Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2022
CVE-2022-0743
Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31.
CVSS Score
4.6
EPSS Score
0.002
Published
2022-02-28
CVE-2022-23906
CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file.
CVSS Score
7.2
EPSS Score
0.064
Published
2022-02-28
CVE-2022-23907
CMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-02-28
CVE-2022-25028
Home Owners Collection Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the collected_by parameter under the List of Collections module.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-02-28
CVE-2022-25407
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-02-28
CVE-2022-25408
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-02-28
CVE-2022-25409
Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-02-28
CVE-2022-25410
Maxsite CMS v180 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_file_description at /admin/files.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-02-28
CVE-2022-25411
A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file.
CVSS Score
9.8
EPSS Score
0.107
Published
2022-02-28
CVE-2022-25412
Maxsite CMS v180 was discovered to contain multiple arbitrary file deletion vulnerabilities in /admin_page/all-files-update-ajax.php via the dir and deletefile parameters.
CVSS Score
8.1
EPSS Score
0.004
Published
2022-02-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved