Misp: >> Misp >> 2.4.124 Security Vulnerabilities
An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-09-18
In MISP before 2.4.129, setting a favourite homepage was not CSRF protected.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-07-14
app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-05-18
Page 4