Vuldb Updates

A vulnerability labeled as problematic has been found in MISP 2.4.136. The affected element is an unknown function of the file app/View/GalaxyElements/ajax/index.ctp of the component Galaxy Cluster Element Handler. The manipulation results in cross site scripting. This vulnerability was named CVE-2021-25325. The attack may be performed from remote. There is no available exploit. It is advisable to implement a patch to correct this issue.

A vulnerability classified as problematic was found in MISP 2.4.136. Affected is an unknown function of the file app/View/Elements/global_menu.ctp. Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2021-3184. The attack can be launched remotely. No exploit exists. Applying a patch is advised to resolve this issue.

A vulnerability categorized as problematic has been discovered in MISCP 2.4.128. Affected by this vulnerability is the function SetHomePage of the file app/Controller/UserSettingsController.php. Executing a manipulation of the argument path can lead to cross site scripting. This vulnerability is tracked as CVE-2020-24085. The attack can be launched remotely. No exploit exists. It is advisable to implement a patch to correct this issue.

A vulnerability categorized as critical has been discovered in MISP 2.4.139. This issue affects some unknown processing of the file app/Model/SharingGroupServer.php. Such manipulation leads to improper access controls. This vulnerability is referenced as CVE-2021-27904. The attack needs to be initiated within the local network. No exploit is available.

A vulnerability labeled as problematic has been found in MISP 2.4.141. This impacts an unknown function of the file app/Model/MispObject.php of the component Event Edit Handler. The manipulation results in information disclosure. This vulnerability is known as CVE-2021-31780. Access to the local network is required for this attack. No exploit is available. It is advisable to implement a patch to correct this issue.

A vulnerability described as problematic has been identified in MISP 2.4.144. Impacted is an unknown function of the file app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp of the component Template Handler. Such manipulation leads to privilege escalation. This vulnerability is traded as CVE-2021-35502. Access to the local network is required for this attack to succeed. There is no exploit available. It is advisable to implement a patch to correct this issue.

A vulnerability has been found in MISP up to 2.4.145 and classified as problematic. This affects an unknown part of the file app/View/SharingGroups/view.ctp of the component Sharing Groups View. Performing a manipulation results in cross site scripting. This vulnerability is known as CVE-2021-36212. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in MISP 2.4.146. This affects an unknown function of the file app/View/GalaxyClusters/add.ctp of the component Galaxy Cluster Fork Handler. This manipulation causes cross site scripting. This vulnerability is handled as CVE-2021-37534. The attack can be initiated remotely. There is not any exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in MISP 2.4.147. Affected by this issue is some unknown functionality of the file app/View/Elements/GalaxyClusters/view_relation_tree.ctp of the component Galaxy Cluster Relationship Handler. Performing a manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2021-37742. It is possible to initiate the attack remotely. There is no exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability classified as problematic was found in MISP 2.4.147. This affects an unknown part of the file app/View/GalaxyElements/ajax/index.ctp of the component Galaxy Cluster Element Handler. Executing a manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2021-37743. It is possible to launch the attack remotely. No exploit is available. It is best practice to apply a patch to resolve this issue.

A vulnerability described as problematic has been identified in MISP 2.4.122. This affects an unknown function of the file app/View/Elements/Events/View/sighting_field.ctp of the component Sighting Popover Tool. Such manipulation leads to cross site scripting (Persistent). This vulnerability is documented as CVE-2020-10247. The attack can be executed remotely. There is not any exploit available.

A vulnerability, which was classified as problematic, has been found in MISP. Affected by this vulnerability is an unknown functionality of the file app/Model/feed.php. This manipulation causes information disclosure. This vulnerability appears as CVE-2020-11458. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability labeled as problematic has been found in MISP. This affects an unknown part of the file app/View/Events/resolved_attributes.ctp. Executing a manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2020-13153. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability has been found in MISP 2.4.127 and classified as problematic. Affected by this issue is some unknown functionality of the file app/Model/Attribute.php of the component ACL Lookup Handler. Performing a manipulation results in information disclosure. This vulnerability is known as CVE-2020-14969. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability classified as critical was found in MISP 2.4.128. This affects an unknown part of the file app/Controller/AttributesController.php of the component ACL Check Handler. The manipulation results in improper privilege management. This vulnerability is known as CVE-2020-15411. It is possible to launch the attack remotely. No exploit is available.

A vulnerability, which was classified as critical, has been found in MISP 2.4.128. This vulnerability affects unknown code of the file app/Controller/EventsController.php of the component ACL Check Handler. This manipulation causes improper privilege management. This vulnerability is handled as CVE-2020-15412. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in MISP up to 2.4.128. It has been classified as problematic. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in cross-site request forgery. This vulnerability is reported as CVE-2020-15711. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in MISP and classified as critical. This affects an unknown function of the component Login Page. Executing a manipulation can lead to improper privilege management. This vulnerability is registered as CVE-2020-25766. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in MISP up to 2.4.133 and classified as critical. Affected is an unknown function of the component REST Client. The manipulation of the argument use_full_path results in server-side request forgery. This vulnerability is identified as CVE-2020-28043. The attack can only be performed from the local network. There is not any exploit available. It is advisable to implement a patch to correct this issue.

A vulnerability classified as problematic was found in MISP 2.4.134. The impacted element is an unknown function of the component Template Element Handler. Executing a manipulation of the argument ID can lead to cross site scripting. This vulnerability is tracked as CVE-2020-28947. The attack can be launched remotely. No exploit exists. It is advisable to implement a patch to correct this issue.