Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
misp vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-25325
MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs.
Misp Misp 2.4.136
NA
CVE-2023-40224
MISP 2.4.174 allows XSS in app/View/Events/index.ctp.
Misp Misp 2.4.174
NA
CVE-2023-24026
In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload.
Misp-project Misp 2.4.167
NA
CVE-2023-24028
In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function.
Misp-project Misp 2.4.167
7.5
CVSSv2
CVE-2020-12889
MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case.
Misp Misp-maltego 1.4.4
4.3
CVSSv2
CVE-2018-11245
app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex type attributes.
Misp-project Misp 2.4.91
3.5
CVSSv2
CVE-2017-16802
In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added.
Misp-project Misp 2.4.82
NA
CVE-2022-42724
app/Controller/UsersController.php in MISP prior to 2.4.164 allows malicious users to discover role names (this is information that only the site admin should have).
Misp-project Malware Information Sharing Platform
NA
CVE-2023-28606
js/event-graph.js in MISP prior to 2.4.169 allows XSS via event-graph node tooltips.
Misp-project Malware Information Sharing Platform
NA
CVE-2023-37307
In MISP prior to 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.
Misp-project Malware Information Sharing Platform
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »