Vulnerabilities
Vulnerable Software
Misp-Project:  >> Misp  Security Vulnerabilities
MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.
CVSS Score
7.5
EPSS Score
0.005
Published
2023-06-30
In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.
CVSS Score
5.4
EPSS Score
0.005
Published
2023-06-30
In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-03-27
js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-03-18
js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-03-18
app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters.
CVSS Score
9.8
EPSS Score
0.013
Published
2023-02-20
MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php.
CVSS Score
9.8
EPSS Score
0.009
Published
2023-02-20
app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-01-23
In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-01-20
In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-01-20


Contact Us

Shodan ® - All rights reserved