Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2021
CVE-2020-28943
OX App Suite 7.10.4 and earlier allows SSRF via a snippet.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-04-30
CVE-2020-28944
OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS server that responds slowly or with a large amount of data.
CVSS Score
7.5
EPSS Score
0.005
Published
2021-04-30
CVE-2021-31792
XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field
CVSS Score
5.4
EPSS Score
0.006
Published
2021-04-30
CVE-2021-31934
OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-04-30
CVE-2021-31935
OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-04-30
CVE-2021-31933
A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is able to upload a file containing arbitrary PHP code into specific directories via main/inc/lib/fileUpload.lib.php directory traversal to achieve PHP code execution.
CVSS Score
7.2
EPSS Score
0.123
Published
2021-04-30
CVE-2020-18084
Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to execute arbitrary code by injecting commands into the "referer" field of a POST request to the component "/member/index/login.html" when logging in.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-04-30
CVE-2021-21227
Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.036
Published
2021-04-30
CVE-2021-21228
Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
CVSS Score
4.3
EPSS Score
0.004
Published
2021-04-30
CVE-2021-21229
Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.009
Published
2021-04-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved