Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2019
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script.
CVSS Score
5.4
EPSS Score
0.001
Published
2019-06-18
Helpy v2.1.0 has Stored XSS via the Ticket title.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-06-18
Artha ~ The Open Thesaurus 1.0.3.0 has a Buffer Overflow.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-06-18
dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp.
CVSS Score
7.2
EPSS Score
0.003
Published
2019-06-18
In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::ProcessPacket metadata_id!=0 assertion, leading to shutting down the client application.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-06-18
An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Unlimited physical access to the PLC may lead to a manipulation of SD cards data. SD card manipulation may lead to an authentication bypass opportunity.
CVSS Score
6.8
EPSS Score
0.001
Published
2019-06-18
Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-06-18
An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/qr/qr.php url parameter.
CVSS Score
6.1
EPSS Score
0.012
Published
2019-06-18
OX App Suite 7.10.1 and earlier allows Information Exposure.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-06-18
app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization.
CVSS Score
7.2
EPSS Score
0.021
Published
2019-06-18


Contact Us

Shodan ® - All rights reserved