Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2022
CVE-2022-29269
In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address.
CVSS Score
6.5
EPSS Score
0.049
Published
2022-06-29
CVE-2022-29270
In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address.
CVSS Score
4.3
EPSS Score
0.005
Published
2022-06-29
CVE-2022-29271
In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable all monitoring checks.
CVSS Score
6.5
EPSS Score
0.005
Published
2022-06-29
CVE-2022-29272
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
CVSS Score
6.1
EPSS Score
0.041
Published
2022-06-29
CVE-2022-31266
In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-06-29
CVE-2022-31897
SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=.
CVSS Score
6.1
EPSS Score
0.01
Published
2022-06-29
CVE-2022-32532
Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
CVSS Score
9.8
EPSS Score
0.784
Published
2022-06-29
CVE-2022-31884
Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-06-28
CVE-2022-31887
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-06-28
CVE-2020-19896
File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php.
CVSS Score
9.8
EPSS Score
0.007
Published
2022-06-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved