Vulnerabilities > Misp Project > Misp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-20 | CVE-2023-24026 | Cross-site Scripting vulnerability in Misp-Project Misp 2.4.167 In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload. | 6.1 |
| 2023-01-20 | CVE-2023-24028 | Unspecified vulnerability in Misp-Project Misp 2.4.167 In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function. | 9.8 |
| 2018-05-18 | CVE-2018-11245 | Cross-site Scripting vulnerability in Misp-Project Misp 2.4.91 app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex type attributes. | 6.1 |
| 2018-03-23 | CVE-2018-8949 | Exposed Dangerous Method or Function vulnerability in Misp-Project Misp An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. | 5.5 |
| 2018-03-23 | CVE-2018-8948 | Cross-site Scripting vulnerability in Misp-Project Misp In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has multiple XSS issues via a malicious MISP module. | 4.3 |
| 2017-11-13 | CVE-2017-16802 | Cross-site Scripting vulnerability in Misp-Project Misp 2.4.82 In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added. | 3.5 |
| 2017-10-10 | CVE-2017-15216 | Cross-site Scripting vulnerability in Misp-Project Misp MISP before 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.js. | 4.3 |
| 2017-09-12 | CVE-2017-14337 | Improper Authentication vulnerability in Misp-Project Misp When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user. | 6.8 |
| 2017-03-21 | CVE-2017-7215 | Cross-site Scripting vulnerability in Misp Project Misp Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP before 2.4.69 allows remote attackers to inject arbitrary web script or HTML. | 4.3 |