Misp@* Security Vulnerabilities and Issues — Misp@* CVE List

Lucene search

Misp-projectMisp*

4 matches found

CVE•added 2018/03/23 5:29 p.m.•44 views

CVE-2018-8948

In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has multiple XSS issues via a malicious MISP module.

6.1CVSS6AI score0.0024EPSS

CVE•added 2017/10/10 6:29 p.m.•38 views

CVE-2017-15216

MISP before 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.js.

6.1CVSS5.9AI score0.00266EPSS

CVE•added 2017/09/12 4:29 p.m.•37 views

CVE-2017-14337

When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access ...

8.1CVSS8.2AI score0.00624EPSS

CVE•added 2018/03/23 5:29 p.m.•31 views

CVE-2018-8949

An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an event (without attribute UUIDs but attribute IDs set) could overwrite an existing attribute.

5.5CVSS4.5AI score0.00193EPSS