Vulnerabilities (CVE)

Filtered by vendor Misp Subscribe
Total 71 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-41326 1 Misp 1 Misp 2024-11-21 7.5 HIGH 9.8 CRITICAL
In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call.
CVE-2021-3184 1 Misp 1 Misp 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button.
CVE-2021-39302 1 Misp 1 Misp 2024-11-21 6.8 MEDIUM 9.8 CRITICAL
MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value.
CVE-2021-37743 1 Misp 1 Misp 2024-11-21 3.5 LOW 5.4 MEDIUM
app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format.
CVE-2021-37742 1 Misp 1 Misp 2024-11-21 3.5 LOW 5.4 MEDIUM
app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships.
CVE-2021-37534 1 Misp 1 Misp 2024-11-21 3.5 LOW 5.4 MEDIUM
app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster.
CVE-2021-36212 1 Misp 1 Misp 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view.
CVE-2021-35502 1 Misp 1 Misp 2024-11-21 7.5 HIGH 9.8 CRITICAL
app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index.
CVE-2021-31780 1 Misp 1 Misp 2024-11-21 5.0 MEDIUM 7.5 HIGH
In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead the passed local ID is reused.
CVE-2021-27904 1 Misp 1 Misp 2024-11-21 2.1 LOW 5.5 MEDIUM
An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors.
CVE-2021-25325 1 Misp 1 Misp 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs.
CVE-2021-25324 1 Misp 1 Misp 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp.
CVE-2021-25323 1 Misp 1 Misp 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password.
CVE-2020-8894 1 Misp 1 Misp 2024-11-21 6.4 MEDIUM 6.5 MEDIUM
An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/Controller/ThreadsController.php and app/Model/Thread.php.
CVE-2020-8893 1 Misp 1 Misp 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in MISP before 2.4.121. The Galaxy view contained an incorrectly sanitized search string in app/View/Galaxies/view.ctp.
CVE-2020-8892 1 Misp 1 Misp 2024-11-21 6.8 MEDIUM 8.1 HIGH
An issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests.
CVE-2020-8891 1 Misp 1 Misp 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
An issue was discovered in MISP before 2.4.121. It did not canonicalize usernames when trying to block a brute-force series of invalid requests.
CVE-2020-8890 1 Misp 1 Misp 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
An issue was discovered in MISP before 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of invalid requests.
CVE-2020-29572 1 Misp 1 Misp 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via the authkey comment field.
CVE-2020-29006 1 Misp 1 Misp 2024-11-21 7.5 HIGH 9.8 CRITICAL
MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php.