Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2024
CVE-2023-49971
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customer_support/index.php?page=customer_list.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-03-06
CVE-2023-49973
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customer_support/index.php?page=customer_list.
CVSS Score
6.1
EPSS Score
0.004
Published
2024-03-06
CVE-2023-49974
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contact parameter at /customer_support/index.php?page=customer_list.
CVSS Score
6.1
EPSS Score
0.004
Published
2024-03-06
CVE-2023-49976
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customer_support/index.php?page=new_ticket.
CVSS Score
5.4
EPSS Score
0.003
Published
2024-03-06
CVE-2023-49977
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customer_support/index.php?page=new_customer.
CVSS Score
5.4
EPSS Score
0.004
Published
2024-03-06
CVE-2023-33677
Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*".
CVSS Score
7.5
EPSS Score
0.001
Published
2024-03-06
CVE-2023-38944
An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser RE163V firmware v12.03.01.10_pt allows attackers to bypass the access control and gain complete access to the application via modifying a HTTP header.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-03-06
CVE-2023-38945
Multilaser RE160 v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01, Multilaser RE160V v12.03.01.08_pt and V12.03.01.09_pt, and Multilaser RE163V v12.03.01.08_pt allows attackers to bypass the access control and gain complete access to the application via supplying a crafted URL.
CVSS Score
9.8
EPSS Score
0.0
Published
2024-03-06
CVE-2023-38946
An issue in Multilaser RE160 firmware v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01 allows attackers to bypass the access control and gain complete access to the application via supplying a crafted cookie.
CVSS Score
8.8
EPSS Score
0.0
Published
2024-03-06
CVE-2023-43318
TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests.
CVSS Score
8.8
EPSS Score
0.005
Published
2024-03-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved