Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2023
CVE-2023-23012
Cross Site Scripting (XSS) vulnerability in craigrodway classroombookings 2.6.4 allows attackers to execute arbitrary code or other unspecified impacts via the input bgcol in file Weeks.php.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-01-20
CVE-2023-23014
Cross Site Scripting (XSS) vulnerability in InventorySystem thru commit e08fbbe17902146313501ed0b5feba81d58f455c (on Apr 23, 2021) via edit_store_name and edit_active inputs in file InventorySystem.php.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-01-20
CVE-2023-23015
Cross Site Scripting (XSS) vulnerability in Kalkun 0.8.0 via username input in file User_model.php.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-01-20
CVE-2023-23024
Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the writer parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-01-20
CVE-2023-23143
Buffer overflow vulnerability in function avc_parse_slice in file media_tools/av_parsers.c. GPAC version 2.3-DEV-rev1-g4669ba229-master.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-01-20
CVE-2023-23144
Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-master.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-01-20
CVE-2023-23145
GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a memory leak in lsr_read_rare_full function.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-01-20
CVE-2023-23490
The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surveys_export_json' action.
CVSS Score
8.8
EPSS Score
0.009
Published
2023-01-20
CVE-2023-23491
The Quick Event Manager WordPress Plugin, version < 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qem_ajax_calendar' action.
CVSS Score
6.1
EPSS Score
0.076
Published
2023-01-20
CVE-2023-23492
The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwp_forgot_password' action.
CVSS Score
8.8
EPSS Score
0.87
Published
2023-01-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved