2.3.166

DATE	CVE	VULNERABILITY TITLE	RISK
2021-09-17	CVE-2021-41326	Unspecified vulnerability in Misp In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call. network low complexity misp critical	9.8
2021-07-07	CVE-2021-36212	Cross-site Scripting vulnerability in Misp app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view. network low complexity misp CWE-79	6.1
2021-03-02	CVE-2021-27904	Unspecified vulnerability in Misp An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. local low complexity misp	5.5
2020-11-24	CVE-2020-29006	Missing Authorization vulnerability in Misp MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php. network low complexity misp CWE-862 critical	9.8
2020-11-02	CVE-2020-28043	Server-Side Request Forgery (SSRF) vulnerability in Misp MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL. network low complexity misp CWE-918	7.5
2020-09-18	CVE-2020-25766	Unspecified vulnerability in Misp An issue was discovered in MISP before 2.4.132. network low complexity misp	7.5
2020-07-14	CVE-2020-15711	Cross-Site Request Forgery (CSRF) vulnerability in Misp In MISP before 2.4.129, setting a favourite homepage was not CSRF protected. network low complexity misp CWE-352	8.8
2020-05-18	CVE-2020-13153	Cross-site Scripting vulnerability in Misp app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view. network low complexity misp CWE-79	6.1
2020-04-02	CVE-2020-11458	Unspecified vulnerability in Misp app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. network low complexity misp	4.9
2020-02-12	CVE-2020-8894	Unspecified vulnerability in Misp An issue was discovered in MISP before 2.4.121. network low complexity misp	6.5