Filtered by vendor Misp
Subscriptions
Total
71 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-29534 | 1 Misp | 1 Misp | 2024-08-03 | 7.5 High |
An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header. | ||||
CVE-2022-27246 | 1 Misp | 1 Misp | 2024-08-03 | 6.1 Medium |
An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default. | ||||
CVE-2022-27243 | 1 Misp | 1 Misp | 2024-08-03 | 7.8 High |
An issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting. | ||||
CVE-2022-27244 | 1 Misp | 1 Misp | 2024-08-03 | 4.8 Medium |
An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user. | ||||
CVE-2022-27245 | 1 Misp | 1 Misp | 2024-08-03 | 8.8 High |
An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF. | ||||
CVE-2023-50918 | 1 Misp | 1 Misp | 2024-08-02 | 9.8 Critical |
app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs. | ||||
CVE-2023-49926 | 1 Misp | 1 Misp | 2024-08-02 | 6.1 Medium |
app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget. | ||||
CVE-2023-41098 | 1 Misp | 1 Misp | 2024-08-02 | 6.1 Medium |
An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit. | ||||
CVE-2023-40224 | 1 Misp | 1 Misp | 2024-08-02 | 6.1 Medium |
MISP 2.4.174 allows XSS in app/View/Events/index.ctp. | ||||
CVE-2023-24027 | 1 Misp | 1 Misp | 2024-08-02 | 6.1 Medium |
In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name. | ||||
CVE-2024-25675 | 1 Misp | 1 Misp | 2024-08-01 | 9.8 Critical |
An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp. |