Misp-project ≫ Misp

An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.

app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.

app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget.

An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters.

An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.

An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.

An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space.

An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing.

An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit.

MISP 2.4.174 allows XSS in app/View/Events/index.ctp.