) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:misp-project:malware_information_sharing_platform:2.3.177:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-48659 |
An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing. Published: November 17, 2023; 12:15:12 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2023-48658 |
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space. Published: November 17, 2023; 12:15:12 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2023-48657 |
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters. Published: November 17, 2023; 12:15:12 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2023-48656 |
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses. Published: November 17, 2023; 12:15:12 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2023-48655 |
An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters. Published: November 17, 2023; 12:15:12 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2023-37307 |
In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts. Published: June 30, 2023; 1:15:09 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2023-28607 |
js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip. Published: March 18, 2023; 2:15:54 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2023-28606 |
js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips. Published: March 18, 2023; 2:15:54 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2023-24070 |
app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field. Published: January 23, 2023; 12:15:18 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2022-47928 |
In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp. Published: December 22, 2022; 6:15:10 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2022-42724 |
app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have). Published: October 10, 2022; 1:15:09 AM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |