Show filters
80 Total Results
Displaying 1-10 of 80
Sort by:
Attacker Value
Unknown

CVE-2024-46918

Disclosure Date: September 15, 2024 (last updated September 21, 2024)
app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-45509

Disclosure Date: September 01, 2024 (last updated September 05, 2024)
In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to bookmarks data in the case where the user is not an org admin.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-25675

Disclosure Date: February 09, 2024 (last updated February 13, 2024)
An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-25674

Disclosure Date: February 09, 2024 (last updated February 13, 2024)
An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-50918

Disclosure Date: December 15, 2023 (last updated December 20, 2023)
app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-49926

Disclosure Date: December 03, 2023 (last updated December 07, 2023)
app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-41098

Disclosure Date: August 23, 2023 (last updated October 08, 2023)
An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-40224

Disclosure Date: August 10, 2023 (last updated November 17, 2023)
MISP 2.4.174 allows XSS in app/View/Events/index.ctp.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-48329

Disclosure Date: February 20, 2023 (last updated October 08, 2023)
MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-48328

Disclosure Date: February 20, 2023 (last updated October 08, 2023)
app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  Next >