Filtered by vendor Misp
Subscriptions
Filtered by product Misp
Subscriptions
Total
70 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-37742 | 1 Misp | 1 Misp | 2024-08-04 | 5.4 Medium |
app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships. | ||||
CVE-2021-37743 | 1 Misp | 1 Misp | 2024-08-04 | 5.4 Medium |
app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format. | ||||
CVE-2021-37534 | 1 Misp | 1 Misp | 2024-08-04 | 5.4 Medium |
app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster. | ||||
CVE-2021-36212 | 1 Misp | 1 Misp | 2024-08-04 | 6.1 Medium |
app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view. | ||||
CVE-2021-35502 | 1 Misp | 1 Misp | 2024-08-04 | 9.8 Critical |
app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index. | ||||
CVE-2021-31780 | 1 Misp | 1 Misp | 2024-08-03 | 7.5 High |
In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead the passed local ID is reused. | ||||
CVE-2021-27904 | 1 Misp | 1 Misp | 2024-08-03 | 5.5 Medium |
An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors. | ||||
CVE-2021-25325 | 1 Misp | 1 Misp | 2024-08-03 | 6.1 Medium |
MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs. | ||||
CVE-2021-25323 | 1 Misp | 1 Misp | 2024-08-03 | 9.1 Critical |
The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password. | ||||
CVE-2021-25324 | 1 Misp | 1 Misp | 2024-08-03 | 6.1 Medium |
MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp. | ||||
CVE-2021-3184 | 1 Misp | 1 Misp | 2024-08-03 | 6.1 Medium |
MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button. | ||||
CVE-2022-48328 | 1 Misp | 1 Misp | 2024-08-03 | 9.8 Critical |
app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters. | ||||
CVE-2022-48329 | 1 Misp | 1 Misp | 2024-08-03 | 9.8 Critical |
MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php. | ||||
CVE-2022-29533 | 1 Misp | 1 Misp | 2024-08-03 | 6.1 Medium |
An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page." | ||||
CVE-2022-29531 | 1 Misp | 1 Misp | 2024-08-03 | 5.4 Medium |
An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name. | ||||
CVE-2022-29532 | 1 Misp | 1 Misp | 2024-08-03 | 4.8 Medium |
An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it. | ||||
CVE-2022-29529 | 1 Misp | 1 Misp | 2024-08-03 | 5.4 Medium |
An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field. | ||||
CVE-2022-29528 | 1 Misp | 1 Misp | 2024-08-03 | 9.8 Critical |
An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur. | ||||
CVE-2022-29530 | 1 Misp | 1 Misp | 2024-08-03 | 5.4 Medium |
An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters. | ||||
CVE-2022-29534 | 1 Misp | 1 Misp | 2024-08-03 | 7.5 High |
An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header. |