Total
68 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48328 | 1 Misp | 1 Misp | 2024-02-16 | N/A | 9.8 CRITICAL |
| app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters. | |||||
| CVE-2024-25674 | 1 Misp | 1 Misp | 2024-02-12 | N/A | 9.8 CRITICAL |
| An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type. | |||||
| CVE-2024-25675 | 1 Misp | 1 Misp | 2024-02-12 | N/A | 9.8 CRITICAL |
| An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp. | |||||
| CVE-2022-29534 | 1 Misp | 1 Misp | 2024-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header. | |||||
| CVE-2022-29532 | 1 Misp | 1 Misp | 2024-02-01 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it. | |||||
| CVE-2022-29528 | 1 Misp | 1 Misp | 2023-12-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur. | |||||
| CVE-2022-29530 | 1 Misp | 1 Misp | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters. | |||||
| CVE-2022-29531 | 1 Misp | 1 Misp | 2023-12-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name. | |||||
| CVE-2022-29533 | 1 Misp | 1 Misp | 2023-12-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page." | |||||
| CVE-2023-50918 | 1 Misp | 1 Misp | 2023-12-19 | N/A | 9.8 CRITICAL |
| app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs. | |||||
| CVE-2023-49926 | 1 Misp | 1 Misp | 2023-12-06 | N/A | 6.1 MEDIUM |
| app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget. | |||||
| CVE-2023-40224 | 1 Misp | 1 Misp | 2023-11-17 | N/A | 6.1 MEDIUM |
| MISP 2.4.174 allows XSS in app/View/Events/index.ctp. | |||||
| CVE-2022-29529 | 1 Misp | 1 Misp | 2023-11-03 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field. | |||||
| CVE-2021-41326 | 1 Misp | 1 Misp | 2023-09-28 | 7.5 HIGH | 9.8 CRITICAL |
| In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call. | |||||
| CVE-2021-37742 | 1 Misp | 1 Misp | 2023-09-28 | 3.5 LOW | 5.4 MEDIUM |
| app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships. | |||||
| CVE-2020-8894 | 1 Misp | 1 Misp | 2023-09-28 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/Controller/ThreadsController.php and app/Model/Thread.php. | |||||
| CVE-2020-8893 | 1 Misp | 1 Misp | 2023-09-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in MISP before 2.4.121. The Galaxy view contained an incorrectly sanitized search string in app/View/Galaxies/view.ctp. | |||||
| CVE-2019-12868 | 1 Misp | 1 Misp | 2023-09-28 | 6.5 MEDIUM | 7.2 HIGH |
| app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization. | |||||
| CVE-2023-41098 | 1 Misp | 1 Misp | 2023-08-28 | N/A | 6.1 MEDIUM |
| An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit. | |||||
| CVE-2020-10247 | 1 Misp | 1 Misp | 2023-03-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sighting_field.ctp. | |||||