Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
misp misp vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-36212
app/View/SharingGroups/view.ctp in MISP prior to 2.4.146 allows stored XSS in the sharing groups view.
Misp Misp
5
CVSSv2
CVE-2022-29534
An issue exists in MISP prior to 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header.
Misp Misp
4
CVSSv2
CVE-2019-16202
MISP prior to 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of M...
Misp Misp
6.8
CVSSv2
CVE-2020-15711
In MISP prior to 2.4.129, setting a favourite homepage was not CSRF protected.
Misp Misp
9
CVSSv2
CVE-2018-19908
An issue exists in MISP 2.4.9x prior to 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the ori...
Misp Misp
4.3
CVSSv2
CVE-2019-11812
A persistent XSS issue exists in app/View/Helper/CommandHelper.php in MISP prior to 2.4.107. JavaScript can be included in the discussion interface, and can be triggered by clicking on the link.
Misp Misp
4.3
CVSSv2
CVE-2019-11813
An issue exists in app/View/Elements/Events/View/value_field.ctp in MISP prior to 2.4.107. There is persistent XSS via link type attributes with javascript:// links.
Misp Misp
7.5
CVSSv2
CVE-2021-41326
In MISP prior to 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call.
Misp Misp
1 Github repository
6
CVSSv2
CVE-2019-12794
An issue exists in MISP 2.4.108. Organization admins could reset credentials for site admins (organization admins have the inherent ability to reset passwords for all of their organization's users). This, however, could be abused in a situation where the host organization of...
Misp Misp 2.4.108
3.5
CVSSv2
CVE-2019-9482
In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. Exploiting this requires access to the event that has received the sighting. The issue affects instances with restrictive sighting settings (event only / sighting reported only).
Misp Misp 2.4.102
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »