CVE-2025-67906

Medium CVSS: 5.4

In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path.

Vendor

Product

CWE

Yayın Tarihi

2025-12-15 04:15:37

Güncelleme

2025-12-21 01:15:51

Source Identifier

cve@mitre.org

KEV Date Added

CWE-79 Misp MEDIUM Misp 2025

https://github.com/MISP/MISP/commit/1f39deb572da7ecb5855e30ff3cc8cbcaa0c1054 https://github.com/MISP/MISP/compare/v2.5.27...v2.5.28 https://github.com/franckferman/CVE-2025-67906 https://github.com/franckferman/GCVE-1-2025-0030 https://vulnerability.circl.lu/vuln/gcve-1-2025-0031 https://github.com/franckferman/CVE-2025-67906

Medium

CVE-2024-58128

In MISP before 2.4.193, menu_custom_right_link parameters can be set via the UI (i.e., without using the CLI) and thus a…

Medium

CVE-2024-58129

In MISP before 2.4.193, menu_custom_right_link_html parameters can be set via the UI (i.e., without using the CLI) and t…

High

CVE-2024-58130

In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization…

Medium

CVE-2024-57969

app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.