Misp Security Vulnerabilities and Issues — Misp CVE List

Lucene search

MispMisp

13 matches found

CVE•added 2021/07/30 3:15 p.m.•64 views

CVE-2021-37743

app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format.

5.4CVSS5.1AI score0.00255EPSS

CVE•added 2020/02/12 12:15 a.m.•62 views

CVE-2020-8891

An issue was discovered in MISP before 2.4.121. It did not canonicalize usernames when trying to block a brute-force series of invalid requests.

5.9CVSS5.6AI score0.0042EPSS

CVE•added 2021/07/30 3:15 p.m.•62 views

CVE-2021-37742

app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships.

5.4CVSS5.1AI score0.00255EPSS

CVE•added 2022/04/20 11:15 p.m.•62 views

CVE-2022-29529

An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field.

5.4CVSS5.1AI score0.00341EPSS

CVE•added 2022/04/20 11:15 p.m.•62 views

CVE-2022-29530

An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters.

5.4CVSS5.1AI score0.00341EPSS

CVE•added 2022/04/20 11:15 p.m.•62 views

CVE-2022-29531

An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name.

5.4CVSS5.1AI score0.00341EPSS

CVE•added 2021/03/02 7:15 a.m.•60 views

CVE-2021-27904

An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors.

5.5CVSS5.4AI score0.00052EPSS

CVE•added 2020/02/12 12:15 a.m.•57 views

CVE-2020-8890

An issue was discovered in MISP before 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of invalid requests.

5.9CVSS5.6AI score0.00382EPSS

CVE•added 2025/03/28 10:15 p.m.•46 views

CVE-2024-58128

In MISP before 2.4.193, menu_custom_right_link parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks via a global menu link.

5.5CVSS6.2AI score0.0006EPSS

CVE•added 2021/07/26 2:15 p.m.•41 views

CVE-2021-37534

app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster.

5.4CVSS5.1AI score0.0023EPSS

CVE•added 2019/11/28 5:15 p.m.•38 views

CVE-2019-19379

In app/Controller/TagsController.php in MISP 2.4.118, users can bypass intended restrictions on tagging data.

5.3CVSS5.3AI score0.00227EPSS

CVE•added 2019/03/01 5:29 a.m.•37 views

CVE-2019-9482

In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. Exploiting this requires access to the event that has received the sighting. The issue affects instances with restrictive sighting settings (event only / sighting reported only).

5.3CVSS5.1AI score0.00359EPSS

CVE•added 2025/03/28 10:15 p.m.•36 views

CVE-2024-58129

In MISP before 2.4.193, menu_custom_right_link_html parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks against every page.

5.5CVSS6.3AI score0.0006EPSS