Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2021
CVE-2021-23929
OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-01-12
CVE-2021-23930
OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-01-12
CVE-2021-23931
OX App Suite through 7.10.4 allows XSS via an inline binary file.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-01-12
CVE-2021-23932
OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-01-12
CVE-2021-23933
OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-01-12
CVE-2021-23934
OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-01-12
CVE-2021-23935
OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-01-12
CVE-2020-28390
A vulnerability has been identified in Opcenter Execution Core (V8.2), Opcenter Execution Core (V8.3). The application contains an information leakage vulnerability in the handling of web client sessions. A local attacker who has access to the Web Client Session Storage could disclose the passwords of currently logged-in users.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-01-12
CVE-2020-28391
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.
CVSS Score
5.9
EPSS Score
0.002
Published
2021-01-12
CVE-2020-28395
A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do not create a new unique private key after factory reset. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.
CVSS Score
5.9
EPSS Score
0.002
Published
2021-01-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved