Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
misp misp vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-27245
An issue exists in MISP prior to 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF.
Misp Misp
6.1
CVSSv3
CVE-2019-11812
A persistent XSS issue exists in app/View/Helper/CommandHelper.php in MISP prior to 2.4.107. JavaScript can be included in the discussion interface, and can be triggered by clicking on the link.
Misp Misp
4.8
CVSSv3
CVE-2022-27244
An issue exists in MISP prior to 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user.
Misp Misp
6.1
CVSSv3
CVE-2022-27246
An issue exists in MISP prior to 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default.
Misp Misp
6.1
CVSSv3
CVE-2021-36212
app/View/SharingGroups/view.ctp in MISP prior to 2.4.146 allows stored XSS in the sharing groups view.
Misp Misp
8.8
CVSSv3
CVE-2020-15711
In MISP prior to 2.4.129, setting a favourite homepage was not CSRF protected.
Misp Misp
6.1
CVSSv3
CVE-2019-10254
In MISP prior to 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability.
Misp Misp
6.1
CVSSv3
CVE-2023-49926
app/Lib/Tools/EventTimelineTool.php in MISP prior to 2.4.179 allows XSS in the event timeline widget.
Misp Misp
9.8
CVSSv3
CVE-2022-48328
app/Controller/Component/IndexFilterComponent.php in MISP prior to 2.4.167 mishandles ordered_url_params and additional_delimiters.
Misp Misp
9.8
CVSSv3
CVE-2022-48329
MISP prior to 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php.
Misp Misp
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »