Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2024
CVE-2024-6892
Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application.
CVSS Score
6.1
EPSS Score
0.06
Published
2024-08-08
CVE-2024-6893
The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources.
CVSS Score
7.5
EPSS Score
0.914
Published
2024-08-08
CVE-2024-6706
Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-08-07
CVE-2024-6707
Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-08-07
CVE-2024-6890
Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-08-07
CVE-2024-41912
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly implement access controls.
CVSS Score
9.8
EPSS Score
0.008
Published
2024-08-07
CVE-2024-41237
A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-08-07
CVE-2024-41239
A Stored Cross Site Scripting (XSS) vulnerability was found in "/smsa/add_class_submit.php" in Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "class_name" parameter field.
CVSS Score
4.8
EPSS Score
0.002
Published
2024-08-07
CVE-2024-41240
A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/teacher_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via the "error" parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-08-07
CVE-2024-41241
A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/admin_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-08-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved