Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
misp misp vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-8893
An issue exists in MISP prior to 2.4.121. The Galaxy view contained an incorrectly sanitized search string in app/View/Galaxies/view.ctp.
Misp Misp
5
CVSSv2
CVE-2020-25766
An issue exists in MISP prior to 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page.
Misp Misp
4.3
CVSSv2
CVE-2019-11812
A persistent XSS issue exists in app/View/Helper/CommandHelper.php in MISP prior to 2.4.107. JavaScript can be included in the discussion interface, and can be triggered by clicking on the link.
Misp Misp
4.3
CVSSv2
CVE-2019-11813
An issue exists in app/View/Elements/Events/View/value_field.ctp in MISP prior to 2.4.107. There is persistent XSS via link type attributes with javascript:// links.
Misp Misp
4.3
CVSSv2
CVE-2019-11814
An issue exists in app/webroot/js/misp.js in MISP prior to 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot.
Misp Misp
NA
CVE-2022-48328
app/Controller/Component/IndexFilterComponent.php in MISP prior to 2.4.167 mishandles ordered_url_params and additional_delimiters.
Misp Misp
NA
CVE-2022-48329
MISP prior to 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php.
Misp Misp
6.8
CVSSv2
CVE-2020-15711
In MISP prior to 2.4.129, setting a favourite homepage was not CSRF protected.
Misp Misp
6.8
CVSSv2
CVE-2020-8892
An issue exists in MISP prior to 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests.
Misp Misp
7.5
CVSSv2
CVE-2022-29528
An issue exists in MISP prior to 2.4.158. PHAR deserialization can occur.
Misp Misp
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »