From 63dbba152e444de5721c4d8cd6c63e30985bb9e1 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Mon, 26 Dec 2022 14:57:04 +0100
Subject: [PATCH] chg: [security] CVE-2022-47928 added

---
 content/security.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/content/security.md b/content/security.md
index cfeab4a..a30b744 100755
--- a/content/security.md
+++ b/content/security.md
@@ -85,6 +85,7 @@ We firmly believe that, even though unfortunately it is often not regarded as co
 - [CVE-2022-29528](https://cvepremium.circl.lu/cve/CVE-2022-29528) < MISP 2.4.158. PHAR deserialization can occur.
 - [CVE-2022-29531](https://cvepremium.circl.lu/cve/CVE-2022-29531) < MISP 2.4.158. There is stored XSS in the event graph via a tag name.
 - [CVE-2022-42724](https://cvepremium.circl.lu/cve/CVE-2022-42724) < MISP 2.4.163 - allows attackers to discover role names (this is information that only the site admin should have).
+- [CVE-2022-47928](https://cvepremium.circl.lu/cve/CVE-2022-47928) < MISP 2.4.167 - XSS in the template file uploads in app/View/Templates/upload_file.ctp. 
 
 ## PGP Key