Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
misp vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2020-15412
An issue exists in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form.
Misp Misp 2.4.128
4.3
CVSSv2
CVE-2017-15216
MISP prior to 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.js.
Misp-project Misp
4
CVSSv2
CVE-2017-16946
The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.
Misp Misp 2.4.82
5.5
CVSSv2
CVE-2018-8949
An issue exists in app/Model/Attribute.php in MISP prior to 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an event (without attribute UUIDs but attribute IDs set) could overwrite an existing attr...
Misp-project Misp
6.8
CVSSv2
CVE-2021-39302
MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value.
Misp Misp 2.4.148
3.5
CVSSv2
CVE-2021-37742
app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships.
Misp Misp 2.4.147
3.5
CVSSv2
CVE-2021-37743
app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format.
Misp Misp 2.4.147
5
CVSSv2
CVE-2018-12649
An issue exists in app/Controller/UsersController.php in MISP 2.4.92. An adversary can bypass the brute-force protection by using a PUT HTTP method instead of a POST HTTP method in the login part, because this protection was only covering POST requests.
Misp Misp 2.4.92
4.3
CVSSv2
CVE-2020-24085
A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. Due to a lack of controller validation in "path" parameter, an attacker can execute malicious JavaScript code.
Misp Misp 2.4.128
5
CVSSv2
CVE-2019-19379
In app/Controller/TagsController.php in MISP 2.4.118, users can bypass intended restrictions on tagging data.
Misp Misp 2.4.118
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »