Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
misp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-49926
app/Lib/Tools/EventTimelineTool.php in MISP prior to 2.4.179 allows XSS in the event timeline widget.
Misp Misp
NA
CVE-2024-25674
An issue exists in MISP prior to 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type.
Misp Misp
NA
CVE-2024-25675
An issue exists in MISP prior to 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.
Misp Misp
NA
CVE-2023-50918
app/Controller/AuditLogsController.php in MISP prior to 2.4.182 mishandles ACLs for audit logs.
Misp Misp
4.3
CVSSv2
CVE-2021-36212
app/View/SharingGroups/view.ctp in MISP prior to 2.4.146 allows stored XSS in the sharing groups view.
Misp Misp
4.3
CVSSv2
CVE-2019-11812
A persistent XSS issue exists in app/View/Helper/CommandHelper.php in MISP prior to 2.4.107. JavaScript can be included in the discussion interface, and can be triggered by clicking on the link.
Misp Misp
4.3
CVSSv2
CVE-2019-11813
An issue exists in app/View/Elements/Events/View/value_field.ctp in MISP prior to 2.4.107. There is persistent XSS via link type attributes with javascript:// links.
Misp Misp
4.3
CVSSv2
CVE-2019-11814
An issue exists in app/webroot/js/misp.js in MISP prior to 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot.
Misp Misp
6.8
CVSSv2
CVE-2022-27243
An issue exists in MISP prior to 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting.
Misp Misp
3.5
CVSSv2
CVE-2022-27244
An issue exists in MISP prior to 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user.
Misp Misp
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »