Vulnerabilities > Misp

DATE CVE VULNERABILITY TITLE RISK
2020-09-18 CVE-2020-25766 Unspecified vulnerability in Misp
An issue was discovered in MISP before 2.4.132.
network
low complexity
misp
7.5
2020-07-14 CVE-2020-15711 Cross-Site Request Forgery (CSRF) vulnerability in Misp
In MISP before 2.4.129, setting a favourite homepage was not CSRF protected.
network
low complexity
misp CWE-352
8.8
2020-06-30 CVE-2020-15412 Missing Authorization vulnerability in Misp 2.4.128
An issue was discovered in MISP 2.4.128.
network
low complexity
misp CWE-862
4.3
2020-06-30 CVE-2020-15411 Unspecified vulnerability in Misp 2.4.128
An issue was discovered in MISP 2.4.128.
network
low complexity
misp
critical
9.8
2020-06-22 CVE-2020-14969 Missing Authorization vulnerability in Misp 2.4.127
app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribute correlations.
network
low complexity
misp CWE-862
7.5
2020-05-18 CVE-2020-13153 Cross-site Scripting vulnerability in Misp
app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view.
network
low complexity
misp CWE-79
6.1
2020-05-15 CVE-2020-12889 Unspecified vulnerability in Misp Misp-Maltego 1.4.4
MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case.
network
low complexity
misp
critical
9.8
2020-04-02 CVE-2020-11458 Unspecified vulnerability in Misp
app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP.
network
low complexity
misp
4.9
2020-03-09 CVE-2020-10247 Cross-site Scripting vulnerability in Misp 2.4.122
MISP 2.4.122 has Persistent XSS in the sighting popover tool.
network
low complexity
misp CWE-79
6.1
2020-03-09 CVE-2020-10246 Cross-site Scripting vulnerability in Misp 2.4.122
MISP 2.4.122 has reflected XSS via unsanitized URL parameters.
network
low complexity
misp CWE-79
6.1