Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
misp vulnerabilities and exploits
(subscribe to this query)
801
VMScore
CVE-2018-6926
In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject arbitrary OS commands. The im...
Misp Misp 2.4.87
312
VMScore
CVE-2021-37743
app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format.
Misp Misp 2.4.147
312
VMScore
CVE-2021-37534
app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster.
Misp Misp 2.4.146
445
VMScore
CVE-2019-19379
In app/Controller/TagsController.php in MISP 2.4.118, users can bypass intended restrictions on tagging data.
Misp Misp 2.4.118
383
VMScore
CVE-2020-10246
MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is related to app/View/Users/statistics_orgs.ctp.
Misp Misp 2.4.122
383
VMScore
CVE-2020-10247
MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sighting_field.ctp.
Misp Misp 2.4.122
383
VMScore
CVE-2020-28947
In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled.
Misp Misp 2.4.134
383
VMScore
CVE-2021-25324
MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp.
Misp Misp 2.4.136
383
VMScore
CVE-2018-11562
An issue exists in MISP 2.4.91. A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the deleted attributes quick filter.
Misp Misp 2.4.91
NA
CVE-2023-40224
MISP 2.4.174 allows XSS in app/View/Events/index.ctp.
Misp Misp 2.4.174
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »