Vulnerabilities > Misp Project > Malware Information Sharing Platform > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-06-30	CVE-2023-37307	Cross-site Scripting vulnerability in Misp-Project Malware Information Sharing Platform In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts. network low complexity misp-project CWE-79	5.4
2023-03-27	CVE-2023-28884	Cross-site Scripting vulnerability in Misp-Project Malware Information Sharing Platform 2.4.169 In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index. network low complexity misp-project CWE-79	6.1
2023-03-18	CVE-2023-28606	Cross-site Scripting vulnerability in Misp-Project Malware Information Sharing Platform js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips. network low complexity misp-project CWE-79	6.1
2023-03-18	CVE-2023-28607	Cross-site Scripting vulnerability in Misp-Project Malware Information Sharing Platform js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip. network low complexity misp-project CWE-79	6.1
2023-01-23	CVE-2023-24070	Cross-site Scripting vulnerability in Misp-Project Malware Information Sharing Platform app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field. network low complexity misp-project CWE-79	6.1
2022-12-22	CVE-2022-47928	Cross-site Scripting vulnerability in Misp-Project Malware Information Sharing Platform In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp. network low complexity misp-project CWE-79	6.1
2022-10-10	CVE-2022-42724	Incorrect Authorization vulnerability in Misp-Project Malware Information Sharing Platform app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have). network low complexity misp-project CWE-863	4.3
2016-09-03	CVE-2015-5720	Cross-site Scripting vulnerability in Misp-Project Malware Information Sharing Platform Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js. network misp-project CWE-79	4.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.