Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2024
CVE-2024-50581
In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag
CVSS Score
4.6
EPSS Score
0.217
Published
2024-10-28
CVE-2024-50582
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements
CVSS Score
4.6
EPSS Score
0.217
Published
2024-10-28
CVE-2024-50573
In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services
CVSS Score
4.3
EPSS Score
0.0
Published
2024-10-28
CVE-2024-50574
In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality
CVSS Score
5.3
EPSS Score
0.0
Published
2024-10-28
CVE-2024-50575
In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API
CVSS Score
5.4
EPSS Score
0.079
Published
2024-10-28
CVE-2024-50576
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest
CVSS Score
4.6
EPSS Score
0.217
Published
2024-10-28
CVE-2024-50577
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings
CVSS Score
4.6
EPSS Score
0.165
Published
2024-10-28
CVE-2024-50497
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wdesco Advanced Online Ordering and Delivery Platform advanced-online-ordering-and-delivery-platform allows PHP Local File Inclusion.This issue affects Advanced Online Ordering and Delivery Platform: from n/a through <= 2.0.0.
CVSS Score
9.8
EPSS Score
0.021
Published
2024-10-28
CVE-2024-50501
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Climax Themes Kata Plus kata-plus allows DOM-Based XSS.This issue affects Kata Plus: from n/a through <= 1.4.7.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-10-28
CVE-2024-50502
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CozyThemes Cozy Blocks cozy-addons allows DOM-Based XSS.This issue affects Cozy Blocks: from n/a through <= 2.0.18.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-10-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved