cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity
cerebrate/templates
History
iglocska 495c4ee93c
fix: [security] XSS in the generic action template 
- a previously assumed internal url can have user input appended via the MISP local tool connector
- requires a compromised connected MISP instance where a malicious administrator modifies the UUIDs of cerebrate relevant objects to JS payloads

- as reported by Dawid Czarcnecki of Zigrin Security
 		2022-02-20 12:07:06 +01:00
..
Alignments
Api
AuditLogs
AuthKeys fix: [users:view] Correctly reload authkey child panel when performing operations 2022-01-27 10:21:55 +01:00
Broods
Common
EncryptionKeys
Error
Inbox
Individuals
Instance fix: [userSettings] Perform URI validation for bookmarks 2022-02-07 10:48:55 +01:00
LocalTools
MetaTemplateFields
MetaTemplates
Open
Organisations
Outbox
Pages
Roles
SharingGroups fix: [sharing group form] default to own org as owner 2022-01-27 21:10:00 +01:00
UserSettings fix: [userSettings] Renamed template to match the controller endpoint 2022-02-07 10:37:03 +01:00
Users fix: [login] hide keycloak login if keycloak login is disabled 2022-01-27 22:11:51 +01:00
cell
element fix: [security] XSS in the generic action template 2022-02-20 12:07:06 +01:00
email
genericTemplates
layout