Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2024
CVE-2024-29952
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-04-17
CVE-2024-29955
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key.
CVSS Score
5.0
EPSS Score
0.001
Published
2024-04-17
CVE-2024-32337
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN URL parameter under the Security module.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-04-17
CVE-2024-32338
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-04-17
CVE-2024-32339
Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-04-17
CVE-2024-32340
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE parameter under the Menu module.
CVSS Score
9.6
EPSS Score
0.001
Published
2024-04-17
CVE-2024-32341
Multiple cross-site scripting (XSS) vulnerabilities in the Home page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-04-17
CVE-2024-32342
A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-04-17
CVE-2024-32343
A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-04-17
CVE-2024-32344
A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section.
CVSS Score
6.8
EPSS Score
0.001
Published
2024-04-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved