CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE-2021-37743 affects MISP 2.4.147. The vulnerability is a Stored XSS in the view path app/View/GalaxyElements/ajax/index.ctp when rendering galaxy cluster elements in JSON format. The underlying issue is that user-supplied data is reflected in JSON output without proper sanitization, enabling s...

5.4CVSS5.1AI score0.00255EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2021/07/30 12:0 a.m.•3 views

PT-2021-21856 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP version 2.4.147 Description: The issue allows Stored XSS when viewing galaxy cluster relationships. This occurs in the app/View/Elements/GalaxyClusters/view relation tree.ctp file. Recommendations: For MISP version 2.4.147, consider...

5.4CVSS5.1AI score0.00255EPSS

Exploits0References5

Cvelist•added 2021/07/30 12:0 a.m.•11 views

CVE-2021-37742

app/View/Elements/GalaxyClusters/viewrelationtree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships...

5.4AI score0.00255EPSS

Exploits0References2

OSV•added 2021/07/26 2:15 p.m.•8 views

CVE-2021-37534

app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster...

5.4CVSS5.8AI score

Exploits0References1

OSV•added 2021/01/19 4:15 p.m.•13 views

CVE-2021-25325

MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs...

6.1CVSS5.8AI score

Exploits0References1

NVD•added 2021/01/19 4:15 p.m.•11 views

CVE-2021-25325

MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs...

6.1CVSS6AI score0.00371EPSS

Exploits0References1

NVD•added 2021/01/19 4:15 p.m.•12 views

CVE-2021-25324

MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp...

6.1CVSS5.9AI score0.00317EPSS

Exploits0References1

Prion•added 2021/01/19 4:15 p.m.•11 views

Design/Logic Flaw

MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs...

4.3CVSS5.9AI score0.00371EPSS

Exploits0References1Affected Software1

CVE•added 2021/01/19 3:30 p.m.•54 views

CVE-2021-25324

CVE-2021-25324 affects MISP 2.4.136 with a Stored XSS flaw in the galaxy cluster view (app/View/GalaxyClusters/view.ctp). Root cause details are not fully disclosed in the provided documents, but the vulnerability is described by multiple sources as a cross-site scripting issue that could impact ...

6.1CVSS5.8AI score0.00317EPSS

Exploits0References1Affected Software1

CVE•added 2021/01/19 3:29 p.m.•54 views

CVE-2021-25325

CVE-2021-25325 affects MISP 2.4.136. It enables cross-site scripting via galaxy cluster element values sent to app/View/GalaxyElements/ajax/index.ctp, where reference types may include javascript: URLs. The issue arises from unsanitized input in galaxy elements, enabling an attacker to execute sc...

6.1CVSS5.9AI score0.00371EPSS

Exploits0References1Affected Software1

Cvelist•added 2021/01/19 3:29 p.m.•15 views

CVE-2021-25325

MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs...

6.1AI score0.00371EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by