Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2024
CVE-2024-26281
Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS < 123.
CVSS Score
4.7
EPSS Score
0.003
Published
2024-02-22
CVE-2024-26282
Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS < 123.
CVSS Score
7.1
EPSS Score
0.004
Published
2024-02-22
CVE-2024-26283
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS < 123.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-02-22
CVE-2024-26284
Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker's website. This vulnerability affects Focus for iOS < 123.
CVSS Score
6.1
EPSS Score
0.007
Published
2024-02-22
CVE-2024-25876
A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-02-22
CVE-2024-26349
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_translation.php
CVSS Score
4.3
EPSS Score
0.0
Published
2024-02-22
CVE-2024-26350
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_contact_form_settings.php
CVSS Score
8.8
EPSS Score
0.001
Published
2024-02-22
CVE-2024-26351
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_place.php
CVSS Score
6.1
EPSS Score
0.0
Published
2024-02-22
CVE-2024-26352
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_places.php
CVSS Score
8.8
EPSS Score
0.001
Published
2024-02-22
CVE-2024-26445
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php
CVSS Score
6.1
EPSS Score
0.001
Published
2024-02-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved