Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2024
CVE-2024-34355
TYPO3 is an enterprise content management system. Starting in version 13.0.0 and prior to version 13.1.1, the history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML markup. Exploiting this vulnerability requires a valid backend user account. TYPO3 version 13.1.1 fixes the problem described.
CVSS Score
3.5
EPSS Score
0.006
Published
2024-05-14
CVE-2024-34356
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to the form module. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1 fix the problem described.
CVSS Score
5.4
EPSS Score
0.005
Published
2024-05-14
CVE-2024-34191
htmly v2.9.6 was discovered to contain an arbitrary file deletion vulnerability via the delete_post() function at admin.php. This vulnerability allows attackers to delete arbitrary files via a crafted request.
CVSS Score
6.5
EPSS Score
0.004
Published
2024-05-14
CVE-2024-34243
Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the username parameter.
CVSS Score
5.4
EPSS Score
0.003
Published
2024-05-14
CVE-2024-34256
OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-05-14
CVE-2024-33863
An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/Cdn/GetFile local file inclusion.
CVSS Score
9.8
EPSS Score
0.005
Published
2024-05-14
CVE-2024-33864
An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation via malicious JavaScript.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-05-14
CVE-2024-33865
An issue was discovered in linqi before 1.4.0.1 on Windows. There is an NTLM hash leak via the /api/Cdn/GetFile and /api/DocumentTemplate/{GUID] endpoints.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-05-14
CVE-2024-33866
An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/DocumentTemplate/{GUID] XSS.
CVSS Score
5.5
EPSS Score
0.003
Published
2024-05-14
CVE-2024-33867
An issue was discovered in linqi before 1.4.0.1 on Windows. There is a hardcoded password salt.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-05-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved