iglocska

68 exploits Active since Sep 2016
CVE-2022-29532 WRITEUP MEDIUM WRITEUP
Misp < 2.4.158 - XSS
An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it.
CVSS 4.8
CVE-2022-29533 WRITEUP MEDIUM WRITEUP
Misp < 2.4.158 - XSS
An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page."
CVSS 6.1
CVE-2022-29534 WRITEUP HIGH WRITEUP
Misp < 2.4.158 - Authentication Bypass
An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header.
CVSS 7.5
CVE-2022-47928 WRITEUP MEDIUM WRITEUP
Misp-project Malware Information Sharing Platform < 2.4.167 - XSS
In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp.
CVSS 6.1
CVE-2022-48328 WRITEUP CRITICAL WRITEUP
Misp < 2.4.167 - Improper Exception Handling
app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters.
CVSS 9.8
CVE-2022-48329 WRITEUP CRITICAL WRITEUP
Misp < 2.4.166 - Improper Exception Handling
MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php.
CVSS 9.8
CVE-2023-41363 WRITEUP MEDIUM WRITEUP
Cerebrate 1.14 - Privilege Escalation
In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users.
CVSS 4.3
CVE-2023-48657 WRITEUP CRITICAL WRITEUP
MISP <2.4.176 - Info Disclosure
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.
CVSS 9.8
CVE-2023-48659 WRITEUP CRITICAL WRITEUP
MISP <2.4.176 - Info Disclosure
An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing.
CVSS 9.8
CVE-2023-50918 WRITEUP CRITICAL WRITEUP
MISP <2.4.182 - Privilege Escalation
app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.
CVSS 9.8
CVE-2024-29858 WRITEUP CRITICAL WRITEUP
MISP <2.4.187 - Info Disclosure
In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsController.php does not properly check for a valid logo upload.
CVSS 9.8
CVE-2024-29859 WRITEUP CRITICAL WRITEUP
MISP <2.4.187 - File Upload Vulnerability
In MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload.
CVSS 9.8
CVE-2024-45509 WRITEUP MEDIUM WRITEUP
MISP <2.4.196 - Info Disclosure
In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to bookmarks data in the case where the user is not an org admin.
CVSS 6.5
CVE-2024-57969 WRITEUP MEDIUM WRITEUP
Misp < 2.4.198 - Incorrect Authorization
app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.
CVSS 4.3
CVE-2024-58128 WRITEUP MEDIUM WRITEUP
Misp < 2.4.193 - XSS
In MISP before 2.4.193, menu_custom_right_link parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks via a global menu link.
CVSS 5.5
CVE-2024-58129 WRITEUP MEDIUM WRITEUP
Misp < 2.4.193 - XSS
In MISP before 2.4.193, menu_custom_right_link_html parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks against every page.
CVSS 5.5
CVE-2024-58130 WRITEUP HIGH WRITEUP
Misp < 2.4.193 - XSS
In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses.
CVSS 7.2
CVE-2025-66384 WRITEUP HIGH WRITEUP
MISP <2.5.24 - Info Disclosure
app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name.
CVSS 8.2