Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2023
CVE-2020-19697
Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the <iframe>src parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-04-04
CVE-2020-19698
Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the editor parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-04-04
CVE-2020-19699
Cross Site Scripting vulnerability found in KOHGYLW Kiftd v.1.0.18 allows a remote attacker to execute arbitrary code via the <ifram> tag in the upload file page.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-04-04
CVE-2020-19850
An issue found in Directus API v.2.2.0 allows a remote attacker to cause a denial of service via a great amount of HTTP requests.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-04-04
CVE-2020-20521
Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-04-04
CVE-2020-20522
Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the registering user parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-04-04
CVE-2022-48435
In JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file
CVSS Score
3.3
EPSS Score
0.0
Published
2023-04-04
CVE-2023-28999
Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure and add new files.​ This issue is fixed in Nextcloud Desktop 3.8.0, Nextcloud Android 3.25.0, and Nextcloud iOS 4.8.0. No known workarounds are available.
CVSS Score
6.9
EPSS Score
0.002
Published
2023-04-04
CVE-2023-29000
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0, by trusting that the server will return a certificate that belongs to the keypair of the user, a malicious server could get the desktop client to encrypt files with a key known to the attacker. This issue is fixed in Nextcloud Desktop 3.7.0. No known workarounds are available.
CVSS Score
5.4
EPSS Score
0.005
Published
2023-04-04
CVE-2022-47870
A Cross Site Scripting (XSS) vulnerability in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows remote attackers to inject arbitrary web Script or HTML via the returnUrl parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-04-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved