Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2023
CVE-2023-36385
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpxpo PostX – Gutenberg Post Grid Blocks plugin <= 2.9.9 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-07-25
CVE-2023-36501
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Winkler teachPress plugin <= 9.0.2 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-07-25
CVE-2023-36502
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cththemes Balkon plugin <= 1.3.2 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-07-25
CVE-2023-36503
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Max Foundry WordPress Button Plugin MaxButtons plugin <= 9.5.3 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-07-25
CVE-2023-23833
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Steven Henty Drop Shadow Boxes plugin <= 1.7.10 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-07-25
CVE-2023-33925
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PluginForage WooCommerce Product Categories Selection Widget plugin <= 2.0 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-07-25
CVE-2023-35043
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Neha Goel Recent Posts Slider plugin <= 1.1 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-07-25
CVE-2023-3486
An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. This could exhaust system resources and prevent the service from operating as expected.
CVSS Score
8.2
EPSS Score
0.024
Published
2023-07-25
CVE-2023-3637
An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-07-25
CVE-2023-2850
NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker.
CVSS Score
4.7
EPSS Score
0.001
Published
2023-07-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved