Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2023
CVE-2023-1663
Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and its contents are accessible. 5.9 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C)
CVSS Score
6.5
EPSS Score
0.001
Published
2023-03-29
CVE-2022-48432
In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed.
CVSS Score
5.2
EPSS Score
0.0
Published
2023-03-29
CVE-2022-48433
In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.
CVSS Score
6.1
EPSS Score
0.0
Published
2023-03-29
CVE-2023-23861
Cross-Site Request Forgery (CSRF) vulnerability in German Mesky GMAce plugin <= 1.5.2 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-03-29
CVE-2023-28158
Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-03-29
CVE-2022-38077
Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin <= 2.2.1 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-03-29
CVE-2022-47433
Unauth. Reflected Cross-Site Scripting vulnerability in Daniel Powney Multi Rating plugin <= 5.0.5 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-03-29
CVE-2022-47438
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-03-29
CVE-2022-47444
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin <= 4.5.3 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-03-29
CVE-2022-48430
In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-03-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved