Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
misp vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2020-8890
An issue exists in MISP prior to 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of invalid requests.
Misp Misp
6.1
CVSSv3
CVE-2019-11814
An issue exists in app/webroot/js/misp.js in MISP prior to 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot.
Misp Misp
9.8
CVSSv3
CVE-2024-25674
An issue exists in MISP prior to 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type.
Misp Misp
9.8
CVSSv3
CVE-2024-25675
An issue exists in MISP prior to 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.
Misp Misp
6.1
CVSSv3
CVE-2017-13671
app/View/Helper/CommandHelper.php in MISP prior to 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation.
Misp Misp
7.8
CVSSv3
CVE-2022-27243
An issue exists in MISP prior to 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting.
Misp Misp
4.8
CVSSv3
CVE-2022-27244
An issue exists in MISP prior to 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user.
Misp Misp
8.8
CVSSv3
CVE-2022-27245
An issue exists in MISP prior to 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF.
Misp Misp
6.1
CVSSv3
CVE-2022-27246
An issue exists in MISP prior to 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default.
Misp Misp
6.1
CVSSv3
CVE-2023-49926
app/Lib/Tools/EventTimelineTool.php in MISP prior to 2.4.179 allows XSS in the event timeline widget.
Misp Misp
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »