Filtered by vendor Misp
Subscriptions
Filtered by product Misp
Subscriptions
Total
89 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-16946 | 1 Misp | 1 Misp | 2025-04-20 | N/A |
| The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log. | ||||
| CVE-2023-24027 | 1 Misp | 1 Misp | 2025-04-02 | 6.1 Medium |
| In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name. | ||||
| CVE-2022-48329 | 1 Misp | 1 Misp | 2025-03-18 | 9.8 Critical |
| MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php. | ||||
| CVE-2024-46918 | 1 Misp | 1 Misp | 2025-03-13 | 9.8 Critical |
| app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org. | ||||
| CVE-2023-40224 | 1 Misp | 1 Misp | 2024-12-03 | 6.1 Medium |
| MISP 2.4.174 allows XSS in app/View/Events/index.ctp. | ||||
| CVE-2022-48328 | 1 Misp | 1 Misp | 2024-11-27 | 9.8 Critical |
| app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters. | ||||
| CVE-2024-29859 | 1 Misp | 1 Misp | 2024-11-21 | 9.8 Critical |
| In MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload. | ||||
| CVE-2024-25674 | 1 Misp | 1 Misp | 2024-11-21 | 9.8 Critical |
| An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type. | ||||
| CVE-2023-50918 | 1 Misp | 1 Misp | 2024-11-21 | 9.8 Critical |
| app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs. | ||||
| CVE-2023-49926 | 1 Misp | 1 Misp | 2024-11-21 | 6.1 Medium |
| app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget. | ||||
| CVE-2023-41098 | 1 Misp | 1 Misp | 2024-11-21 | 6.1 Medium |
| An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit. | ||||
| CVE-2022-29534 | 1 Misp | 1 Misp | 2024-11-21 | 7.5 High |
| An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header. | ||||
| CVE-2022-29533 | 1 Misp | 1 Misp | 2024-11-21 | 6.1 Medium |
| An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page." | ||||
| CVE-2022-29532 | 1 Misp | 1 Misp | 2024-11-21 | 4.8 Medium |
| An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it. | ||||
| CVE-2022-29531 | 1 Misp | 1 Misp | 2024-11-21 | 5.4 Medium |
| An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name. | ||||
| CVE-2022-29530 | 1 Misp | 1 Misp | 2024-11-21 | 5.4 Medium |
| An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters. | ||||
| CVE-2022-29529 | 1 Misp | 1 Misp | 2024-11-21 | 5.4 Medium |
| An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field. | ||||
| CVE-2022-29528 | 1 Misp | 1 Misp | 2024-11-21 | 9.8 Critical |
| An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur. | ||||
| CVE-2022-27246 | 1 Misp | 1 Misp | 2024-11-21 | 6.1 Medium |
| An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default. | ||||
| CVE-2022-27245 | 1 Misp | 1 Misp | 2024-11-21 | 8.8 High |
| An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF. | ||||