Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2019
CVE-2019-7435
PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected HTML injection via the Search Form.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-03-21
CVE-2019-7436
PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory traversal via a direct request for a listing of an uploads directory.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-03-21
CVE-2019-7437
PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected Cross-Site Scripting (XSS) via the Search field.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-21
CVE-2019-7438
cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter.
CVSS Score
6.1
EPSS Score
0.075
Published
2019-03-21
CVE-2019-7439
cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang) via the mask POST parameter.
CVSS Score
6.5
EPSS Score
0.15
Published
2019-03-21
CVE-2019-7440
JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi).
CVSS Score
6.5
EPSS Score
0.002
Published
2019-03-21
CVE-2019-7441
cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. NOTE: The plugin author states it is true that the amount can be manipulated in the PayPal payment flow. However, the amount is validated against the WooCommerce order total before completing the order, and if it doesn’t match then the order will be left in an “On Hold” state
CVSS Score
6.5
EPSS Score
0.018
Published
2019-03-21
CVE-2019-7386
A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code execution on the device.
CVSS Score
6.5
EPSS Score
0.026
Published
2019-03-21
CVE-2019-7391
ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF.
CVSS Score
8.8
EPSS Score
0.008
Published
2019-03-21
CVE-2019-7416
XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in "/webtop/help/en/default.htm" is vulnerable.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-03-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved