Vulnerabilities > Misp

DATE CVE VULNERABILITY TITLE RISK
2019-05-08 CVE-2019-11814 Cross-site Scripting vulnerability in Misp
An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107.
network
low complexity
misp CWE-79
6.1
2019-05-08 CVE-2019-11813 Cross-site Scripting vulnerability in Misp
An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107.
network
low complexity
misp CWE-79
6.1
2019-05-08 CVE-2019-11812 Cross-site Scripting vulnerability in Misp
A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107.
network
low complexity
misp CWE-79
6.1
2019-03-28 CVE-2019-10254 Cross-site Scripting vulnerability in Misp
In MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability.
network
low complexity
misp CWE-79
6.1
2019-03-01 CVE-2019-9482 Missing Authorization vulnerability in Misp 2.4.102
In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for.
network
high complexity
misp CWE-862
5.3
2018-12-06 CVE-2018-19908 OS Command Injection vulnerability in Misp
An issue was discovered in MISP 2.4.9x before 2.4.99.
network
low complexity
misp CWE-78
8.8
2018-06-22 CVE-2018-12649 Improper Restriction of Excessive Authentication Attempts vulnerability in Misp 2.4.92
An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92.
network
low complexity
misp CWE-307
critical
9.8
2018-05-30 CVE-2018-11562 Cross-site Scripting vulnerability in Misp 2.4.91
An issue was discovered in MISP 2.4.91.
network
low complexity
misp CWE-79
6.1
2018-02-12 CVE-2018-6926 OS Command Injection vulnerability in Misp 2.4.87
In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject arbitrary OS commands.
network
low complexity
misp CWE-78
7.2
2017-11-25 CVE-2017-16946 Information Exposure Through Log Files vulnerability in Misp 2.4.82
The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.
network
low complexity
misp CWE-532
4.9