Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
misp vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-28043
MISP up to and including 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL.
Misp Misp
7.5
CVSSv2
CVE-2022-29528
An issue exists in MISP prior to 2.4.158. PHAR deserialization can occur.
Misp Misp
3.5
CVSSv2
CVE-2022-29532
An issue exists in MISP prior to 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it.
Misp Misp
4.3
CVSSv2
CVE-2020-13153
app/View/Events/resolved_attributes.ctp in MISP prior to 2.4.126 has XSS in the resolved attributes view.
Misp Misp
NA
CVE-2022-48328
app/Controller/Component/IndexFilterComponent.php in MISP prior to 2.4.167 mishandles ordered_url_params and additional_delimiters.
Misp Misp
NA
CVE-2022-48329
MISP prior to 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php.
Misp Misp
4.3
CVSSv2
CVE-2020-8890
An issue exists in MISP prior to 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of invalid requests.
Misp Misp
4.3
CVSSv2
CVE-2020-8891
An issue exists in MISP prior to 2.4.121. It did not canonicalize usernames when trying to block a brute-force series of invalid requests.
Misp Misp
6.8
CVSSv2
CVE-2020-8892
An issue exists in MISP prior to 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests.
Misp Misp
5
CVSSv2
CVE-2020-8893
An issue exists in MISP prior to 2.4.121. The Galaxy view contained an incorrectly sanitized search string in app/View/Galaxies/view.ctp.
Misp Misp
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »