RSS   Vulnerabilities for 'MISP'   RSS

2022-04-20
 
CVE-2022-29528

CWE-502
 

 
An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.

 
 
CVE-2022-29529

CWE-79
 

 
An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field.

 
 
CVE-2022-29530

CWE-79
 

 
An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters.

 
 
CVE-2022-29531

CWE-79
 

 
An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name.

 
 
CVE-2022-29532

CWE-79
 

 
An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it.

 
 
CVE-2022-29533

CWE-79
 

 
An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page."

 
 
CVE-2022-29534

CWE-287
 

 
An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header.

 
2022-03-18
 
CVE-2022-27243

NVD-CWE-noinfo
 

 
An issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting.

 
 
CVE-2022-27244

CWE-79
 

 
An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user.

 
 
CVE-2022-27245

CWE-918
 

 
An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF.

 


Copyright 2024, cxsecurity.com

 

Back to Top