Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
misp vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-49926
app/Lib/Tools/EventTimelineTool.php in MISP prior to 2.4.179 allows XSS in the event timeline widget.
Misp Misp
4.9
CVSSv3
CVE-2020-11458
app/Model/feed.php in MISP prior to 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are ...
Misp Misp
7.5
CVSSv3
CVE-2020-25766
An issue exists in MISP prior to 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page.
Misp Misp
6.1
CVSSv3
CVE-2022-27246
An issue exists in MISP prior to 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default.
Misp Misp
6.1
CVSSv3
CVE-2020-13153
app/View/Events/resolved_attributes.ctp in MISP prior to 2.4.126 has XSS in the resolved attributes view.
Misp Misp
7.5
CVSSv3
CVE-2020-28043
MISP up to and including 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL.
Misp Misp
4.8
CVSSv3
CVE-2022-27244
An issue exists in MISP prior to 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user.
Misp Misp
5.9
CVSSv3
CVE-2020-8891
An issue exists in MISP prior to 2.4.121. It did not canonicalize usernames when trying to block a brute-force series of invalid requests.
Misp Misp
8.1
CVSSv3
CVE-2020-8892
An issue exists in MISP prior to 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests.
Misp Misp
7.5
CVSSv3
CVE-2020-8893
An issue exists in MISP prior to 2.4.121. The Galaxy view contained an incorrectly sanitized search string in app/View/Galaxies/view.ctp.
Misp Misp
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »