Vulnerabilities > Misp > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-05-18 CVE-2020-13153 Cross-site Scripting vulnerability in Misp
app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view.
network
misp CWE-79
4.3
4.3
2020-04-02 CVE-2020-11458 Information Exposure vulnerability in Misp
app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP.
network
low complexity
misp CWE-200
4.0
4.0
2020-03-09 CVE-2020-10247 Cross-site Scripting vulnerability in Misp 2.4.122
MISP 2.4.122 has Persistent XSS in the sighting popover tool.
network
low complexity
misp CWE-79
6.1
6.1
2020-03-09 CVE-2020-10246 Cross-site Scripting vulnerability in Misp 2.4.122
MISP 2.4.122 has reflected XSS via unsanitized URL parameters.
network
low complexity
misp CWE-79
6.1
6.1
2020-02-12 CVE-2020-8894 Unspecified vulnerability in Misp
An issue was discovered in MISP before 2.4.121.
network
low complexity
misp
6.5
6.5
2020-02-12 CVE-2020-8892 Unspecified vulnerability in Misp
An issue was discovered in MISP before 2.4.121.
network
misp
6.8
6.8
2020-02-12 CVE-2020-8891 Unspecified vulnerability in Misp
An issue was discovered in MISP before 2.4.121.
network
misp
4.3
4.3
2020-02-12 CVE-2020-8890 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Misp
An issue was discovered in MISP before 2.4.121.
network
misp CWE-367
4.3
4.3
2019-11-28 CVE-2019-19379 Unspecified vulnerability in Misp 2.4.118
In app/Controller/TagsController.php in MISP 2.4.118, users can bypass intended restrictions on tagging data.
network
low complexity
misp
5.0
5.0
2019-09-10 CVE-2019-16202 Improper Privilege Management vulnerability in Misp
MISP before 2.4.115 allows privilege escalation in certain situations.
network
low complexity
misp CWE-269
4.0
4.0