Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
misp project misp vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2017-14337
When MISP prior to 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user c...
Misp-project Misp
5.5
CVSSv2
CVE-2018-8949
An issue exists in app/Model/Attribute.php in MISP prior to 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an event (without attribute UUIDs but attribute IDs set) could overwrite an existing attr...
Misp-project Misp
4.3
CVSSv2
CVE-2017-7215
Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP prior to 2.4.69 allows remote malicious users to inject arbitrary web script or HTML.
Misp Project Misp
4.3
CVSSv2
CVE-2018-8948
In MISP prior to 2.4.89, app/View/Events/resolved_attributes.ctp has multiple XSS issues via a malicious MISP module.
Misp-project Misp
4.3
CVSSv2
CVE-2017-15216
MISP prior to 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.js.
Misp-project Misp
3.5
CVSSv2
CVE-2017-16802
In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added.
Misp-project Misp 2.4.82
4.3
CVSSv2
CVE-2018-11245
app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex type attributes.
Misp-project Misp 2.4.91
NA
CVE-2023-24026
In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload.
Misp-project Misp 2.4.167
NA
CVE-2023-24028
In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function.
Misp-project Misp 2.4.167
NA
CVE-2023-48658
An issue exists in MISP prior to 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space.
Misp-project Malware Information Sharing Platform
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »