply a URL to read local filesystem documents and disclose sensitive information (limited to document file types) via providing file:// URLs to ImportFromUrl() that are fetched without proper scheme/host validation."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/misp/misp/commit/6b67f8e853dcf8e40cb87d35a0f6d55df80928df"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-11-04T09:20:00.000Z",
"dateUpdated": "2025-11-04T09:56:38.383646Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "GCVE-1-2025-0016",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-11-04T09:20:56.074344Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-11-04T09:56:38.383646Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0015
Vulnerability from gna-1 – Published: 2025-11-04 09:06 – Updated: 2025-11-04 09:06
VLAI?
Summary
Cross-site scripting in decaying tool simulation UI/component in MISP on web application allows an attacker/org who can set an organization's display name to execute arbitrary JavaScript in other users' browsers when they view or run simulations via a crafted organization name containing a script payload that is rendered unsanitized when a specific attribute is chosen for the simulation.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
🕵️♂️ Jeroen Pinoy 🐞
Andras Iklody (the Insomniac MISP lead dev)
📸 Alexandre Dulaunoy 🎨
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.24",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jeroen Pinoy"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
},
{
"lang": "en",
"type": "coordinator",
"value": "Alexandre Dulaunoy"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting in decaying tool simulation UI/component in MISP on web application allows an attacker/org who can set an organization\u0027s display name to execute arbitrary JavaScript in other users\u0027 browsers when they view or run simulations via a crafted organization name containing a script payload that is rendered unsanitized when a specific attribute is chosen for the simulation."
}
],
"value": "Cross-site scripting in decaying tool simulation UI/component in MISP on web application allows an attacker/org who can set an organization\u0027s display name to execute arbitrary JavaScript in other users\u0027 browsers when they view or run simulations via a crafted organization name containing a script payload that is rendered unsanitized when a specific attribute is chosen for the simulation."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/misp/misp/commit/7651b5b8b16279322422aa0f45b68c680c15e42b"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential XSS in decaying simulation tool",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-11-04T09:06:00.000Z",
"dateUpdated": "2025-11-04T09:06:59.216121Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "GCVE-1-2025-0015",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-11-04T09:06:35.083637Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-11-04T09:06:59.216121Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0014
Vulnerability from gna-1 – Published: 2025-11-04 08:58 – Updated: 2025-11-04 08:58
VLAI?
Summary
Cross-site scripting in Mermaid chart rendering component in MISP event report allows a remote attacker part of a MISP community to execute arbitrary JavaScript in the victim’s browser via injection of HTML tags in raw Mermaid charts synchronized through event reports.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Credits
🕵️♂️ Jeroen Pinoy 🐞
📸 Alexandre Dulaunoy 🎨
Andras Iklody (the Insomniac MISP lead dev)
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"status": "affected",
"version": "2.5.24"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jeroen Pinoy"
},
{
"lang": "en",
"type": "coordinator",
"value": "Alexandre Dulaunoy"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting in Mermaid chart rendering component in MISP event report allows a remote attacker part of a MISP community to execute arbitrary JavaScript in the victim\u2019s browser via injection of HTML tags in raw Mermaid charts synchronized through event reports."
}
],
"value": "Cross-site scripting in Mermaid chart rendering component in MISP event report allows a remote attacker part of a MISP community to execute arbitrary JavaScript in the victim\u2019s browser via injection of HTML tags in raw Mermaid charts synchronized through event reports."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/misp/misp/commit/bb909aff9503c8c8d4bfe6de94f54d7c90dce8ac"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XSS in event report via Mermaid diagram",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-11-04T08:58:00.024516Z",
"dateUpdated": "2025-11-04T08:58:00.024516Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "GCVE-1-2025-0014",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-11-04T08:58:00.024516Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0013
Vulnerability from gna-1 – Published: 2025-11-04 08:49 – Updated: 2025-11-04 08:49
VLAI?
Summary
Authorization bypass / improper access control in app/Controller/SharingGroupBlueprintsController.php in MISP on web application /or API allows an authenticated low-privilege user to inject arbitrary organizations into existing sharing groups (including groups that should not be extendable), thereby granting those organizations access to shared resources and escalating access via crafted sharing-group blueprints or API requests that bypass validation.
Severity ?
CWE
Assigner
References
Credits
🕵️♂️ Jeroen Pinoy from NATO Cyber Security Center 🐞
Andras Iklody (the Insomniac MISP lead dev)
📸 Alexandre Dulaunoy 🎨
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.24",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jeroen Pinoy from NATO Cyber Security Center"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
},
{
"lang": "en",
"type": "coordinator",
"value": "Alexandre Dulaunoy"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization bypass / improper access control in app/Controller/SharingGroupBlueprintsController.php in MISP on web application /or API allows an authenticated low-privilege user to inject arbitrary organizations into existing sharing groups (including groups that should not be extendable), thereby granting those organizations access to shared resources and escalating access via crafted sharing-group blueprints or API requests that bypass validation."
