Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2025
CVE-2024-9188
Specially constructed queries cause cross platform scripting leaking administrator tokens
CVSS Score
8.8
EPSS Score
0.006
Published
2025-01-10
CVE-2025-23110
An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting (XSS) vulnerability in the email-subject field exists while performing an upload of a CSV file containing a list of alert configurations. An attacker can send the victim a CSV file containing the XSS payload in the email-subject. Once the victim uploads the file, he automatically lands on a page to view the uploaded data. If the victim clicks on the email-subject value, it triggers the XSS payload.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-01-10
CVE-2025-23111
An issue was discovered in REDCap 14.9.6. It allows HTML Injection via the Survey field name, exposing users to a redirection to a phishing website. An attacker can exploit this to trick the user that receives the survey into clicking on the field name, which redirects them to a phishing website. Thus, this allows malicious actions to be executed without user consent.
CVSS Score
4.7
EPSS Score
0.001
Published
2025-01-10
CVE-2025-23112
An issue was discovered in REDCap 14.9.6. A stored cross-site scripting (XSS) vulnerability allows authenticated users to inject malicious scripts into the Survey field name of Survey. When a user receive the survey, if he clicks on the field name, it triggers the XSS payload.
CVSS Score
6.1
EPSS Score
0.002
Published
2025-01-10
CVE-2024-47518
Specially constructed queries targeting ETM could discover active remote access sessions
CVSS Score
6.4
EPSS Score
0.001
Published
2025-01-10
CVE-2024-47519
Backup uploads to ETM subject to man-in-the-middle interception
CVSS Score
8.3
EPSS Score
0.001
Published
2025-01-10
CVE-2024-47520
A user with advanced report application access rights can perform actions for which they are not authorized
CVSS Score
7.6
EPSS Score
0.001
Published
2025-01-10
CVE-2024-9131
A user with administrator privileges can perform command injection
CVSS Score
7.2
EPSS Score
0.003
Published
2025-01-10
CVE-2024-9132
The administrator is able to configure an insecure captive portal script
CVSS Score
8.1
EPSS Score
0.006
Published
2025-01-10
CVE-2024-9133
A user with administrator privileges is able to retrieve authentication tokens
CVSS Score
6.6
EPSS Score
0.0
Published
2025-01-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved