Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2019
CVE-2019-17495
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method.
CVSS Score
9.8
EPSS Score
0.149
Published
2019-10-10
CVE-2019-17489
Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-10
CVE-2019-17490
app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content type) to the web/polygon/problem/tests URI.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-10-10
CVE-2019-17491
Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[description] parameter to web/admin/problem/create or web/polygon/problem/update.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-10
CVE-2019-17493
Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_input] parameter to web/admin/problem/create or web/polygon/problem/update.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-10
CVE-2019-17494
laravel-bjyblog 6.1.1 has XSS via a crafted URL.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-10-10
CVE-2019-17386
The animate-it plugin before 2.3.6 for WordPress has CSRF in edsanimate.php.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-10-10
CVE-2019-17488
b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-10-10
CVE-2019-11527
An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is vulnerable to command injection with a maliciously crafted url parameter.
CVSS Score
8.8
EPSS Score
0.092
Published
2019-10-10
CVE-2019-11528
An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-10-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved