cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity
cerebrate/templates
History
iglocska 495c4ee93c
fix: [security] XSS in the generic action template 
- a previously assumed internal url can have user input appended via the MISP local tool connector
- requires a compromised connected MISP instance where a malicious administrator modifies the UUIDs of cerebrate relevant objects to JS payloads

- as reported by Dawid Czarcnecki of Zigrin Security
 		2022-02-20 12:07:06 +01:00
..
Alignments chg: [restructure] the application 2020-06-22 14:28:17 +02:00
Api new: add /api openapi spec view with redoc, add faker to fixtures, validate api responses with openapi spec, add /api/v1/ prefix to api routes 2022-01-07 13:45:52 +01:00
AuditLogs chg: [auditlog:index] Break text in changed column 2022-01-25 15:01:48 +01:00
AuthKeys fix: [users:view] Correctly reload authkey child panel when performing operations 2022-01-27 10:21:55 +01:00
Broods chg: [brood:add] Empty organisation by default 2021-06-30 12:24:34 +02:00
Common fix: [templates:common] Removed extra closing tag 2022-01-25 15:02:58 +01:00
EncryptionKeys new: [encryption key] view added 2022-01-17 09:45:45 +01:00
Error chg: [restructure] the application 2020-06-22 14:28:17 +02:00
Inbox chg: [bootstrap] Migrated APP to use bootstrap v5.x 2021-09-17 13:04:37 +02:00
Individuals fix: [inividuals] add shouldn't have the tagging options 2022-01-17 13:20:34 +01:00
Instance fix: [userSettings] Perform URI validation for bookmarks 2022-02-07 10:48:55 +01:00
LocalTools chg: [localtTools:connectionRequest] Provide more info on exception 2022-01-25 15:02:30 +01:00
MetaTemplateFields chg: [templates] House cleaning 2020-12-07 16:20:01 +01:00
MetaTemplates chg: [bootstrap] Migrated APP to use bootstrap v5.x 2021-09-17 13:04:37 +02:00
Open chg: [controllers] Bug fixes and usage of UI factory 2021-01-11 16:28:07 +01:00
Organisations fix: [organisation:add] Removed useless description field 2022-01-17 15:45:51 +01:00
Outbox chg: [genericElement:index-table] Automatically include selector if 2021-07-05 09:30:20 +02:00
Pages chg: [restructure] the application 2020-06-22 14:28:17 +02:00
Roles fix: [roles index] correctly allow site admins to modify / remove roles 2021-11-25 00:55:36 +01:00
SharingGroups fix: [sharing group form] default to own org as owner 2022-01-27 21:10:00 +01:00
UserSettings fix: [userSettings] Renamed template to match the controller endpoint 2022-02-07 10:37:03 +01:00
Users fix: [login] hide keycloak login if keycloak login is disabled 2022-01-27 22:11:51 +01:00
cell chg: [restructure] the application 2020-06-22 14:28:17 +02:00
element fix: [security] XSS in the generic action template 2022-02-20 12:07:06 +01:00
email chg: [restructure] the application 2020-06-22 14:28:17 +02:00
genericTemplates fix: [genericTemplate:filters] Correctly takes filter fields and simplified UI 2021-10-21 10:20:07 +02:00
layout new: [CodeMirror] Shows a placeholder whenever the textarea is empty 2022-01-17 11:29:50 +01:00