Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2023
CVE-2023-39923
Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 7.2.7 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-10-03
CVE-2023-39989
Cross-Site Request Forgery (CSRF) vulnerability in 99robots Header Footer Code Manager plugin <= 1.1.34 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-10-03
CVE-2023-40210
Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoise IT) SB Child List plugin <= 4.5 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-10-03
CVE-2023-4098
It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-10-03
CVE-2023-4099
The QSige Monitor application does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application.
CVSS Score
7.6
EPSS Score
0.0
Published
2023-10-03
CVE-2023-4100
Allows an attacker to perform XSS attacks stored on certain resources. Exploiting this vulnerability can lead to a DoS condition, among other actions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-03
CVE-2023-4101
The QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-10-03
CVE-2022-47891
All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function.
CVSS Score
8.1
EPSS Score
0.001
Published
2023-10-03
CVE-2022-46841
Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Builder plugin <= 4.4 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-10-03
CVE-2023-0828
Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms.
CVSS Score
6.7
EPSS Score
0.003
Published
2023-10-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved