Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2023
CVE-2023-4982
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0.
CVSS Score
9.8
EPSS Score
0.0
Published
2023-09-15
CVE-2023-39643
Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL injection vulnerability via the component SearchApiXml::Xmlfeeds().
CVSS Score
9.8
EPSS Score
0.001
Published
2023-09-15
CVE-2023-40984
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-09-15
CVE-2023-40985
An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-09-15
CVE-2023-40986
A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-09-15
CVE-2023-39639
LeoTheme leoblog up to v3.1.2 was discovered to contain a SQL injection vulnerability via the component LeoBlogBlog::getListBlogs.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-09-15
CVE-2023-39641
Active Design psaffiliate before v1.9.8 was discovered to contain a SQL injection vulnerability via the component PsaffiliateGetaffiliatesdetailsModuleFrontController::initContent().
CVSS Score
9.8
EPSS Score
0.002
Published
2023-09-15
CVE-2023-39642
Carts Guru cartsguru up to v2.4.2 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::display().
CVSS Score
9.8
EPSS Score
0.001
Published
2023-09-15
CVE-2023-40955
A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/base_client.py component.
CVSS Score
8.8
EPSS Score
0.019
Published
2023-09-15
CVE-2023-40956
A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated attacker to execute arbitrary code via the name parameter in controllers/main.py component.
CVSS Score
8.8
EPSS Score
0.009
Published
2023-09-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved