Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2022
CVE-2022-41978
Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress.
CVSS Score
8.8
EPSS Score
0.006
Published
2022-11-09
CVE-2022-43118
A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-11-09
CVE-2022-43119
A cross-site scripting (XSS) vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-11-09
CVE-2022-43120
A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-11-09
CVE-2022-43121
A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-11-09
CVE-2022-43277
Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ip/youthappam/php_action/editFile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-11-09
CVE-2022-43278
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the categoriesId parameter at /php_action/fetchSelectedCategories.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-11-09
CVE-2022-43488
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to rule type migration.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-11-09
CVE-2021-34568
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-11-09
CVE-2021-34569
In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-11-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved