Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2020
CVE-2020-8033
Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Name field.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-05-05
CVE-2020-8829
CSRF on Intelbras CIP 92200 devices allows an attacker to access the panel and perform scraping or other analysis.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-05-05
CVE-2020-8830
CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-05-05
CVE-2019-19514
Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in basic repeater settings via an SSID.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-05-05
CVE-2019-19515
Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in wireless settings.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-05-05
CVE-2020-8799
A Stored XSS vulnerability has been found in the administration page of the WTI Like Post plugin through 1.4.5 for WordPress. Once the administrator has submitted the data, the script stored is executed for all the users visiting the website.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-05-05
CVE-2020-11737
A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with a "www" substring (including the quotes) followed immediately by a DOM event listener such as onmouseover. This is fixed in 9.0.0 Patch 2.
CVSS Score
6.1
EPSS Score
0.012
Published
2020-05-05
CVE-2020-12104
The Import feature in the wp-advanced-search plugin 3.3.6 for WordPress is vulnerable to authenticated SQL injection via an uploaded .sql file. An attacker can use this to execute SQL commands without any validation.
CVSS Score
8.8
EPSS Score
0.006
Published
2020-05-05
CVE-2017-18864
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7000P before 1.0.0.56, R6900P before 1.0.0.56, R7100LG before 1.0.0.32, R7300 before 1.0.0.54, R7900 before 1.0.1.18, R8300 before 1.0.2.104, and R8500 before 1.0.2.104.
CVSS Score
8.8
EPSS Score
0.006
Published
2020-05-05
CVE-2017-18865
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8300 before 1.0.2.104 and R8500 before 1.0.2.104.
CVSS Score
6.8
EPSS Score
0.001
Published
2020-05-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved