Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2022
CVE-2020-19897
A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-06-28
CVE-2021-41559
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-06-28
CVE-2022-24444
Silverstripe silverstripe/framework through 4.10 allows Session Fixation.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-06-28
CVE-2022-25238
Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-06-28
CVE-2022-29858
Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-06-28
CVE-2022-31883
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-06-28
CVE-2022-31885
Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts.
CVSS Score
9.8
EPSS Score
0.287
Published
2022-06-28
CVE-2022-31886
Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form.
CVSS Score
6.5
EPSS Score
0.009
Published
2022-06-28
CVE-2021-3430
Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr
CVSS Score
6.5
EPSS Score
0.003
Published
2022-06-28
CVE-2021-3431
Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9
CVSS Score
4.3
EPSS Score
0.004
Published
2022-06-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved