Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
misp misp vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2017-13671
app/View/Helper/CommandHelper.php in MISP prior to 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation.
Misp Misp
7.5
CVSSv2
CVE-2020-29006
MISP prior to 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php.
Misp Misp
5
CVSSv2
CVE-2020-25766
An issue exists in MISP prior to 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page.
Misp Misp
NA
CVE-2023-49926
app/Lib/Tools/EventTimelineTool.php in MISP prior to 2.4.179 allows XSS in the event timeline widget.
Misp Misp
4.3
CVSSv2
CVE-2019-11813
An issue exists in app/View/Elements/Events/View/value_field.ctp in MISP prior to 2.4.107. There is persistent XSS via link type attributes with javascript:// links.
Misp Misp
NA
CVE-2022-48328
app/Controller/Component/IndexFilterComponent.php in MISP prior to 2.4.167 mishandles ordered_url_params and additional_delimiters.
Misp Misp
NA
CVE-2022-48329
MISP prior to 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php.
Misp Misp
NA
CVE-2023-50918
app/Controller/AuditLogsController.php in MISP prior to 2.4.182 mishandles ACLs for audit logs.
Misp Misp
4.3
CVSSv2
CVE-2020-8891
An issue exists in MISP prior to 2.4.121. It did not canonicalize usernames when trying to block a brute-force series of invalid requests.
Misp Misp
5
CVSSv2
CVE-2020-8893
An issue exists in MISP prior to 2.4.121. The Galaxy view contained an incorrectly sanitized search string in app/View/Galaxies/view.ctp.
Misp Misp
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »