Shodan
Vulnerabilities
Vulnerable Software
Misp-Project:  >> Misp  >> 2.3.118  Security Vulnerabilities
CVE-2020-8891
An issue was discovered in MISP before 2.4.121. It did not canonicalize usernames when trying to block a brute-force series of invalid requests.
CVSS Score
5.9
EPSS Score
0.014
Published
2020-02-12
CVE-2020-8892
An issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests.
CVSS Score
8.1
EPSS Score
0.017
Published
2020-02-12
CVE-2020-8893
An issue was discovered in MISP before 2.4.121. The Galaxy view contained an incorrectly sanitized search string in app/View/Galaxies/view.ctp.
CVSS Score
7.5
EPSS Score
0.02
Published
2020-02-12
CVE-2020-8894
An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/Controller/ThreadsController.php and app/Model/Thread.php.
CVSS Score
6.5
EPSS Score
0.014
Published
2020-02-12
CVE-2019-16202
MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)" message.
CVSS Score
6.5
EPSS Score
0.013
Published
2019-09-10
CVE-2019-11812
A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. JavaScript can be included in the discussion interface, and can be triggered by clicking on the link.
CVSS Score
6.1
EPSS Score
0.008
Published
2019-05-08
CVE-2019-11813
An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107. There is persistent XSS via link type attributes with javascript:// links.
CVSS Score
6.1
EPSS Score
0.008
Published
2019-05-08
CVE-2019-11814
An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot.
CVSS Score
6.1
EPSS Score
0.008
Published
2019-05-08
CVE-2019-10254
In MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability.
CVSS Score
6.1
EPSS Score
0.009
Published
2019-03-28
CVE-2017-13671
app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation.
CVSS Score
6.1
EPSS Score
0.01
Published
2017-08-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved