Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2020
CVE-2019-20891
WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-06-19
CVE-2020-14930
An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but is also transmitted to the unauthenticated HTTP client.
CVSS Score
8.1
EPSS Score
0.036
Published
2020-06-19
CVE-2016-11084
An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF.
CVSS Score
6.1
EPSS Score
0.001
Published
2020-06-19
CVE-2017-18905
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
CVE-2017-18906
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. An attacker could claim somebody else's account.
CVSS Score
8.1
EPSS Score
0.002
Published
2020-06-19
CVE-2017-18907
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-19
CVE-2017-18908
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-06-19
CVE-2017-18913
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-19
CVE-2017-18914
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
CVE-2017-18915
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-06-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved