Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2020
CVE-2020-13961
Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails.
CVSS Score
6.5
EPSS Score
0.006
Published
2020-06-19
CVE-2020-14475
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey).
CVSS Score
6.1
EPSS Score
0.003
Published
2020-06-19
CVE-2018-21262
An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-19
CVE-2018-21263
An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-06-19
CVE-2018-21265
An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler (e.g., video, audio, and notifications).
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
CVE-2019-20875
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows a password reset to proceed while an e-mail address is being changed.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
CVE-2019-20876
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Users can deactivate themselves, bypassing a policy.
CVSS Score
5.4
EPSS Score
0.004
Published
2020-06-19
CVE-2019-20877
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information about whether someone has 2FA enabled.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
CVE-2019-20878
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Changes, within the application, to e-mail addresses are mishandled.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19
CVE-2019-20879
An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved