Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2021
CVE-2020-19151
Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'.
CVSS Score
8.8
EPSS Score
0.017
Published
2021-09-15
CVE-2020-19154
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileManagerController.java'.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-09-15
CVE-2020-19155
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'.
CVSS Score
8.8
EPSS Score
0.033
Published
2021-09-15
CVE-2020-19156
Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save()' function is called.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-09-15
CVE-2020-19157
Cross Site Scripting (CSS) in Wenku CMS v3.4 allows remote attackers to execute arbitrary code via the 'Intro' parameter for the component '/index.php?m=ucenter&a=index'.
CVSS Score
6.1
EPSS Score
0.005
Published
2021-09-15
CVE-2020-19158
Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-09-15
CVE-2020-19159
Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component '/index.php?module=member&action=add'.
CVSS Score
8.8
EPSS Score
0.008
Published
2021-09-15
CVE-2021-21798
An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger the vulnerability.
CVSS Score
8.8
EPSS Score
0.403
Published
2021-09-15
CVE-2021-38156
In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard.
CVSS Score
5.4
EPSS Score
0.86
Published
2021-09-15
CVE-2021-39189
Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-09-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved