cerebrate/templates
iglocska 495c4ee93c
fix: [security] XSS in the generic action template
- a previously assumed internal url can have user input appended via the MISP local tool connector
- requires a compromised connected MISP instance where a malicious administrator modifies the UUIDs of cerebrate relevant objects to JS payloads

- as reported by Dawid Czarcnecki of Zigrin Security
2022-02-20 12:07:06 +01:00
..
Alignments
Api new: add /api openapi spec view with redoc, add faker to fixtures, validate api responses with openapi spec, add /api/v1/ prefix to api routes 2022-01-07 13:45:52 +01:00
AuditLogs chg: [auditlog:index] Break text in changed column 2022-01-25 15:01:48 +01:00
AuthKeys fix: [users:view] Correctly reload authkey child panel when performing operations 2022-01-27 10:21:55 +01:00
Broods
Common fix: [templates:common] Removed extra closing tag 2022-01-25 15:02:58 +01:00
EncryptionKeys new: [encryption key] view added 2022-01-17 09:45:45 +01:00
Error
Inbox
Individuals fix: [inividuals] add shouldn't have the tagging options 2022-01-17 13:20:34 +01:00
Instance fix: [userSettings] Perform URI validation for bookmarks 2022-02-07 10:48:55 +01:00
LocalTools chg: [localtTools:connectionRequest] Provide more info on exception 2022-01-25 15:02:30 +01:00
MetaTemplateFields
MetaTemplates
Open
Organisations fix: [organisation:add] Removed useless description field 2022-01-17 15:45:51 +01:00
Outbox
Pages
Roles
SharingGroups fix: [sharing group form] default to own org as owner 2022-01-27 21:10:00 +01:00
UserSettings fix: [userSettings] Renamed template to match the controller endpoint 2022-02-07 10:37:03 +01:00
Users fix: [login] hide keycloak login if keycloak login is disabled 2022-01-27 22:11:51 +01:00
cell
element fix: [security] XSS in the generic action template 2022-02-20 12:07:06 +01:00
email
genericTemplates
layout new: [CodeMirror] Shows a placeholder whenever the textarea is empty 2022-01-17 11:29:50 +01:00