Show filters
96 Total Results
Displaying 21-30 of 96
Sort by:
Attacker Value
Unknown

CVE-2023-24070

Disclosure Date: January 23, 2023 (last updated October 08, 2023)
app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-24028

Disclosure Date: January 20, 2023 (last updated October 08, 2023)
In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-24027

Disclosure Date: January 20, 2023 (last updated October 08, 2023)
In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-24026

Disclosure Date: January 20, 2023 (last updated October 08, 2023)
In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-47928

Disclosure Date: December 22, 2022 (last updated October 08, 2023)
In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-42724

Disclosure Date: October 10, 2022 (last updated October 08, 2023)
app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have).
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-29534

Disclosure Date: April 20, 2022 (last updated February 23, 2025)
An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-29533

Disclosure Date: April 20, 2022 (last updated February 23, 2025)
An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page."
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-29532

Disclosure Date: April 20, 2022 (last updated February 23, 2025)
An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-29531

Disclosure Date: April 20, 2022 (last updated February 23, 2025)
An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
View More Topics  < Previous  Next >