VYPR

Misp

by Misp

Source repositories

CVEs (140)

  • CVE-2024-25674Feb 9, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type.

  • CVE-2024-25675Feb 9, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.

  • CVE-2023-50918Dec 15, 2023
    risk 0.00cvss epss 0.01

    app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.

  • CVE-2023-49926Dec 3, 2023
    risk 0.00cvss epss 0.00

    app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget.

  • CVE-2023-48659Nov 17, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing.

  • CVE-2023-48657Nov 17, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.

  • CVE-2023-48658Nov 17, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space.

  • CVE-2023-48656Nov 17, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.

  • CVE-2023-48655Nov 17, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters.

  • CVE-2023-41098Aug 23, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit.

  • CVE-2023-40224Aug 10, 2023
    risk 0.00cvss epss 0.00

    MISP 2.4.174 allows XSS in app/View/Events/index.ctp.

  • CVE-2023-37307Jun 30, 2023
    risk 0.00cvss epss 0.00

    In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.

  • CVE-2023-37306Jun 30, 2023
    risk 0.00cvss epss 0.00

    MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.

  • CVE-2023-28884Mar 27, 2023
    risk 0.00cvss epss 0.00

    In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.

  • CVE-2023-28607Mar 18, 2023
    risk 0.00cvss epss 0.00

    js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.

  • CVE-2023-28606Mar 18, 2023
    risk 0.00cvss epss 0.00

    js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.

  • CVE-2022-48329Feb 20, 2023
    risk 0.00cvss epss 0.01

    MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php.

  • CVE-2022-48328Feb 20, 2023
    risk 0.00cvss epss 0.01

    app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters.

  • CVE-2023-24070Jan 23, 2023
    risk 0.00cvss epss 0.00

    app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field.

  • CVE-2023-24026Jan 20, 2023
    risk 0.00cvss epss 0.00

    In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload.

Page 4 of 7