Vulnerabilities
Vulnerable Software
Misp-Project:  >> Misp  >> 2.4.82  Security Vulnerabilities
A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. JavaScript can be included in the discussion interface, and can be triggered by clicking on the link.
CVSS Score
6.1
EPSS Score
0.008
Published
2019-05-08
An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107. There is persistent XSS via link type attributes with javascript:// links.
CVSS Score
6.1
EPSS Score
0.008
Published
2019-05-08
An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot.
CVSS Score
6.1
EPSS Score
0.008
Published
2019-05-08
In MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability.
CVSS Score
6.1
EPSS Score
0.009
Published
2019-03-28
In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has multiple XSS issues via a malicious MISP module.
CVSS Score
6.1
EPSS Score
0.008
Published
2018-03-23
An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an event (without attribute UUIDs but attribute IDs set) could overwrite an existing attribute.
CVSS Score
4.3
EPSS Score
0.008
Published
2018-03-23
The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.
CVSS Score
4.9
EPSS Score
0.011
Published
2017-11-25
In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added.
CVSS Score
5.4
EPSS Score
0.006
Published
2017-11-13


Contact Us

Shodan ® - All rights reserved