Vulnerabilities > Misp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-18 | CVE-2020-25766 | Unspecified vulnerability in Misp An issue was discovered in MISP before 2.4.132. | 5.0 |
| 2020-07-14 | CVE-2020-15711 | Cross-Site Request Forgery (CSRF) vulnerability in Misp In MISP before 2.4.129, setting a favourite homepage was not CSRF protected. | 6.8 |
| 2020-06-30 | CVE-2020-15412 | Improper Privilege Management vulnerability in Misp 2.4.128 An issue was discovered in MISP 2.4.128. | 4.0 |
| 2020-06-30 | CVE-2020-15411 | Improper Privilege Management vulnerability in Misp 2.4.128 An issue was discovered in MISP 2.4.128. | 7.5 |
| 2020-06-22 | CVE-2020-14969 | Information Exposure vulnerability in Misp 2.4.127 app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribute correlations. | 5.0 |
| 2020-05-18 | CVE-2020-13153 | Cross-site Scripting vulnerability in Misp app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view. | 4.3 |
| 2020-05-15 | CVE-2020-12889 | Unspecified vulnerability in Misp Misp-Maltego 1.4.4 MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case. | 7.5 |
| 2020-04-02 | CVE-2020-11458 | Information Exposure vulnerability in Misp app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. | 4.0 |
| 2020-03-09 | CVE-2020-10247 | Cross-site Scripting vulnerability in Misp 2.4.122 MISP 2.4.122 has Persistent XSS in the sighting popover tool. | 6.1 |
| 2020-03-09 | CVE-2020-10246 | Cross-site Scripting vulnerability in Misp 2.4.122 MISP 2.4.122 has reflected XSS via unsanitized URL parameters. | 6.1 |