Vulnerabilities > Misp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-11 | CVE-2019-12794 | Improper Privilege Management vulnerability in Misp 2.4.108 An issue was discovered in MISP 2.4.108. | 6.6 |
| 2019-05-08 | CVE-2019-11814 | Cross-site Scripting vulnerability in Misp An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. | 6.1 |
| 2019-05-08 | CVE-2019-11813 | Cross-site Scripting vulnerability in Misp An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107. | 6.1 |
| 2019-05-08 | CVE-2019-11812 | Cross-site Scripting vulnerability in Misp A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. | 6.1 |
| 2019-03-28 | CVE-2019-10254 | Cross-site Scripting vulnerability in Misp In MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability. | 6.1 |
| 2019-03-01 | CVE-2019-9482 | Missing Authorization vulnerability in Misp 2.4.102 In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. | 5.3 |
| 2018-12-06 | CVE-2018-19908 | OS Command Injection vulnerability in Misp An issue was discovered in MISP 2.4.9x before 2.4.99. | 8.8 |
| 2018-06-22 | CVE-2018-12649 | Improper Restriction of Excessive Authentication Attempts vulnerability in Misp 2.4.92 An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. | 9.8 |
| 2018-05-30 | CVE-2018-11562 | Cross-site Scripting vulnerability in Misp 2.4.91 An issue was discovered in MISP 2.4.91. | 6.1 |
| 2018-02-12 | CVE-2018-6926 | OS Command Injection vulnerability in Misp 2.4.87 In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject arbitrary OS commands. | 7.2 |