Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2019
CVE-2017-18599
The Pinfinity theme before 2.0 for WordPress has XSS via the s parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-10
CVE-2017-18596
The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions.
CVSS Score
8.8
EPSS Score
0.006
Published
2019-09-10
CVE-2017-18597
The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter.
CVSS Score
8.8
EPSS Score
0.006
Published
2019-09-10
CVE-2017-18598
The Qards plugin through 2017-10-11 for WordPress has XSS via a remote document specified in the url parameter to html2canvasproxy.php.
CVSS Score
6.1
EPSS Score
0.021
Published
2019-09-10
CVE-2019-16186
In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions.
CVSS Score
7.2
EPSS Score
0.003
Published
2019-09-09
CVE-2019-16187
Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnly flag, which allows attackers to access a cookie value via a client-side script.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-09-09
CVE-2019-16192
upload_model() in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote attackers to execute arbitrary PHP code through module management files, as demonstrated by a .php file in a ZIP archive.
CVSS Score
9.8
EPSS Score
0.008
Published
2019-09-09
CVE-2019-6791
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 3 of 3). When a project with visibility more permissive than the target group is imported, it will retain its prior visibility.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-09-09
CVE-2019-7176
An issue was discovered in GitLab Community and Enterprise Edition 8.x (starting in 8.9), 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility.
CVSS Score
3.7
EPSS Score
0.001
Published
2019-09-09
CVE-2019-16145
The breadcrumbs contributed module through 0.2.0 for Padrino Framework allows XSS via a caption.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved