Vulnerabilities > Misp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-20 | CVE-2022-29533 | Cross-site Scripting vulnerability in Misp An issue was discovered in MISP before 2.4.158. | 6.1 |
| 2022-03-18 | CVE-2022-27244 | Cross-site Scripting vulnerability in Misp An issue was discovered in MISP before 2.4.156. | 4.8 |
| 2022-03-18 | CVE-2022-27246 | Cross-site Scripting vulnerability in Misp An issue was discovered in MISP before 2.4.156. | 6.1 |
| 2021-07-30 | CVE-2021-37742 | Cross-site Scripting vulnerability in Misp 2.4.147 app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships. | 5.4 |
| 2021-07-30 | CVE-2021-37743 | Cross-site Scripting vulnerability in Misp 2.4.147 app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format. | 5.4 |
| 2021-07-26 | CVE-2021-37534 | Cross-site Scripting vulnerability in Misp 2.4.146 app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster. | 5.4 |
| 2021-07-07 | CVE-2021-36212 | Cross-site Scripting vulnerability in Misp app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view. | 6.1 |
| 2021-03-02 | CVE-2021-27904 | Unspecified vulnerability in Misp An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. | 5.5 |
| 2021-01-26 | CVE-2020-24085 | Cross-site Scripting vulnerability in Misp 2.4.128 A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. | 6.1 |
| 2021-01-19 | CVE-2021-3184 | Cross-site Scripting vulnerability in Misp 2.4.136 MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button. | 6.1 |