Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2023
CVE-2023-0746
The help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user. An attacker could enforce a user into inserting malicious JavaScript code into the URI, that could lead to a Reflected Cross site Scripting.
CVSS Score
6.3
EPSS Score
0.003
Published
2023-03-10
CVE-2023-1315
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.
CVSS Score
5.4
EPSS Score
0.101
Published
2023-03-10
CVE-2023-1316
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
CVSS Score
4.5
EPSS Score
0.004
Published
2023-03-10
CVE-2023-1317
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.
CVSS Score
5.4
EPSS Score
0.065
Published
2023-03-10
CVE-2023-1318
Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6.
CVSS Score
5.4
EPSS Score
0.065
Published
2023-03-10
CVE-2023-1319
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
CVSS Score
4.8
EPSS Score
0.002
Published
2023-03-10
CVE-2022-48111
A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-03-10
CVE-2023-26464
** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-03-10
CVE-2023-24774
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php.
CVSS Score
9.8
EPSS Score
0.014
Published
2023-03-10
CVE-2023-1313
Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1.
CVSS Score
7.2
EPSS Score
0.005
Published
2023-03-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved