Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2022
CVE-2022-28851
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
CVSS Score
5.4
EPSS Score
0.124
Published
2022-09-30
CVE-2022-32540
Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. This is only applicable for UDP encryption when target system contains cameras with platform CPP13 or CPP14 and firmware version 8.x.
CVSS Score
7.4
EPSS Score
0.001
Published
2022-09-30
CVE-2021-36830
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Comment Guestbook plugin <= 0.8.0 at WordPress.
CVSS Score
4.8
EPSS Score
0.001
Published
2022-09-30
CVE-2021-36839
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Follow Buttons Bar plugin <= 4.73 at WordPress.
CVSS Score
4.8
EPSS Score
0.001
Published
2022-09-30
CVE-2021-36854
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking Ultra Pro plugin <= 1.1.4 at WordPress.
CVSS Score
5.4
EPSS Score
0.0
Published
2022-09-30
CVE-2021-36855
Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro plugin <= 1.1.4 at WordPress.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-09-30
CVE-2022-41439
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edituser.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-09-30
CVE-2022-41440
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editcategory.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-09-30
CVE-2022-23726
PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-09-30
CVE-2022-41437
Billing System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/createProduct.php.
CVSS Score
7.2
EPSS Score
0.012
Published
2022-09-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved