Vulnerabilities
Vulnerable Software
Misp-Project:  >> Misp  >> 2.4.134  Security Vulnerabilities
In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call.
CVSS Score
9.8
EPSS Score
0.02
Published
2021-09-17
app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view.
CVSS Score
6.1
EPSS Score
0.006
Published
2021-07-07
An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors.
CVSS Score
5.5
EPSS Score
0.003
Published
2021-03-02
MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php.
CVSS Score
9.8
EPSS Score
0.012
Published
2020-11-24
In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled.
CVSS Score
6.1
EPSS Score
0.008
Published
2020-11-19


Contact Us

Shodan ® - All rights reserved