Shodan
Vulnerabilities
Vulnerable Software
Misp:  Security Vulnerabilities
CVE-2024-25675
An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-09
CVE-2023-50918
app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-12-15
CVE-2023-49926
app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-12-03
CVE-2023-41098
An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-08-23
CVE-2023-40224
MISP 2.4.174 allows XSS in app/View/Events/index.ctp.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-08-10
CVE-2022-48328
app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-02-20
CVE-2022-48329
MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-20
CVE-2023-24027
In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-01-20
CVE-2022-29528
An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-04-20
CVE-2022-29529
An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field.
CVSS Score
5.4
EPSS Score
0.004
Published
2022-04-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved