Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2024
CVE-2023-43971
Cross Site Scripting vulnerability in ACG-faka v1.1.7 allows a remote attacker to execute arbitrary code via the encode parameter in Index.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-07-17
CVE-2024-40492
Cross Site Scripting vulnerability in Heartbeat Chat v.15.2.1 allows a remote attacker to execute arbitrary code via the setname function.
CVSS Score
7.1
EPSS Score
0.011
Published
2024-07-17
CVE-2024-39124
In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-07-17
CVE-2024-39125
Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-07-17
CVE-2024-39126
Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-07-17
CVE-2024-40402
A SQL injection vulnerability was found in 'ajax.php' of Sourcecodester Simple Library Management System 1.0. This vulnerability stems from insufficient user input validation of the 'username' parameter, allowing attackers to inject malicious SQL queries.
CVSS Score
6.3
EPSS Score
0.0
Published
2024-07-17
CVE-2024-28796
IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286833.
CVSS Score
6.4
EPSS Score
0.001
Published
2024-07-17
CVE-2023-42010
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP response using man in the middle techniques. IBM X-Force ID: 265507.
CVSS Score
3.1
EPSS Score
0.001
Published
2024-07-17
CVE-2024-38447
NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request for a private draft report (that belongs to an arbitrary user).
CVSS Score
8.1
EPSS Score
0.001
Published
2024-07-17
CVE-2024-38446
NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the author of that report to an arbitrary user (without their consent or knowledge) via a modified UUID in a POST request.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-07-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved