Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2022
CVE-2022-24898
org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Starting in version 2.7 and prior to versions 12.10.10, 13.4.4, and 13.8-rc-1, it is possible for a script to access any file accessing to the user running XWiki application server with XML External Entity Injection through the XML script service. The problem has been patched in versions 12.10.10, 13.4.4, and 13.8-rc-1. There is no easy workaround for fixing this vulnerability other than upgrading and being careful when giving Script rights.
CVSS Score
4.9
EPSS Score
0.001
Published
2022-04-28
CVE-2022-28060
SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-04-28
CVE-2022-28454
Limbas 4.3.36.1319 is vulnerable to Cross Site Scripting (XSS).
CVSS Score
6.1
EPSS Score
0.007
Published
2022-04-28
CVE-2022-28477
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS).
CVSS Score
6.1
EPSS Score
0.003
Published
2022-04-28
CVE-2022-29411
SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id).
CVSS Score
8.3
EPSS Score
0.004
Published
2022-04-28
CVE-2022-29412
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-04-28
CVE-2022-29413
Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress via &title parameter.
CVSS Score
4.7
EPSS Score
0.001
Published
2022-04-28
CVE-2022-29410
Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids).
CVSS Score
7.4
EPSS Score
0.004
Published
2022-04-28
CVE-2022-1514
Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user's machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account.
CVSS Score
9.0
EPSS Score
0.002
Published
2022-04-28
CVE-2022-22322
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218370.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-04-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved