Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
misp vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-14286
In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. A malicious MISP event must be crafted in order to trigger the vulnerability.
Misp Misp 2.4.111
5
CVSSv2
CVE-2019-19379
In app/Controller/TagsController.php in MISP 2.4.118, users can bypass intended restrictions on tagging data.
Misp Misp 2.4.118
NA
CVE-2023-24026
In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload.
Misp-project Misp 2.4.167
NA
CVE-2023-24028
In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function.
Misp-project Misp 2.4.167
3.5
CVSSv2
CVE-2017-16802
In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added.
Misp-project Misp 2.4.82
7.5
CVSSv2
CVE-2020-12889
MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case.
Misp Misp-maltego 1.4.4
4.3
CVSSv2
CVE-2018-11245
app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex type attributes.
Misp-project Misp 2.4.91
NA
CVE-2023-37307
In MISP prior to 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.
Misp-project Malware Information Sharing Platform
NA
CVE-2022-47928
In MISP prior to 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp.
Misp-project Malware Information Sharing Platform
4.3
CVSSv2
CVE-2015-5720
Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) prior to 2.3.90 allow remote malicious users to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxifi...
Misp-project Malware Information Sharing Platform
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »