Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2017
CVE-2017-15212
In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user.
CVSS Score
4.3
EPSS Score
0.003
Published
2017-10-11
CVE-2017-15213
Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-10-11
CVE-2017-15214
Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php.
CVSS Score
5.4
EPSS Score
0.006
Published
2017-10-11
CVE-2017-15215
Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global settings or add/delete links. It is also possible to execute JavaScript against unauthenticated users.
CVSS Score
6.1
EPSS Score
0.01
Published
2017-10-11
CVE-2017-15188
A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admin_device/index.php.
CVSS Score
4.8
EPSS Score
0.002
Published
2017-10-11
CVE-2017-15194
include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-10-11
CVE-2017-15195
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.
CVSS Score
4.3
EPSS Score
0.005
Published
2017-10-11
CVE-2017-15196
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.
CVSS Score
4.3
EPSS Score
0.005
Published
2017-10-11
CVE-2017-15197
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.
CVSS Score
4.3
EPSS Score
0.005
Published
2017-10-11
CVE-2017-15198
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user.
CVSS Score
4.3
EPSS Score
0.007
Published
2017-10-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved