Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
misp vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2017-16946
The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.
Misp Misp 2.4.82
6.8
CVSSv2
CVE-2017-14337
When MISP prior to 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user c...
Misp-project Misp
4.3
CVSSv2
CVE-2018-11245
app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex type attributes.
Misp-project Misp 2.4.91
NA
CVE-2023-24026
In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload.
Misp-project Misp 2.4.167
NA
CVE-2023-24028
In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function.
Misp-project Misp 2.4.167
7.5
CVSSv2
CVE-2020-12889
MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case.
Misp Misp-maltego 1.4.4
3.5
CVSSv2
CVE-2017-16802
In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added.
Misp-project Misp 2.4.82
NA
CVE-2022-42724
app/Controller/UsersController.php in MISP prior to 2.4.164 allows malicious users to discover role names (this is information that only the site admin should have).
Misp-project Malware Information Sharing Platform
4.3
CVSSv2
CVE-2015-5720
Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) prior to 2.3.90 allow remote malicious users to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxifi...
Misp-project Malware Information Sharing Platform
NA
CVE-2023-28606
js/event-graph.js in MISP prior to 2.4.169 allows XSS via event-graph node tooltips.
Misp-project Malware Information Sharing Platform
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »