app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org.
CVSS Score
4.9
EPSS Score
0.001
Published
2024-09-15
In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to bookmarks data in the case where the user is not an org admin.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-09-01
In MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-03-21
An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-09
An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-09
app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-12-15
app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-12-03
An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-08-23
MISP 2.4.174 allows XSS in app/View/Events/index.ctp.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-08-10
app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-20
Page 1