Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2022
CVE-2022-29529
An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-04-20
CVE-2022-29530
An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-04-20
CVE-2022-29531
An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-04-20
CVE-2022-29532
An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it.
CVSS Score
4.8
EPSS Score
0.003
Published
2022-04-20
CVE-2022-29533
An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page."
CVSS Score
6.1
EPSS Score
0.003
Published
2022-04-20
CVE-2022-29534
An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-04-20
CVE-2022-29536
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-04-20
CVE-2022-29537
gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a heap-based buffer over-read, as demonstrated by MP4Box.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-04-20
CVE-2021-43481
An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-04-20
CVE-2022-24865
HumHub is an Open Source Enterprise Social Network. In affected versions users who are forced to change their password by an administrator may retrieve other users' data. This issue has been resolved by commit `eb83de20`. It is recommended that the HumHub is upgraded to 1.11.0, 1.10.4 or 1.9.4. There are no known workarounds for this issue.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-04-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved