Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
misp vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2017-13671
app/View/Helper/CommandHelper.php in MISP prior to 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation.
Misp Misp
383
VMScore
CVE-2019-11812
A persistent XSS issue exists in app/View/Helper/CommandHelper.php in MISP prior to 2.4.107. JavaScript can be included in the discussion interface, and can be triggered by clicking on the link.
Misp Misp
383
VMScore
CVE-2022-27246
An issue exists in MISP prior to 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default.
Misp Misp
NA
CVE-2024-25674
An issue exists in MISP prior to 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type.
Misp Misp
NA
CVE-2024-25675
An issue exists in MISP prior to 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.
Misp Misp
356
VMScore
CVE-2019-16202
MISP prior to 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of M...
Misp Misp
668
VMScore
CVE-2022-29528
An issue exists in MISP prior to 2.4.158. PHAR deserialization can occur.
Misp Misp
312
VMScore
CVE-2022-29530
An issue exists in MISP prior to 2.4.158. There is stored XSS in the galaxy clusters.
Misp Misp
312
VMScore
CVE-2022-29531
An issue exists in MISP prior to 2.4.158. There is stored XSS in the event graph via a tag name.
Misp Misp
312
VMScore
CVE-2022-29532
An issue exists in MISP prior to 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it.
Misp Misp
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »