Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2023
OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls (for reading contacts) via a move to their own address book.
CVSS Score
4.3
EPSS Score
0.0
Published
2023-05-29
OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API's registry sub-tree.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-05-29
OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-05-29
OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of data.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-05-29
OX App Suite before backend 7.10.6-rev37 does not check HTTP header lengths when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of header data.
CVSS Score
4.3
EPSS Score
0.0
Published
2023-05-29
OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens.
CVSS Score
4.2
EPSS Score
0.001
Published
2023-05-29
OX App Suite before frontend 7.10.6-rev24 allows the loading (without user consent) of an e-mail message's remote resources during printing.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-05-29
Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds (Tweets Widget) plugin <= 1.8.4 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-05-29
Cross-Site Request Forgery (CSRF) vulnerability in Codeixer Product Gallery Slider for WooCommerce plugin <= 2.2.8 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-29
An issue was discovered in the Kiddoware Kids Place Parental Control application before 3.8.50 for Android. The child can remove all restrictions temporarily without the parents noticing by rebooting into Android Safe Mode and disabling the "Display over other apps" permission.
CVSS Score
6.4
EPSS Score
0.001
Published
2023-05-29


Contact Us

Shodan ® - All rights reserved