Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2019
CVE-2019-13340
In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the content box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, CVE-2018-20520, and CVE-2019-13186.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-07-05
CVE-2019-13341
In MiniCMS V1.10, stored XSS was found in mc-admin/conf.php (comment box), which can be used to get a user's cookie.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-07-05
CVE-2019-13339
In MiniCMS V1.10, stored XSS was found in mc-admin/page-edit.php (content box), which can be used to get a user's cookie.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-07-05
CVE-2019-5984
Cross-site request forgery (CSRF) vulnerability in Custom CSS Pro 1.0.3 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-07-05
CVE-2019-5965
Open redirect vulnerability in Joruri Mail 2.1.4 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-07-05
CVE-2019-5966
Joruri Mail 2.1.4 and earlier does not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and alter/disclose the information via unspecified vectors.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-07-05
CVE-2019-5967
Cross-site scripting vulnerability in Joruri CMS 2017 Release2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-07-05
CVE-2019-5968
Cross-site request forgery (CSRF) vulnerability in GROWI v3.4.6 and earlier allows remote attackers to hijack the authentication of administrators via updating user's 'Basic Info'.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-07-05
CVE-2019-5969
Open redirect vulnerability in GROWI v3.4.6 and earlier allows remote attackersto redirect users to arbitrary web sites and conduct phishing attacks via the process of login.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-07-05
CVE-2019-5970
Cross-site scripting vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.007
Published
2019-07-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved