Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2021
CVE-2020-35984
A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter.
CVSS Score
5.4
EPSS Score
0.016
Published
2021-07-09
CVE-2020-35985
A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
CVSS Score
5.4
EPSS Score
0.051
Published
2021-07-09
CVE-2020-35986
A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
CVSS Score
5.4
EPSS Score
0.022
Published
2021-07-09
CVE-2020-35987
A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
CVSS Score
5.4
EPSS Score
0.016
Published
2021-07-09
CVE-2021-20024
Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a system instability or potentially read sensitive information from the memory locations.
CVSS Score
8.1
EPSS Score
0.001
Published
2021-07-09
CVE-2021-35358
A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Images of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' and 'Filename' parameters.
CVSS Score
4.8
EPSS Score
0.003
Published
2021-07-09
CVE-2021-35360
A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/containers of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload.
CVSS Score
4.8
EPSS Score
0.004
Published
2021-07-09
CVE-2021-35361
A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload.
CVSS Score
4.8
EPSS Score
0.004
Published
2021-07-09
CVE-2020-25391
A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-09
CVE-2020-25392
A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Article' field under the 'Article' plugin.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved