Vulnerabilities > Misp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-19 | CVE-2021-25325 | Cross-site Scripting vulnerability in Misp 2.4.136 MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. | 6.1 |
| 2021-01-19 | CVE-2021-25324 | Cross-site Scripting vulnerability in Misp 2.4.136 MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp. | 6.1 |
| 2020-12-06 | CVE-2020-29572 | Cross-site Scripting vulnerability in Misp 2.4.135 app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via the authkey comment field. | 6.1 |
| 2020-11-19 | CVE-2020-28947 | Cross-site Scripting vulnerability in Misp 2.4.134 In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled. | 6.1 |
| 2020-06-30 | CVE-2020-15412 | Missing Authorization vulnerability in Misp 2.4.128 An issue was discovered in MISP 2.4.128. | 4.3 |
| 2020-05-18 | CVE-2020-13153 | Cross-site Scripting vulnerability in Misp app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view. | 6.1 |
| 2020-04-02 | CVE-2020-11458 | Unspecified vulnerability in Misp app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. | 4.9 |
| 2020-03-09 | CVE-2020-10247 | Cross-site Scripting vulnerability in Misp 2.4.122 MISP 2.4.122 has Persistent XSS in the sighting popover tool. | 6.1 |
| 2020-03-09 | CVE-2020-10246 | Cross-site Scripting vulnerability in Misp 2.4.122 MISP 2.4.122 has reflected XSS via unsanitized URL parameters. | 6.1 |
| 2020-02-12 | CVE-2020-8894 | Unspecified vulnerability in Misp An issue was discovered in MISP before 2.4.121. | 6.5 |