Lucene search
MispMisp2.4.128
3 matches found
CVE-2020-24085
A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. Due to a lack of controller validation in "path" parameter, an attacker can execute malicious JavaScript code.
6.1CVSS5.9AI score0.0024EPSS
CVE-2020-15412
An issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form.
4.3CVSS4.5AI score0.00154EPSS
CVE-2020-15411
An issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader.
9.8CVSS9.4AI score0.00433EPSS