Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
misp vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2021-27904
An issue exists in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors.
Misp Misp
7.5
CVSSv3
CVE-2020-25766
An issue exists in MISP prior to 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page.
Misp Misp
9.8
CVSSv3
CVE-2023-50918
app/Controller/AuditLogsController.php in MISP prior to 2.4.182 mishandles ACLs for audit logs.
Misp Misp
6.1
CVSSv3
CVE-2019-11813
An issue exists in app/View/Elements/Events/View/value_field.ctp in MISP prior to 2.4.107. There is persistent XSS via link type attributes with javascript:// links.
Misp Misp
6.1
CVSSv3
CVE-2019-10254
In MISP prior to 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability.
Misp Misp
6.5
CVSSv3
CVE-2019-16202
MISP prior to 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of M...
Misp Misp
9.8
CVSSv3
CVE-2022-29528
An issue exists in MISP prior to 2.4.158. PHAR deserialization can occur.
Misp Misp
6.1
CVSSv3
CVE-2020-13153
app/View/Events/resolved_attributes.ctp in MISP prior to 2.4.126 has XSS in the resolved attributes view.
Misp Misp
6.1
CVSSv3
CVE-2021-36212
app/View/SharingGroups/view.ctp in MISP prior to 2.4.146 allows stored XSS in the sharing groups view.
Misp Misp
6.1
CVSSv3
CVE-2023-49926
app/Lib/Tools/EventTimelineTool.php in MISP prior to 2.4.179 allows XSS in the event timeline widget.
Misp Misp
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »