Vulnerabilities > Misp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-01 | CVE-2019-9482 | Missing Authorization vulnerability in Misp 2.4.102 In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. | 5.3 |
| 2018-05-30 | CVE-2018-11562 | Cross-site Scripting vulnerability in Misp 2.4.91 An issue was discovered in MISP 2.4.91. | 6.1 |
| 2017-11-25 | CVE-2017-16946 | Information Exposure Through Log Files vulnerability in Misp 2.4.82 The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log. | 4.9 |
| 2017-08-24 | CVE-2017-13671 | Cross-site Scripting vulnerability in Misp app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. | 6.1 |