Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2024
CVE-2024-28666
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/media_add.php
CVSS Score
5.5
EPSS Score
0.001
Published
2024-03-13
CVE-2024-28667
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/templets_one_edit.php
CVSS Score
6.1
EPSS Score
0.001
Published
2024-03-13
CVE-2024-28668
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/mychannel_add.php
CVSS Score
6.1
EPSS Score
0.002
Published
2024-03-13
CVE-2024-28429
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/archives_do.php
CVSS Score
5.5
EPSS Score
0.001
Published
2024-03-13
CVE-2024-28430
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_edit.php.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-03-13
CVE-2024-28431
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_del.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-03-13
CVE-2024-28432
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_edit.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-03-13
CVE-2024-2123
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
7.2
EPSS Score
0.413
Published
2024-03-13
CVE-2023-32335
IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255075.
CVSS Score
3.7
EPSS Score
0.001
Published
2024-03-13
CVE-2023-38723
IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262192.
CVSS Score
6.4
EPSS Score
0.001
Published
2024-03-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved