Vulnerabilities > Misp > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-20 | CVE-2022-29533 | Cross-site Scripting vulnerability in Misp An issue was discovered in MISP before 2.4.158. | 6.1 |
2022-03-18 | CVE-2022-27243 | Unspecified vulnerability in Misp An issue was discovered in MISP before 2.4.156. network misp | 6.8 |
2022-03-18 | CVE-2022-27245 | Server-Side Request Forgery (SSRF) vulnerability in Misp An issue was discovered in MISP before 2.4.156. | 6.8 |
2022-03-18 | CVE-2022-27246 | Cross-site Scripting vulnerability in Misp An issue was discovered in MISP before 2.4.156. | 4.3 |
2021-08-19 | CVE-2021-39302 | SQL Injection vulnerability in Misp 2.4.148 MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value. | 6.8 |
2021-07-30 | CVE-2021-37742 | Cross-site Scripting vulnerability in Misp 2.4.147 app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships. | 5.4 |
2021-07-07 | CVE-2021-36212 | Cross-site Scripting vulnerability in Misp app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view. | 4.3 |
2021-04-23 | CVE-2021-31780 | Improper Cross-boundary Removal of Sensitive Data vulnerability in Misp 2.4.141 In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. | 5.0 |
2021-01-26 | CVE-2020-24085 | Cross-site Scripting vulnerability in Misp 2.4.128 A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. | 4.3 |
2021-01-19 | CVE-2021-3184 | Cross-site Scripting vulnerability in Misp 2.4.136 MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button. | 4.3 |