Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2024
CVE-2024-46934
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting (XSS). Attackers may be able to abuse the UpdateOTRAck method to forge a message that contains an XSS payload.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-09-25
CVE-2024-46935
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS). Attackers who craft messages with specific characters may crash the workspace due to an issue in the message parser.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-09-25
CVE-2024-47048
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier allows stored XSS in the description and release notes of the marketplace and private apps.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-09-25
CVE-2024-43692
An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-09-25
CVE-2024-43693
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands.
CVSS Score
10.0
EPSS Score
0.004
Published
2024-09-25
CVE-2024-45066
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands.
CVSS Score
10.0
EPSS Score
0.004
Published
2024-09-25
CVE-2024-45373
Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-09-25
CVE-2024-42797
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries.
CVSS Score
9.8
EPSS Score
0.008
Published
2024-09-25
CVE-2024-43423
The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-09-25
CVE-2024-41725
ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input fields that are used to render pages which may allow cross site scripting.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-09-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved