You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/security.md
+1Lines changed: 1 addition & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -137,6 +137,7 @@ We firmly believe that, even though unfortunately it is often not regarded as co
137
137
-[GCVE-1-2025-0019](https://vulnerability.circl.lu/vuln/gcve-1-2025-0019) < MISP 2.5.26 - The “view picture” functionality in EventReport for site-administrators suffered from a path traversal vulnerability.
138
138
-[GCVE-1-2025-0030](https://vulnerability.circl.lu/vuln/gcve-1-2025-0030) < MISP 2.5.27 - A cross-site scripting (XSS) vulnerability in the “actions” table element template in app/View/Elements/genericElements/IndexTable/Fields/actions.ctp allows an attacker to inject arbitrary JavaScript code into the generated HTML.
139
139
-[GCVE-1-2025-0031](https://vulnerability.circl.lu/vuln/gcve-1-2025-0031) < MISP 2.5.27 - A cross-site scripting (XSS) vulnerability was identified in the workflow execution-path view in app/View/Elements/Workflows/executionPath.ctp.
140
+
-[GCVE-1-2025-0032](https://vulnerability.circl.lu/vuln/gcve-1-2026-0003) < MISP 2.5.32 - Stored/Reflected XSS via Unsanitized Parameters in URL Generation and JavaScript Context.
0 commit comments