Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2023
CVE-2023-43789
A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-10-12
CVE-2023-5045
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Kayisi allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Kayisi: before 1286.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-10-12
CVE-2023-5046
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Procost: before 1390.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-10-12
CVE-2023-5555
Cross-site Scripting (XSS) - Generic in GitHub repository frappe/lms prior to 5614a6203fb7d438be8e2b1e3030e4528d170ec4.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-10-12
CVE-2023-5556
Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194.
CVSS Score
5.3
EPSS Score
0.202
Published
2023-10-12
CVE-2023-5554
Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to 13.16.0.
CVSS Score
4.8
EPSS Score
0.001
Published
2023-10-12
CVE-2023-45047
Cross-Site Request Forgery (CSRF) vulnerability in LeadSquared, Inc LeadSquared Suite plugin <= 0.7.4 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-10-12
CVE-2023-5470
The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'etsy-shop' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.001
Published
2023-10-12
CVE-2023-32722
The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.
CVSS Score
9.6
EPSS Score
0.003
Published
2023-10-12
CVE-2023-32723
Request to LDAP is sent before user permissions are checked.
CVSS Score
8.5
EPSS Score
0.001
Published
2023-10-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved