ReportizFlow
Filtered by vendor Misp
Subscriptions
Total
80 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41098 | 1 Misp | 1 Misp | 2024-11-21 | 6.1 Medium |
| An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit. | ||||
| CVE-2022-29534 | 1 Misp | 1 Misp | 2024-11-21 | 7.5 High |
| An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header. | ||||
| CVE-2022-29533 | 1 Misp | 1 Misp | 2024-11-21 | 6.1 Medium |
| An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page." | ||||
| CVE-2022-29532 | 1 Misp | 1 Misp | 2024-11-21 | 4.8 Medium |
| An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it. | ||||
| CVE-2022-29531 | 1 Misp | 1 Misp | 2024-11-21 | 5.4 Medium |
| An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name. | ||||
| CVE-2022-29530 | 1 Misp | 1 Misp | 2024-11-21 | 5.4 Medium |
| An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters. | ||||
| CVE-2022-29529 | 1 Misp | 1 Misp | 2024-11-21 | 5.4 Medium |
| An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field. | ||||
| CVE-2022-29528 | 1 Misp | 1 Misp | 2024-11-21 | 9.8 Critical |
| An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur. | ||||
| CVE-2022-27246 | 1 Misp | 1 Misp | 2024-11-21 | 6.1 Medium |
| An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default. | ||||
| CVE-2022-27245 | 1 Misp | 1 Misp | 2024-11-21 | 8.8 High |
| An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF. | ||||
| CVE-2022-27244 | 1 Misp | 1 Misp | 2024-11-21 | 4.8 Medium |
| An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user. | ||||
| CVE-2022-27243 | 1 Misp | 1 Misp | 2024-11-21 | 7.8 High |
| An issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting. | ||||
| CVE-2021-41326 | 1 Misp | 1 Misp | 2024-11-21 | 9.8 Critical |
| In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call. | ||||
| CVE-2021-3184 | 1 Misp | 1 Misp | 2024-11-21 | 6.1 Medium |
| MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button. | ||||
| CVE-2021-39302 | 1 Misp | 1 Misp | 2024-11-21 | 9.8 Critical |
| MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value. | ||||
| CVE-2021-37743 | 1 Misp | 1 Misp | 2024-11-21 | 5.4 Medium |
| app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format. | ||||
| CVE-2021-37742 | 1 Misp | 1 Misp | 2024-11-21 | 5.4 Medium |
| app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships. | ||||
| CVE-2021-37534 | 1 Misp | 1 Misp | 2024-11-21 | 5.4 Medium |
| app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster. | ||||
| CVE-2021-36212 | 1 Misp | 1 Misp | 2024-11-21 | 6.1 Medium |
| app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view. | ||||
| CVE-2021-35502 | 1 Misp | 1 Misp | 2024-11-21 | 9.8 Critical |
| app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index. | ||||