Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-12	CVE-2020-8891	Unspecified vulnerability in Misp An issue was discovered in MISP before 2.4.121. network high complexity misp	5.9
2020-02-12	CVE-2020-8890	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Misp An issue was discovered in MISP before 2.4.121. network high complexity misp CWE-367	5.9
2019-11-28	CVE-2019-19379	Unspecified vulnerability in Misp 2.4.118 In app/Controller/TagsController.php in MISP 2.4.118, users can bypass intended restrictions on tagging data. network low complexity misp	5.3
2019-09-10	CVE-2019-16202	Improper Privilege Management vulnerability in Misp MISP before 2.4.115 allows privilege escalation in certain situations. network low complexity misp CWE-269	6.5
2019-07-27	CVE-2019-14286	Cross-site Scripting vulnerability in Misp 2.4.111 In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. network low complexity misp CWE-79	6.1
2019-06-11	CVE-2019-12794	Improper Privilege Management vulnerability in Misp 2.4.108 An issue was discovered in MISP 2.4.108. network high complexity misp CWE-269	6.6
2019-05-08	CVE-2019-11814	Cross-site Scripting vulnerability in Misp An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. network low complexity misp CWE-79	6.1
2019-05-08	CVE-2019-11813	Cross-site Scripting vulnerability in Misp An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107. network low complexity misp CWE-79	6.1
2019-05-08	CVE-2019-11812	Cross-site Scripting vulnerability in Misp A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. network low complexity misp CWE-79	6.1
2019-03-28	CVE-2019-10254	Cross-site Scripting vulnerability in Misp In MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability. network low complexity misp CWE-79	6.1