- if an attribute with an XSS payload as its value ends up being in the top list of correlations, then an administrator viewing the top correlations would execute the XSS
- as reported by Grzegorz Misiun
- collect metrics about the usage of MISP
- stored in redis
- per endpoint / user / user-agent collection
- collection of execution time, php memory use, sql execution time, sql query count
- the collection happens on a daily basis
- Searchable / filterable interface for the collected data
- Dashboard widget for the collected data
Debug.log was showing the following error otherwise:
```
2024-04-12 14:11:52 Notice: Notice (8): Undefined variable: relationshipsInbound in [/var/www/MISP/app/View/Elements/Events/View/row_object.ctp, line 40]
Trace:
ErrorHandler::handleError() - APP/Lib/cakephp/lib/Cake/Error/ErrorHandler.php, line 230
include - APP/View/Elements/Events/View/row_object.ctp, line 40
View::_evaluate() - APP/Lib/cakephp/lib/Cake/View/View.php, line 971
View::_render() - APP/Lib/cakephp/lib/Cake/View/View.php, line 933
View::_renderElement() - APP/Lib/cakephp/lib/Cake/View/View.php, line 1224
View::element() - APP/Lib/cakephp/lib/Cake/View/View.php, line 418
include - APP/View/Elements/eventattribute.ctp, line 148
View::_evaluate() - APP/Lib/cakephp/lib/Cake/View/View.php, line 971
View::_render() - APP/Lib/cakephp/lib/Cake/View/View.php, line 933
View::_renderElement() - APP/Lib/cakephp/lib/Cake/View/View.php, line 1224
View::element() - APP/Lib/cakephp/lib/Cake/View/View.php, line 418
include - APP/View/Elements/Events/View/event_contents.ctp, line 64
View::_evaluate() - APP/Lib/cakephp/lib/Cake/View/View.php, line 971
View::_render() - APP/Lib/cakephp/lib/Cake/View/View.php, line 933
View::_renderElement() - APP/Lib/cakephp/lib/Cake/View/View.php, line 1224
View::element() - APP/Lib/cakephp/lib/Cake/View/View.php, line 418
include - APP/View/Elements/genericElements/SingleViews/single_view.ctp, line 113
View::_evaluate() - APP/Lib/cakephp/lib/Cake/View/View.php, line 971
View::_render() - APP/Lib/cakephp/lib/Cake/View/View.php, line 933
View::_renderElement() - APP/Lib/cakephp/lib/Cake/View/View.php, line 1224
View::element() - APP/Lib/cakephp/lib/Cake/View/View.php, line 418
include - APP/View/Events/view.ctp, line 296
View::_evaluate() - APP/Lib/cakephp/lib/Cake/View/View.php, line 971
View::_render() - APP/Lib/cakephp/lib/Cake/View/View.php, line 933
View::render() - APP/Lib/cakephp/lib/Cake/View/View.php, line 473
Controller::render() - APP/Lib/cakephp/lib/Cake/Controller/Controller.php, line 968
Dispatcher::_invoke() - APP/Lib/cakephp/lib/Cake/Routing/Dispatcher.php, line 200
Dispatcher::dispatch() - APP/Lib/cakephp/lib/Cake/Routing/Dispatcher.php, line 167
[main] - APP/webroot/index.php, line 101
```
- block organisations' sightings from being created / pulled
- Added a new option to the restsearch of sightings too which this feature uses if available
- if it isn't, the system will block the insertion on the beforeValidate() level
- Outcome of the JTAN hackathon on 04.04.2024 in Luxembourg
iglocska