Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2023
CVE-2023-3293
Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm-core prior to 8.3.0.
CVSS Score
7.6
EPSS Score
0.001
Published
2023-06-16
CVE-2023-2785
Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service
CVSS Score
4.3
EPSS Score
0.001
Published
2023-06-16
CVE-2023-2792
Mattermost fails to sanitize ephemeral error messages, allowing an attacker to obtain arbitrary message contents by a specially crafted /groupmsg command.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-06-16
CVE-2023-2793
Mattermost fails to validate links on external websites when constructing a preview for a linked website, allowing an attacker to cause a denial-of-service by a linking to a specially crafted webpage in a message.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-06-16
CVE-2023-2797
Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel.
CVSS Score
3.1
EPSS Score
0.005
Published
2023-06-16
CVE-2023-2831
Mattermost fails to unescape Markdown strings in a memory-efficient way, allowing an attacker to cause a Denial of Service by sending a message containing a large number of escaped characters.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-06-16
CVE-2023-33306
A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted request in bookmark parameter.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-06-16
CVE-2023-33307
A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-06-16
CVE-2023-2791
When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated attacker to edit an arbitrary channel post.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-06-16
CVE-2023-25963
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JoomSky JS Job Manager plugin <= 2.0.0 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-06-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved