Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2018
CVE-2017-18176
Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1.
CVSS Score
5.4
EPSS Score
0.001
Published
2018-02-12
CVE-2017-18177
Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1.
CVSS Score
5.4
EPSS Score
0.001
Published
2018-02-12
CVE-2017-18178
Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. This is fixed in 10.1.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-02-12
CVE-2017-18179
Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1.
CVSS Score
8.8
EPSS Score
0.01
Published
2018-02-12
CVE-2018-6893
controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-02-12
CVE-2018-6506
Cross-Site Scripting (XSS) exists in the Add Forum feature in the Administrative Panel in miniBB 3.2.2 via crafted use of an onload attribute of an SVG element in the supertitle field.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-02-12
CVE-2018-6845
PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the Leave Comment field.
CVSS Score
6.1
EPSS Score
0.005
Published
2018-02-12
CVE-2018-6858
Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone Script.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-02-12
CVE-2018-6860
Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script 2.0.2 via a profile picture.
CVSS Score
8.8
EPSS Score
0.023
Published
2018-02-12
CVE-2018-6861
Cross Site Scripting (XSS) exists in PHP Scripts Mall Lawyer Search Script 1.0.2 via a profile update parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-02-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved