Show filters
80 Total Results
Displaying 11-20 of 80
Sort by:
Attacker Value
Unknown

CVE-2023-24028

Disclosure Date: January 20, 2023 (last updated October 08, 2023)
In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-24027

Disclosure Date: January 20, 2023 (last updated October 08, 2023)
In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-24026

Disclosure Date: January 20, 2023 (last updated October 08, 2023)
In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-29534

Disclosure Date: April 20, 2022 (last updated February 23, 2025)
An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-29533

Disclosure Date: April 20, 2022 (last updated February 23, 2025)
An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page."
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-29532

Disclosure Date: April 20, 2022 (last updated February 23, 2025)
An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-29531

Disclosure Date: April 20, 2022 (last updated February 23, 2025)
An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-29530

Disclosure Date: April 20, 2022 (last updated February 23, 2025)
An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-29529

Disclosure Date: April 20, 2022 (last updated February 23, 2025)
An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-29528

Disclosure Date: April 20, 2022 (last updated February 23, 2025)
An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  < Previous  Next >