Known Vulnerabilities for products from MISP

Listed below are 20 of the newest known vulnerabilities associated with the vendor "MISP".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2026-39962 json		Not Provided	2026-04-09	2026-04-09
CVE-2023-49926 json		6.1 - MEDIUM	2023-12-03	2023-12-06
CVE-2023-41098 json	An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id ...	6.1 - MEDIUM	2023-08-23	2023-08-28
CVE-2023-40224 json	MISP 2.4174 allows XSS in app/View/Events/index.ctp.	6.1 - MEDIUM	2023-08-10	2023-11-17
CVE-2023-24027 json	In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name.	6.1 - MEDIUM	2023-01-20	2023-01-27
CVE-2022-48329 json	MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyClu...	9.8 - CRITICAL	2023-02-20	2023-02-28
CVE-2022-48328 json	app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimit...	9.8 - CRITICAL	2023-02-20	2023-10-30
CVE-2022-29534 json	An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors inv...	7.5 - HIGH	2022-04-20	2024-02-01
CVE-2022-29533 json	An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation wit...	6.1 - MEDIUM	2022-04-20	2023-12-21
CVE-2022-29532 json	An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: UR...	4.8 - MEDIUM	2022-04-20	2024-02-01
CVE-2022-29531 json	An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name.	5.4 - MEDIUM	2022-04-20	2023-12-21
CVE-2022-29530 json	An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters.	5.4 - MEDIUM	2022-04-20	2023-12-21
CVE-2022-29529 json	An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field.	5.4 - MEDIUM	2022-04-20	2023-11-03
CVE-2022-29528 json	An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.	9.8 - CRITICAL	2022-04-20	2023-12-21
CVE-2022-27246 json	An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default.	6.1 - MEDIUM	2022-03-18	2022-03-25
CVE-2022-27245 json	An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. Thi...	8.8 - HIGH	2022-03-18	2022-03-25
CVE-2022-27244 json	An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth ...	4.8 - MEDIUM	2022-03-18	2022-03-25
CVE-2022-27243 json	An issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms fil...	7.8 - HIGH	2022-03-18	2022-03-25
CVE-2021-41326 json	In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call.	9.8 - CRITICAL	2021-09-17	2023-09-28
CVE-2021-39302 json	MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value.	9.8 - CRITICAL	2021-08-19	2021-08-23

Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from MISP

Type	Vendor	Product	Version
Application	Misp	Misp	0.1
Application	Misp	Misp-maltego	1.4.4