Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2024
CVE-2024-41353
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\groups\edit-group.php
CVSS Score
7.1
EPSS Score
0.003
Published
2024-07-26
CVE-2024-41354
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/widgets/edit.php
CVSS Score
7.1
EPSS Score
0.003
Published
2024-07-26
CVE-2024-41373
ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-versions-preview-loader.php.
CVSS Score
6.3
EPSS Score
0.002
Published
2024-07-26
CVE-2024-41374
ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/settings-screen.php
CVSS Score
6.1
EPSS Score
0.002
Published
2024-07-26
CVE-2024-41375
ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/terminal-xhr.php
CVSS Score
6.1
EPSS Score
0.002
Published
2024-07-26
CVE-2024-41812
txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Prior to version 1.7.0, a Server-Side Request Forgery (SSRF) vulnerability in the `/get` route of txtdot allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network. Version 1.7.0 prevents displaying the response of forged requests, but the requests can still be sent. For complete mitigation, a firewall between txtdot and other internal network resources should be set.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-07-26
CVE-2024-41813
txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Starting in version 1.4.0 and prior to version 1.6.1, a Server-Side Request Forgery (SSRF) vulnerability in the `/proxy` route of txtdot allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network. Version 1.6.1 patches the issue.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-07-26
CVE-2024-41355
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools/request-ip/index.php.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-07-26
CVE-2024-41356
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\firewall-zones\zones-edit-network.php.
CVSS Score
4.7
EPSS Score
0.004
Published
2024-07-26
CVE-2024-41357
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php.
CVSS Score
7.1
EPSS Score
0.022
Published
2024-07-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved