Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
misp misp vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-25324
MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp.
Misp Misp 2.4.136
6.1
CVSSv3
CVE-2021-25325
MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs.
Misp Misp 2.4.136
8.1
CVSSv3
CVE-2017-14337
When MISP prior to 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user c...
Misp-project Misp
6.1
CVSSv3
CVE-2020-10246
MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is related to app/View/Users/statistics_orgs.ctp.
Misp Misp 2.4.122
6.1
CVSSv3
CVE-2020-10247
MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sighting_field.ctp.
Misp Misp 2.4.122
6.1
CVSSv3
CVE-2023-40224
MISP 2.4.174 allows XSS in app/View/Events/index.ctp.
Misp Misp 2.4.174
4.9
CVSSv3
CVE-2017-16946
The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.
Misp Misp 2.4.82
6.6
CVSSv3
CVE-2019-12794
An issue exists in MISP 2.4.108. Organization admins could reset credentials for site admins (organization admins have the inherent ability to reset passwords for all of their organization's users). This, however, could be abused in a situation where the host organization of...
Misp Misp 2.4.108
9.8
CVSSv3
CVE-2020-15411
An issue exists in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader.
Misp Misp 2.4.128
4.3
CVSSv3
CVE-2020-15412
An issue exists in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form.
Misp Misp 2.4.128
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »