Vulnerabilities > Misp Project > Malware Information Sharing Platform > 2.3.60

DATE	CVE	VULNERABILITY TITLE	RISK
2022-10-10	CVE-2022-42724	Incorrect Authorization vulnerability in Misp-Project Malware Information Sharing Platform app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have). network low complexity misp-project CWE-863	4.3
2016-09-03	CVE-2015-5721	Code Injection vulnerability in Misp-Project Malware Information Sharing Platform Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp. network low complexity misp-project CWE-94	7.5
2016-09-03	CVE-2015-5720	Cross-site Scripting vulnerability in Misp-Project Malware Information Sharing Platform Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js. network misp-project CWE-79	4.3
2016-09-03	CVE-2015-5719	Insecure Temporary File Creation vulnerability in Malware Information Sharing Platform app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors. network low complexity misp-project critical	10.0

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.