cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity
cerebrate/templates/element
History
iglocska 495c4ee93c
fix: [security] XSS in the generic action template 
- a previously assumed internal url can have user input appended via the MISP local tool connector
- requires a compromised connected MISP instance where a malicious administrator modifies the UUIDs of cerebrate relevant objects to JS payloads

- as reported by Dawid Czarcnecki of Zigrin Security
 		2022-02-20 12:07:06 +01:00
..
Settings fix: [settings:settingField] Enforce sanitization of input fields 2022-02-07 11:43:09 +01:00
UserSettings
charts
flash
genericElements fix: [security] XSS in the generic action template 2022-02-20 12:07:06 +01:00
layouts fix: [userSettings] Perform URI validation for bookmarks 2022-02-07 10:48:55 +01:00
widgets chg: [ui:home] Nicer icons and layout 2021-10-18 14:59:18 +02:00
footer.php
header.php
side_menu.php