Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
misp vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-11813
An issue exists in app/View/Elements/Events/View/value_field.ctp in MISP prior to 2.4.107. There is persistent XSS via link type attributes with javascript:// links.
Misp Misp
6.1
CVSSv3
CVE-2019-11814
An issue exists in app/webroot/js/misp.js in MISP prior to 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot.
Misp Misp
7.5
CVSSv3
CVE-2020-28043
MISP up to and including 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL.
Misp Misp
9.8
CVSSv3
CVE-2024-25674
An issue exists in MISP prior to 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type.
Misp Misp
9.8
CVSSv3
CVE-2024-25675
An issue exists in MISP prior to 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.
Misp Misp
6.1
CVSSv3
CVE-2020-13153
app/View/Events/resolved_attributes.ctp in MISP prior to 2.4.126 has XSS in the resolved attributes view.
Misp Misp
7.5
CVSSv3
CVE-2020-25766
An issue exists in MISP prior to 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page.
Misp Misp
6.1
CVSSv3
CVE-2023-49926
app/Lib/Tools/EventTimelineTool.php in MISP prior to 2.4.179 allows XSS in the event timeline widget.
Misp Misp
9.8
CVSSv3
CVE-2018-12649
An issue exists in app/Controller/UsersController.php in MISP 2.4.92. An adversary can bypass the brute-force protection by using a PUT HTTP method instead of a POST HTTP method in the login part, because this protection was only covering POST requests.
Misp Misp 2.4.92
6.1
CVSSv3
CVE-2020-10247
MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sighting_field.ctp.
Misp Misp 2.4.122
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »