Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2024
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping on user supplied attributes such as 'id'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.001
Published
2024-03-29
An malicious BLE device can crash BLE victim device by sending malformed gatt packet
CVSS Score
6.8
EPSS Score
0.002
Published
2024-03-29
halo v1.6.0 is vulnerable to Cross Site Scripting (XSS).
CVSS Score
6.1
EPSS Score
0.001
Published
2024-03-28
SQL Injection vulnerability in Best Courier management system v.1.0 allows a remote attacker to obtain sensitive information via print_pdets.php component.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-03-28
Cross Site Scripting vulnerability in Campcodes Online Marriage Registration System v.1.0 allows a remote attacker to execute arbitrary code via the text fields in the marriage registration request form.
CVSS Score
5.4
EPSS Score
0.005
Published
2024-03-28
SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter.
CVSS Score
8.1
EPSS Score
0.002
Published
2024-03-28
NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access the restricted tabs for the Admin group via "isadmin":true.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-03-28
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Email input field.
CVSS Score
6.4
EPSS Score
0.004
Published
2024-03-28
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field.
CVSS Score
6.1
EPSS Score
0.007
Published
2024-03-28
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the City input field.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-03-28


Contact Us

Shodan ® - All rights reserved