86 matches found
Vulnerabilities fixed in MISP
Vulnerabilities have been fixed in MISP. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Remote code execution Administrator/Root rights For these vulnerabilities, at the time of...
CVE-2022-29530
An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters...
PT-2022-19684 · Misp · Misp
Name of the Vulnerable Software and Affected Versions: MISP versions prior to 2.4.158 Description: An issue was discovered in the UsersController.php file, where password confirmation can be bypassed via vectors involving an "Accept: application/json" header. Recommendations: For versions prior t...
CVE-2022-27244
An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user...
CVE-2021-45897
creationtimestamp| type| source ---|---|--- 2022-01-28 20:21:48+00:00| seen| https://t.me/cibsecurity/36472 2022-01-31 20:11:56+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/1457 2025-08-31 03:00:55+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d...
CVE-2021-41326
In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shellexec call...
MISP SQL注入漏洞
MISP is an open source software solution. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A SQL injection vulnerability exists in MISP. The vulnerability stems from an SQL injecti...
Vulnerability fixed in MISP
A vulnerability has been fixed in MISP. A malicious party can exploit the exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application is visited. MISP has released updates ...
Vulnerability fixed in MISP
A vulnerability has been fixed in MISP. An unauthenticated remote malicious person could exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. The developers have...
Vulnerabilities fixed in MISP
Vulnerabilities have been fixed in MISP. The vulnerabilities allow a malicious person to bypass a security measure and perform a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. The developers of MIS...
CVE-2020-29583
creationtimestamp| type| source ---|---|--- 2020-12-23 00:53:54+00:00| seen| https://t.me/cibsecurity/21192 2021-01-01 16:35:18+00:00| seen| https://t.me/cKure/3549 2021-01-01 16:38:04+00:00| seen| https://t.me/cKure/3550 2021-01-04 17:21:00+00:00| seen|...
MISP 跨站脚本漏洞
MISP is an open source software solution for collecting, storing, distributing and sharing cybersecurity metrics and threats related to cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in...
Vulnerability fixed in MISP
CIRCL has fixed a vulnerability in MISP. The vulnerability is located in the handling of templates and allows a malicious party to be able to launch a Cross-Site-Scripting attack XSS attack, potentially executing arbitrary code in the context of the browser. CIRCL has released updates to fix the...
MISP Cross-Site Scripting Vulnerability (CNVD-2020-16634)
MISP is an open source software solution for collecting, storing, distributing and sharing cybersecurity metrics and threats related to cybersecurity event analysis and malware analysis. MISP 2.4.122 A reflected cross-site scripting vulnerability exists related to app/View/Users/statisticsorgs.ct...
CVE-2019-7384
creationtimestamp| type| source ---|---|--- 2019-02-13 14:42:03+00:00| seen| MISP/5c642c58-4f08-4c74-ab2d-6ed50a021402 2024-01-09 12:29:58+00:00| seen| https://t.me/arpsyndicate/2745...
CVE-2019-0595
creationtimestamp| type| source ---|---|--- 2019-02-13 14:35:53+00:00| seen| MISP/5c642a56-2440-4af0-8bfd-6e4a0a021402...
CVE-2019-6220
creationtimestamp| type| source ---|---|--- 2019-01-28 15:10:00+00:00| seen| MISP/5c4f1a2e-1300-4391-87cf-19c50a021402...
MISP Cross-Site Scripting Vulnerability (CNVD-2018-10053)
MISP is a suite of open source software solutions for collecting, storing, distributing and sharing cybersecurity metrics and threats cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in the app/webroot/js/misp.js file in MISP version 2.4.91. A remote...
CVE-2018-8949
An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an event without attribute UUIDs but attribute IDs set could overwrite an existing attribute...
CVE-2017-7310
creationtimestamp| type| source ---|---|--- 2017-03-29 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41773 2018-01-24 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/43875 2018-05-29 15:50:33+00:00| seen|...