mokaddem

11 exploits Active since Jul 2019
CVE-2019-14286 WRITEUP MEDIUM WRITEUP
MISP <2.4.111 - XSS
In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. A malicious MISP event must be crafted in order to trigger the vulnerability.
CVSS 6.1
CVE-2020-10246 WRITEUP MEDIUM WRITEUP
Misp - XSS
MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is related to app/View/Users/statistics_orgs.ctp.
CVSS 6.1
CVE-2020-10247 WRITEUP MEDIUM WRITEUP
Misp - XSS
MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sighting_field.ctp.
CVSS 6.1
CVE-2020-15411 WRITEUP CRITICAL WRITEUP
MISP <2.4.128 - Info Disclosure
An issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader.
CVSS 9.8
CVE-2020-25766 WRITEUP HIGH WRITEUP
MISP <2.4.132 - CSRF
An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page.
CVSS 7.5
CVE-2020-28947 WRITEUP MEDIUM WRITEUP
Misp - XSS
In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled.
CVSS 6.1
CVE-2020-29006 WRITEUP CRITICAL WRITEUP
Misp < 2.4.135 - Missing Authorization
MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php.
CVSS 9.8
CVE-2020-8893 WRITEUP HIGH WRITEUP
MISP <2.4.121 - Info Disclosure
An issue was discovered in MISP before 2.4.121. The Galaxy view contained an incorrectly sanitized search string in app/View/Galaxies/view.ctp.
CVSS 7.5
CVE-2021-35502 WRITEUP CRITICAL WRITEUP
MISP <2.4.144 - Info Disclosure
app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index.
CVSS 9.8
CVE-2021-37742 WRITEUP MEDIUM WRITEUP
Misp - XSS
app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships.
CVSS 5.4
CVE-2021-37743 WRITEUP MEDIUM WRITEUP
Misp - XSS
app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format.
CVSS 5.4