Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2020
CVE-2020-15535
An issue was discovered in the bestsoftinc Car Rental System plugin through 1.3 for WordPress. Persistent XSS can occur via any of the registration fields.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-07-05
CVE-2020-15536
An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress. Persistent XSS can occur via any of the registration fields.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-07-05
CVE-2020-15537
An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-07-05
CVE-2020-15538
XSS can occur in We-com Municipality portal CMS 2.1.x via the cerca/ search bar.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-07-05
CVE-2020-15539
SQL injection can occur in We-com Municipality portal CMS 2.1.x via the cerca/ keywords field.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-07-05
CVE-2020-15540
We-com OpenData CMS 2.0 allows SQL Injection via the username field on the administrator login page.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-07-05
CVE-2020-15466
In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-07-05
CVE-2020-15528
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a game because of weak file permissions and missing file integrity checks.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-07-05
CVE-2020-15529
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a verify/repair operation. The issue exists because of weak file permissions and can be exploited by using opportunistic locks.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-07-05
CVE-2020-15530
An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of %PROGRAMFILES(X86)%\Steam and/or %COMMONPROGRAMFILES(X86)%\Steam have weak permissions during a critical time window. An attacker can make this time window arbitrarily long by using opportunistic locks.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-07-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved