Vulnerabilities > Misp

DATE CVE VULNERABILITY TITLE RISK
2024-09-15 CVE-2024-46918 Incorrect Authorization vulnerability in Misp
app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org.
network
low complexity
misp CWE-863
4.9
2024-09-01 CVE-2024-45509 Incorrect Authorization vulnerability in Misp
In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to bookmarks data in the case where the user is not an org admin.
network
low complexity
misp CWE-863
6.5
2024-02-09 CVE-2024-25674 Unrestricted Upload of File with Dangerous Type vulnerability in Misp
An issue was discovered in MISP before 2.4.184.
network
low complexity
misp CWE-434
critical
9.8
2024-02-09 CVE-2024-25675 Unspecified vulnerability in Misp
An issue was discovered in MISP before 2.4.184.
network
low complexity
misp
critical
9.8
2023-12-15 CVE-2023-50918 Unspecified vulnerability in Misp
app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.
network
low complexity
misp
critical
9.8
2023-12-03 CVE-2023-49926 Cross-site Scripting vulnerability in Misp
app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget.
network
low complexity
misp CWE-79
6.1
2023-08-23 CVE-2023-41098 Cross-site Scripting vulnerability in Misp 2.4.174
An issue was discovered in MISP 2.4.174.
network
low complexity
misp CWE-79
6.1
2023-08-10 CVE-2023-40224 Cross-site Scripting vulnerability in Misp 2.4.174
MISP 2.4.174 allows XSS in app/View/Events/index.ctp.
network
low complexity
misp CWE-79
6.1
2023-02-20 CVE-2022-48328 Improper Handling of Exceptional Conditions vulnerability in Misp
app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters.
network
low complexity
misp CWE-755
critical
9.8
2023-02-20 CVE-2022-48329 Improper Handling of Exceptional Conditions vulnerability in Misp
MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php.
network
low complexity
misp CWE-755
critical
9.8