Vulnerabilities > Misp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-15 | CVE-2024-46918 | Incorrect Authorization vulnerability in Misp app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org. | 4.9 |
| 2024-09-01 | CVE-2024-45509 | Incorrect Authorization vulnerability in Misp In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to bookmarks data in the case where the user is not an org admin. | 6.5 |
| 2023-12-03 | CVE-2023-49926 | Cross-site Scripting vulnerability in Misp app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget. | 6.1 |
| 2023-08-23 | CVE-2023-41098 | Cross-site Scripting vulnerability in Misp 2.4.174 An issue was discovered in MISP 2.4.174. | 6.1 |
| 2023-08-10 | CVE-2023-40224 | Cross-site Scripting vulnerability in Misp 2.4.174 MISP 2.4.174 allows XSS in app/View/Events/index.ctp. | 6.1 |
| 2023-01-20 | CVE-2023-24027 | Cross-site Scripting vulnerability in Misp 2.4.167 In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name. | 6.1 |
| 2022-04-20 | CVE-2022-29529 | Cross-site Scripting vulnerability in Misp An issue was discovered in MISP before 2.4.158. | 5.4 |
| 2022-04-20 | CVE-2022-29530 | Cross-site Scripting vulnerability in Misp An issue was discovered in MISP before 2.4.158. | 5.4 |
| 2022-04-20 | CVE-2022-29531 | Cross-site Scripting vulnerability in Misp An issue was discovered in MISP before 2.4.158. | 5.4 |
| 2022-04-20 | CVE-2022-29532 | Cross-site Scripting vulnerability in Misp An issue was discovered in MISP before 2.4.158. | 4.8 |