Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-20	CVE-2022-29533	Cross-site Scripting vulnerability in Misp An issue was discovered in MISP before 2.4.158. network low complexity misp CWE-79	6.1
2022-03-18	CVE-2022-27243	Unspecified vulnerability in Misp An issue was discovered in MISP before 2.4.156. network misp	6.8
2022-03-18	CVE-2022-27245	Server-Side Request Forgery (SSRF) vulnerability in Misp An issue was discovered in MISP before 2.4.156. network misp CWE-918	6.8
2022-03-18	CVE-2022-27246	Cross-site Scripting vulnerability in Misp An issue was discovered in MISP before 2.4.156. network misp CWE-79	4.3
2021-08-19	CVE-2021-39302	SQL Injection vulnerability in Misp 2.4.148 MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value. network misp CWE-89	6.8
2021-07-30	CVE-2021-37742	Cross-site Scripting vulnerability in Misp 2.4.147 app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships. network low complexity misp CWE-79	5.4
2021-07-07	CVE-2021-36212	Cross-site Scripting vulnerability in Misp app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view. network misp CWE-79	4.3
2021-04-23	CVE-2021-31780	Improper Cross-boundary Removal of Sensitive Data vulnerability in Misp 2.4.141 In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. network low complexity misp CWE-212	5.0
2021-01-26	CVE-2020-24085	Cross-site Scripting vulnerability in Misp 2.4.128 A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. network misp CWE-79	4.3
2021-01-19	CVE-2021-3184	Cross-site Scripting vulnerability in Misp 2.4.136 MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button. network misp CWE-79	4.3