Malware Information Sharing Platform

malware_information_sharing_platform

Vendor: Misp Project • 16 CVEs

CVEs (16)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-48659 1Misp Project 1Malware Information Sharing Platform Nov 21, 2024 Nov 17, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing.
CVE-2023-48658 1Misp Project 1Malware Information Sharing Platform Nov 21, 2024 Nov 17, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space.
CVE-2023-48657 1Misp Project 1Malware Information Sharing Platform Nov 21, 2024 Nov 17, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.
CVE-2023-48656 1Misp Project 1Malware Information Sharing Platform Nov 21, 2024 Nov 17, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.
CVE-2023-48655 1Misp Project 1Malware Information Sharing Platform Nov 21, 2024 Nov 17, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters.
CVE-2023-37307 1Misp Project 1Malware Information Sharing Platform Nov 21, 2024 Jun 30, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.
CVE-2023-37306 1Misp Project 1Malware Information Sharing Platform Nov 21, 2024 Jun 30, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.
CVE-2023-28884 1Misp Project 1Malware Information Sharing Platform Nov 21, 2024 Mar 27, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
CVE-2023-28607 1Misp Project 1Malware Information Sharing Platform Feb 26, 2025 Mar 18, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.
CVE-2023-28606 1Misp Project 1Malware Information Sharing Platform Feb 26, 2025 Mar 18, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.
CVE-2023-24070 1Misp Project 1Malware Information Sharing Platform Nov 21, 2024 Jan 23, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field.
CVE-2022-47928 1Misp Project 1Malware Information Sharing Platform Nov 21, 2024 Dec 22, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp.
CVE-2022-42724 1Misp Project 1Malware Information Sharing Platform Nov 21, 2024 Oct 10, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have).
CVE-2015-5721 1Misp Project 1Malware Information Sharing Platform May 6, 2026 Sep 3, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_a...Show more Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.Show less
CVE-2015-5720 1Misp Project 1Malware Information Sharing Platform May 6, 2026 Sep 3, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors...Show more Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js.Show less
CVE-2015-5719 1Misp Project 1Malware Information Sharing Platform May 6, 2026 Sep 3, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors.