Filtered by vendor Misp
Subscriptions
Total
69 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-12649 | 1 Misp | 1 Misp | 2019-10-03 | N/A |
| An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can bypass the brute-force protection by using a PUT HTTP method instead of a POST HTTP method in the login part, because this protection was only covering POST requests. | ||||
| CVE-2019-16202 | 1 Misp | 1 Misp | 2019-09-11 | 6.5 Medium |
| MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)" message. | ||||
| CVE-2019-14286 | 1 Misp | 1 Misp | 2019-07-31 | N/A |
| In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. A malicious MISP event must be crafted in order to trigger the vulnerability. | ||||
| CVE-2019-11814 | 1 Misp | 1 Misp | 2019-05-08 | N/A |
| An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot. | ||||
| CVE-2019-11813 | 1 Misp | 1 Misp | 2019-05-08 | N/A |
| An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107. There is persistent XSS via link type attributes with javascript:// links. | ||||
| CVE-2019-11812 | 1 Misp | 1 Misp | 2019-05-08 | N/A |
| A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. JavaScript can be included in the discussion interface, and can be triggered by clicking on the link. | ||||
| CVE-2019-10254 | 1 Misp | 1 Misp | 2019-03-28 | N/A |
| In MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability. | ||||
| CVE-2017-16946 | 1 Misp | 1 Misp | 2017-12-07 | N/A |
| The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log. | ||||
| CVE-2017-13671 | 1 Misp | 1 Misp | 2017-09-05 | N/A |
| app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation. | ||||