Vulnerabilities > Misp
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-18 | CVE-2022-27245 | Server-Side Request Forgery (SSRF) vulnerability in Misp An issue was discovered in MISP before 2.4.156. | 8.8 |
2022-03-18 | CVE-2022-27246 | Cross-site Scripting vulnerability in Misp An issue was discovered in MISP before 2.4.156. | 6.1 |
2021-09-17 | CVE-2021-41326 | Unspecified vulnerability in Misp In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call. | 9.8 |
2021-08-19 | CVE-2021-39302 | SQL Injection vulnerability in Misp 2.4.148 MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value. | 9.8 |
2021-07-30 | CVE-2021-37742 | Cross-site Scripting vulnerability in Misp 2.4.147 app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships. | 5.4 |
2021-07-30 | CVE-2021-37743 | Cross-site Scripting vulnerability in Misp 2.4.147 app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format. | 5.4 |
2021-07-26 | CVE-2021-37534 | Cross-site Scripting vulnerability in Misp 2.4.146 app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster. | 5.4 |
2021-07-07 | CVE-2021-36212 | Cross-site Scripting vulnerability in Misp app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view. | 6.1 |
2021-06-25 | CVE-2021-35502 | Unspecified vulnerability in Misp 2.4.144 app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index. | 9.8 |
2021-04-23 | CVE-2021-31780 | Improper Cross-boundary Removal of Sensitive Data vulnerability in Misp 2.4.141 In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. | 7.5 |