Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2018
CVE-2018-11679
An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-06-02
CVE-2018-11680
An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-06-02
CVE-2018-11522
Yosoro 1.0.4 has stored XSS.
CVSS Score
6.1
EPSS Score
0.027
Published
2018-06-02
CVE-2018-11564
Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/poc.svg" that will point to http://localhost/pagekit/storage/poc.svg. When a user comes along to click that link, it will trigger a XSS attack.
CVSS Score
4.8
EPSS Score
0.004
Published
2018-06-02
CVE-2018-11175
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 33 of 46).
CVSS Score
8.8
EPSS Score
0.076
Published
2018-06-02
CVE-2018-11176
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 34 of 46).
CVSS Score
8.8
EPSS Score
0.076
Published
2018-06-02
CVE-2018-11177
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 35 of 46).
CVSS Score
8.8
EPSS Score
0.076
Published
2018-06-02
CVE-2018-11178
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 36 of 46).
CVSS Score
8.8
EPSS Score
0.076
Published
2018-06-02
CVE-2018-11179
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 37 of 46).
CVSS Score
8.8
EPSS Score
0.076
Published
2018-06-02
CVE-2018-11180
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 38 of 46).
CVSS Score
8.8
EPSS Score
0.076
Published
2018-06-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved