495c4ee93c
- a previously assumed internal url can have user input appended via the MISP local tool connector - requires a compromised connected MISP instance where a malicious administrator modifies the UUIDs of cerebrate relevant objects to JS payloads - as reported by Dawid Czarcnecki of Zigrin Security |
||
|---|---|---|
| .. | ||
| Alignments | ||
| Api | ||
| AuditLogs | ||
| AuthKeys | ||
| Broods | ||
| Common | ||
| EncryptionKeys | ||
| Error | ||
| Inbox | ||
| Individuals | ||
| Instance | ||
| LocalTools | ||
| MetaTemplateFields | ||
| MetaTemplates | ||
| Open | ||
| Organisations | ||
| Outbox | ||
| Pages | ||
| Roles | ||
| SharingGroups | ||
| UserSettings | ||
| Users | ||
| cell | ||
| element | ||
| genericTemplates | ||
| layout | ||