}
],
"value": "Authorization bypass / improper access control in app/Controller/SharingGroupBlueprintsController.php in MISP on web application /or API allows an authenticated low-privilege user to inject arbitrary organizations into existing sharing groups (including groups that should not be extendable), thereby granting those organizations access to shared resources and escalating access via crafted sharing-group blueprints or API requests that bypass validation."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/misp/misp/commit/d6cc16e8cacb70d23515a85e0e81c95c096d9dd0"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vulnerability in sharing group blueprints allowing sharing group injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-11-04T08:49:21.558087Z",
"dateUpdated": "2025-11-04T08:49:21.558087Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "GCVE-1-2025-0013",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-11-04T08:49:21.558087Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0012
Vulnerability from gna-1 – Published: 2025-11-04 07:20 – Updated: 2025-11-28 07:16
VLAI?
Summary
Potential vulnerability in file check upload but this vulnerability is non-exploitable as the code is never executed. This vulnerability information is kept for archiving.
Severity ?
No CVSS data available.
CWE
Assigner
References
Credits
Andras Iklody (the Insomniac MISP lead dev)
Raphael Lob from NATO Cyber Security Center
📸 Alexandre Dulaunoy 🎨
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.24",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
},
{
"lang": "en",
"type": "finder",
"value": "Raphael Lob from NATO Cyber Security Center"
},
{
"lang": "en",
"type": "coordinator",
"value": "Alexandre Dulaunoy"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003ePotential vulnerability in file check upload but this vulnerability is non-exploitable as the code is never executed. This vulnerability information is kept for archiving.\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Potential vulnerability in file check upload but this vulnerability is non-exploitable as the code is never executed. This vulnerability information is kept for archiving."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html"
}
]
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"other": {
"type": "Evaluation not possible due to dead-code"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/misp/misp/commit/ed3fa4b4c7a16648d2b102f58b81c735a99e8986"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential vulnerability in file check upload but non-exploitable",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"cveId": "CVE-2025-66384",
"datePublished": "2025-11-04T07:20:00.000Z",
"dateUpdated": "2025-11-28T07:16:21.589449Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "GCVE-1-2025-0012",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-11-04T07:20:07.378032Z"
],
[
"alexandre.dulaunoy@circl.lu",
"2025-11-28T07:16:21.589449Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0011
Vulnerability from gna-1 – Published: 2025-11-04 07:01 – Updated: 2025-11-04 07:01
VLAI?
Summary
Invalid check for uploaded file validity in EventsController can lead to arbitrary file inclusion / deletion via import modules by spoofing the tmp_name of the request
Severity ?
CWE
Assigner
References
Credits
Raphael Lob from NATO Cyber Security Center
Andras Iklody (the Insomniac MISP lead dev)
📸 Alexandre Dulaunoy 🎨
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.24",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Raphael Lob from NATO Cyber Security Center"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
},
{
"lang": "en",
"type": "coordinator",
"value": "Alexandre Dulaunoy"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Invalid check for uploaded file validity in EventsController can lead to arbitrary file inclusion / deletion via import modules by spoofing the tmp_name of the request"
}
],
"value": "Invalid check for uploaded file validity in EventsController can lead to arbitrary file inclusion / deletion via import modules by spoofing the tmp_name of the request"
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/misp/misp/commit/6867f0d3157a1959154bdad9ddac009dec6a19f5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitrary file inclusion / deletion via import modules by spoofing the tmp_name of the request",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-11-04T07:01:25.464225Z",
"dateUpdated": "2025-11-04T07:01:25.464225Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "GCVE-1-2025-0011",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-11-04T07:01:25.464225Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GCVE-1-2025-0010
Vulnerability from gna-1 – Published: 2025-11-04 06:25 – Updated: 2025-11-04 06:25
VLAI?
Summary
Arbitrary file-hash inclusion via templates in the template engine in MispAttribute allows a web user to obtain the MD5 hash of any file accessible to them via inclusion of tmp_name in templates.
Severity ?
