Vulnerabilities > Misp Project > Malware Information Sharing Platform
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-23 | CVE-2023-24070 | Cross-site Scripting vulnerability in Misp-Project Malware Information Sharing Platform app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field. | 6.1 |
| 2022-12-22 | CVE-2022-47928 | Cross-site Scripting vulnerability in Misp-Project Malware Information Sharing Platform In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp. | 6.1 |
| 2022-10-10 | CVE-2022-42724 | Incorrect Authorization vulnerability in Misp-Project Malware Information Sharing Platform app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have). | 4.3 |
| 2016-09-03 | CVE-2015-5721 | Code Injection vulnerability in Misp-Project Malware Information Sharing Platform Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp. | 7.5 |
| 2016-09-03 | CVE-2015-5720 | Cross-site Scripting vulnerability in Misp-Project Malware Information Sharing Platform Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js. | 4.3 |
| 2016-09-03 | CVE-2015-5719 | Insecure Temporary File Creation vulnerability in Malware Information Sharing Platform app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors. | 10.0 |