An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and...
9.8CVSS
7.3AI Score
0.001EPSS
An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME...
9.8CVSS
7.5AI Score
0.001EPSS
app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit...
9.8CVSS
7.4AI Score
0.001EPSS
app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline...
6.1CVSS
6.4AI Score
0.0005EPSS
An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard...
6.1CVSS
5.9AI Score
0.0005EPSS
6.1CVSS
6AI Score
0.0005EPSS
app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and...
9.8CVSS
9.4AI Score
0.002EPSS
MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and...
9.8CVSS
9.3AI Score
0.002EPSS
In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import...
9.8CVSS
9.4AI Score
0.002EPSS
In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history...
6.1CVSS
5.9AI Score
0.001EPSS
In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview...
6.1CVSS
6AI Score
0.001EPSS