Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
misp misp vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-29530
An issue exists in MISP prior to 2.4.158. There is stored XSS in the galaxy clusters.
Misp Misp
4.8
CVSSv3
CVE-2022-29532
An issue exists in MISP prior to 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it.
Misp Misp
9.8
CVSSv3
CVE-2021-41326
In MISP prior to 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call.
Misp Misp
1 Github repository
6.1
CVSSv3
CVE-2020-13153
app/View/Events/resolved_attributes.ctp in MISP prior to 2.4.126 has XSS in the resolved attributes view.
Misp Misp
8.1
CVSSv3
CVE-2020-8892
An issue exists in MISP prior to 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests.
Misp Misp
9.8
CVSSv3
CVE-2022-29528
An issue exists in MISP prior to 2.4.158. PHAR deserialization can occur.
Misp Misp
5.4
CVSSv3
CVE-2022-29529
An issue exists in MISP prior to 2.4.158. There is stored XSS via the LinOTP login field.
Misp Misp
6.1
CVSSv3
CVE-2022-29533
An issue exists in MISP prior to 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page."
Misp Misp
5.5
CVSSv3
CVE-2021-27904
An issue exists in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors.
Misp Misp
6.5
CVSSv3
CVE-2019-16202
MISP prior to 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of M...
Misp Misp
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »