Vulnerabilities
Vulnerable Software
Misp-Project:  >> Misp  Security Vulnerabilities
An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.
CVSS Score
9.8
EPSS Score
0.008
Published
2024-02-09
app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.
CVSS Score
9.8
EPSS Score
0.008
Published
2023-12-15
app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-12-03
An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters.
CVSS Score
9.8
EPSS Score
0.009
Published
2023-11-17
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.
CVSS Score
9.8
EPSS Score
0.009
Published
2023-11-17
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.
CVSS Score
9.8
EPSS Score
0.009
Published
2023-11-17
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space.
CVSS Score
9.8
EPSS Score
0.009
Published
2023-11-17
An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing.
CVSS Score
9.8
EPSS Score
0.009
Published
2023-11-17
An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-08-23
MISP 2.4.174 allows XSS in app/View/Events/index.ctp.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-08-10


Contact Us

Shodan ® - All rights reserved