Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2021
CVE-2020-18660
GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-06-23
CVE-2020-23962
A cross site scripting (XSS) vulnerability in Catfish CMS 4.9.90 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "announcement_gonggao" parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-06-23
CVE-2020-18657
Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-06-23
CVE-2020-18658
Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to settings.php.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-06-23
CVE-2020-18659
Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php
CVSS Score
6.1
EPSS Score
0.004
Published
2021-06-23
CVE-2021-29620
Report portal is an open source reporting and analysis framework. Starting from version 3.1.0 of the service-api XML parsing was introduced. Unfortunately the XML parser was not configured properly to prevent XML external entity (XXE) attacks. This allows a user to import a specifically-crafted XML file which imports external Document Type Definition (DTD) file with external entities for extraction of secrets from Report Portal service-api module or server-side request forgery. This will be resolved in the 5.4.0 release.
CVSS Score
7.5
EPSS Score
0.01
Published
2021-06-23
CVE-2021-33624
In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.
CVSS Score
4.7
EPSS Score
0.004
Published
2021-06-23
CVE-2020-20389
Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php.
CVSS Score
4.8
EPSS Score
0.003
Published
2021-06-23
CVE-2020-20391
Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-06-23
CVE-2020-20392
SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php.
CVSS Score
9.8
EPSS Score
0.01
Published
2021-06-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved