Vulnerabilities > Misp > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-27 | CVE-2019-14286 | Cross-site Scripting vulnerability in Misp 2.4.111 In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. | 4.3 |
2019-06-11 | CVE-2019-12794 | Improper Privilege Management vulnerability in Misp 2.4.108 An issue was discovered in MISP 2.4.108. | 6.0 |
2019-05-08 | CVE-2019-11814 | Cross-site Scripting vulnerability in Misp An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. | 4.3 |
2019-05-08 | CVE-2019-11813 | Cross-site Scripting vulnerability in Misp An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107. | 4.3 |
2019-05-08 | CVE-2019-11812 | Cross-site Scripting vulnerability in Misp A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. | 4.3 |
2019-03-28 | CVE-2019-10254 | Cross-site Scripting vulnerability in Misp In MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability. | 4.3 |
2018-06-22 | CVE-2018-12649 | Improper Restriction of Excessive Authentication Attempts vulnerability in Misp 2.4.92 An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. | 5.0 |
2018-05-30 | CVE-2018-11562 | Cross-site Scripting vulnerability in Misp 2.4.91 An issue was discovered in MISP 2.4.91. | 4.3 |
2017-11-25 | CVE-2017-16946 | Information Exposure Through Log Files vulnerability in Misp 2.4.82 The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log. | 4.0 |
2017-08-24 | CVE-2017-13671 | Cross-site Scripting vulnerability in Misp app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. | 4.3 |