An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related t…
An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.
The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.
https://cwe.mitre.org/data/definitions/749.html →Open in CWE collection →An adversary, through a previously installed malicious application, injects code into the context of a web page displayed by a WebView component. Through the injected code, an adversary is able to manipulate the DOM tree and cookies of the page, expose sensitive information, and can launch attacks against the web application from within the web page.
https://capec.mitre.org/data/definitions/500.html →Open in CAPEC collection →