Vulnerabilities > Misp > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-18 | CVE-2020-13153 | Cross-site Scripting vulnerability in Misp app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view. | 4.3 |
2020-04-02 | CVE-2020-11458 | Information Exposure vulnerability in Misp app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. | 4.0 |
2020-03-09 | CVE-2020-10247 | Cross-site Scripting vulnerability in Misp 2.4.122 MISP 2.4.122 has Persistent XSS in the sighting popover tool. | 6.1 |
2020-03-09 | CVE-2020-10246 | Cross-site Scripting vulnerability in Misp 2.4.122 MISP 2.4.122 has reflected XSS via unsanitized URL parameters. | 6.1 |
2020-02-12 | CVE-2020-8894 | Unspecified vulnerability in Misp An issue was discovered in MISP before 2.4.121. | 6.5 |
2020-02-12 | CVE-2020-8892 | Unspecified vulnerability in Misp An issue was discovered in MISP before 2.4.121. network misp | 6.8 |
2020-02-12 | CVE-2020-8891 | Unspecified vulnerability in Misp An issue was discovered in MISP before 2.4.121. network misp | 4.3 |
2020-02-12 | CVE-2020-8890 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Misp An issue was discovered in MISP before 2.4.121. | 4.3 |
2019-11-28 | CVE-2019-19379 | Unspecified vulnerability in Misp 2.4.118 In app/Controller/TagsController.php in MISP 2.4.118, users can bypass intended restrictions on tagging data. | 5.0 |
2019-09-10 | CVE-2019-16202 | Improper Privilege Management vulnerability in Misp MISP before 2.4.115 allows privilege escalation in certain situations. | 4.0 |