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
Credits
Andras Iklody (the Insomniac MISP lead dev)
Raphael Lob from NATO Cyber Security Center
📸 Alexandre Dulaunoy 🎨
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "misp",
"vendor": "misp",
"versions": [
{
"lessThan": "2.5.24",
"status": "affected"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "remediation developer",
"value": "Andras Iklody"
},
{
"lang": "en",
"type": "finder",
"value": "Raphael Lob from NATO Cyber Security Center"
},
{
"lang": "en",
"type": "coordinator",
"value": "Alexandre Dulaunoy"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eArbitrary file-hash inclusion via templates in the template engine in MispAttribute\u0026nbsp;allows a web user to obtain the MD5 hash of any file accessible to them via inclusion of \u003ccode\u003etmp_name\u003c/code\u003e in templates.\u003c/div\u003e"
}
],
"value": "Arbitrary file-hash inclusion via templates in the template engine in MispAttribute\u00a0allows a web user to obtain the MD5 hash of any file accessible to them via inclusion of tmp_name in templates."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Collect"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-9000-000000000000"
},
"references": [
{
"url": "https://github.com/misp/misp/commit/015fd1e7988579120b6bd95ca72c7bce4bb7b902"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitrary file hash inclusion via templates accessible to all users",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "00000000-0000-4000-9000-000000000000",
"datePublished": "2025-11-04T06:25:11.108987Z",
"dateUpdated": "2025-11-04T06:25:11.108987Z",
"requesterUserId": "00000000-0000-4000-9000-000000000000",
"serial": 1,
"state": "PUBLISHED",
"vulnId": "GCVE-1-2025-0010",
"vulnerabilitylookup_history": [
[
"alexandre.dulaunoy@circl.lu",
"2025-11-04T06:25:11.108987Z"
]
]
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2025-AVI-1045
Vulnerability from certfr_avis - Published: 2025-11-27 - Updated: 2025-11-28
Une vulnérabilité a été découverte dans MISP. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MISP versions ant\u00e9rieures \u00e0 2.5.26",
"product": {
"name": "MISP",
"vendor": {
"name": "MISP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2025-11-27T00:00:00",
"last_revision_date": "2025-11-28T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1045",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-27T00:00:00.000000"
},
{
"description": "Ajout r\u00e9f\u00e9rence CVE",
"revision_date": "2025-11-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans MISP. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Vuln\u00e9rabilit\u00e9 dans MISP",
"vendor_advisories": [
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 MISP",
"url": "https://www.misp-project.org/security/"
}
]
}
CERTFR-2025-AVI-0965
Vulnerability from certfr_avis - Published: 2025-11-05 - Updated: 2025-11-05
De multiples vulnérabilités ont été découvertes dans MISP. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MISP versions ant\u00e9rieures \u00e0 2.5.24",
"product": {
"name": "MISP",
"vendor": {
"name": "MISP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2025-11-05T00:00:00",
"last_revision_date": "2025-11-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0965",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans MISP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans MISP",
"vendor_advisories": [
{
"published_at": "2025-11-04",
"title": "Bulletin de s\u00e9curit\u00e9 MISP",
"url": "https://www.misp-project.org/security/"
}
]
}
CERTFR-2025-AVI-0274
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans MISP. Elles permettent à un attaquant de provoquer une injection indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MISP versions 2.4.x ant\u00e9rieures \u00e0 2.4.201",
"product": {
"name": "MISP",
"vendor": {
"name": "MISP",
"scada": false
}
}
},
{
"description": "MISP versions 2.5.x ant\u00e9rieures \u00e0 2.5.3",
"product": {
"name": "MISP",
"vendor": {
"name": "MISP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-54674",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54674"
},
{
"name": "CVE-2024-54675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54675"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0274",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans MISP. Elles permettent \u00e0 un attaquant de provoquer une injection indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans MISP",
"vendor_advisories": [
{
"published_at": "2025-04-04",
"title": "Bulletin de s\u00e9curit\u00e9 MISP",
"url": "https://www.misp-project.org/security/"
}
]
}
FKIE_CVE-2024-58130
Vulnerability from fkie_nvd - Published: 2025-03-28 22:15 - Updated: 2025-07-15 18:49
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D38831B2-94AF-41A5-956B-D9EBE0EC177C",
"versionEndExcluding": "2.4.193",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses."
},
{
"lang": "es",
"value": "En app/Controller/Component/RestResponseComponent.php en MISP anterior a 2.4.193, los endpoints REST carecen de depuraci\u00f3n para respuestas que no sean JSON."
}
],
"id": "CVE-2024-58130",
"lastModified": "2025-07-15T18:49:50.467",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-28T22:15:17.463",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/MISP/MISP/commit/f08a2eaec25f0212c22b225c0b654bd60d089ef9"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/MISP/MISP/releases/tag/v2.4.193"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cve@mitre.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-58129
Vulnerability from fkie_nvd - Published: 2025-03-28 22:15 - Updated: 2025-07-08 17:30
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
In MISP before 2.4.193, menu_custom_right_link_html parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks against every page.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D38831B2-94AF-41A5-956B-D9EBE0EC177C",
"versionEndExcluding": "2.4.193",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In MISP before 2.4.193, menu_custom_right_link_html parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks against every page."
},
{
"lang": "es",
"value": "En MISP anterior a 2.4.193, los par\u00e1metros menu_custom_right_link_html se pueden configurar a trav\u00e9s de la interfaz de usuario (es decir, sin utilizar la CLI) y, por lo tanto, los atacantes con privilegios de administrador pueden realizar ataques XSS contra cada p\u00e1gina."
}
],
"id": "CVE-2024-58129",
"lastModified": "2025-07-08T17:30:50.003",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-28T22:15:17.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/MISP/MISP/commit/09a43870e733f79ffa33753ddc7bce3cbb5a5647"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/MISP/MISP/releases/tag/v2.4.193"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cve@mitre.org",
"type": "Secondary"
}
]
}