Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2022
CVE-2021-44908
SailsJS Sails.js <=1.4.0 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules().
CVSS Score
9.8
EPSS Score
0.005
Published
2022-03-17
CVE-2021-45793
Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained.
CVSS Score
7.5
EPSS Score
0.117
Published
2022-03-17
CVE-2021-45794
Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-03-17
CVE-2022-0748
The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed.
CVSS Score
9.8
EPSS Score
0.012
Published
2022-03-17
CVE-2022-0749
This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter.
CVSS Score
7.4
EPSS Score
0.005
Published
2022-03-17
CVE-2021-45791
Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-03-17
CVE-2021-45792
Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-03-17
CVE-2022-1000
Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-03-17
CVE-2022-24072
The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-03-17
CVE-2022-24073
The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.
CVSS Score
7.1
EPSS Score
0.002
Published
2022-03-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved