Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2022
CVE-2022-30017
Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading to admin account takeover via cookie stealing.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-05-23
CVE-2022-28932
D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions.
CVSS Score
9.8
EPSS Score
0.008
Published
2022-05-23
CVE-2022-29004
Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php.
CVSS Score
6.1
EPSS Score
0.36
Published
2022-05-23
CVE-2022-29005
Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters.
CVSS Score
6.1
EPSS Score
0.074
Published
2022-05-23
CVE-2022-30014
Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-05-23
CVE-2021-41714
In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage.
CVSS Score
7.7
EPSS Score
0.007
Published
2022-05-23
CVE-2022-1811
Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9.
CVSS Score
9.1
EPSS Score
0.002
Published
2022-05-23
CVE-2022-0900
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NetDataSoft DivvyDrive allows Stored XSS.This issue affects DivvyDrive: from unspecified before v.4.6.2.0.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-05-23
CVE-2022-28997
CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/.
CVSS Score
7.5
EPSS Score
0.014
Published
2022-05-23
CVE-2022-28998
Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted code.
CVSS Score
8.1
EPSS Score
0.034
Published
2022-05-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved