Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
misp misp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-24027
In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name.
Misp Misp 2.4.167
570
VMScore
CVE-2021-25323
The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password.
Misp Misp 2.4.136
383
VMScore
CVE-2021-25325
MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs.
Misp Misp 2.4.136
801
VMScore
CVE-2018-6926
In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject arbitrary OS commands. The im...
Misp Misp 2.4.87
312
VMScore
CVE-2021-37534
app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster.
Misp Misp 2.4.146
383
VMScore
CVE-2020-28947
In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled.
Misp Misp 2.4.134
383
VMScore
CVE-2020-29572
app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via the authkey comment field.
Misp Misp 2.4.135
445
VMScore
CVE-2019-19379
In app/Controller/TagsController.php in MISP 2.4.118, users can bypass intended restrictions on tagging data.
Misp Misp 2.4.118
383
VMScore
CVE-2019-14286
In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. A malicious MISP event must be crafted in order to trigger the vulnerability.
Misp Misp 2.4.111
578
VMScore
CVE-2019-12868
app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization.
Misp Misp 2.4.109
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »