Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2022
CVE-2022-24229
A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-04-08
CVE-2021-46436
An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-04-08
CVE-2021-46437
An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-04-08
CVE-2022-28000
Car Rental System v1.0 was discovered to contain a SQL injection vulnerability at /Car_Rental/booking.php via the id parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-04-08
CVE-2022-28001
Movie Seat Reservation v1 was discovered to contain a SQL injection vulnerability at /index.php?page=reserve via the id parameter.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-04-08
CVE-2022-28002
Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-04-08
CVE-2022-26624
Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title parameter in /vendor/views/add_product.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-04-08
CVE-2022-27061
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVSS Score
7.2
EPSS Score
0.031
Published
2022-04-08
CVE-2022-27062
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field.
CVSS Score
4.8
EPSS Score
0.007
Published
2022-04-08
CVE-2022-27063
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.
CVSS Score
6.1
EPSS Score
0.007
Published
2022-04-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved