Misp-project Malware_information_sharing_platform

16 CVEs affecting Misp-project Malware_information_sharing_platform. Latest disclosed: 2023-11-17. Critical: 7, High: 1.

Top CVEs affecting Misp-project Malware_information_sharing_platform
CVESeverityScorePublishedSummary
CVE-2023-48659Critical9.82023-11-17An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing.
CVE-2023-48658Critical9.82023-11-17An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space.
CVE-2023-48657Critical9.82023-11-17An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.
CVE-2023-48656Critical9.82023-11-17An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.
CVE-2023-48655Critical9.82023-11-17An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters.
CVE-2015-5721Critical9.82016-09-03Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related…
CVE-2015-5719Critical9.82016-09-03app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ d…
CVE-2023-37306High7.52023-06-30MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error m…
CVE-2023-28884Medium6.12023-03-27In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
CVE-2023-28607Medium6.12023-03-18js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.
CVE-2023-28606Medium6.12023-03-18js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.
CVE-2023-24070Medium6.12023-01-23app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field.
CVE-2022-47928Medium6.12022-12-22In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp.
CVE-2015-5720Medium6.12016-09-03Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote…
CVE-2023-37307Medium5.42023-06-30In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.
CVE-2022-42724Medium4.32022-10-10app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have).