Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2021
CVE-2020-20344
WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the keyword search function under the background articles module.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-09-01
CVE-2020-20345
WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered into the search box.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-09-01
CVE-2020-20347
WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the source field under the article management module.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-09-01
CVE-2020-20348
WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link field under the background menu management module.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-09-01
CVE-2020-20349
WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link address field under the background links module.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-09-01
CVE-2021-39186
GlobalNewFiles is a MediaWiki extension maintained by Miraheze. Prior to commit number cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d, the username column of the GlobalNewFiles special page is vulnerable to a stored XSS. Commit number cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d contains a patch. As a workaround, one may disallow <,> (or other characters required to insert html/js) from being used in account names so an XSS is not possible.
CVSS Score
4.3
EPSS Score
0.003
Published
2021-09-01
CVE-2021-40385
An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is a privilege escalation from read-only user to admin.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-09-01
CVE-2021-40387
An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is authenticated remote code execution.
CVSS Score
8.8
EPSS Score
0.057
Published
2021-09-01
CVE-2020-20340
A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-09-01
CVE-2020-20341
YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-09-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved