Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2023
CVE-2023-36016
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVSS Score
6.2
EPSS Score
0.002
Published
2023-11-14
CVE-2023-28002
An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesystem integrity check in place.
CVSS Score
6.4
EPSS Score
0.0
Published
2023-11-14
CVE-2023-26205
An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script.
CVSS Score
8.1
EPSS Score
0.002
Published
2023-11-14
CVE-2023-48094
A cross-site scripting (XSS) vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim's browser via sending a crafted payload to /container_files/public_html/doc/index.html. NOTE: the vendor’s position is that Apps/Sandcastle/standalone.html is part of the CesiumGS/cesium GitHub repository, but is demo code that is not part of the CesiumJS JavaScript library product.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-11-14
CVE-2023-6130
Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-11-14
CVE-2023-6131
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-11-14
CVE-2023-47659
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <= 1.1.34 versions.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-11-14
CVE-2023-47660
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Wham Product Visibility by Country for WooCommerce plugin <= 1.4.9 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-11-14
CVE-2023-6127
Unrestricted Upload of File with Dangerous Type in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-11-14
CVE-2023-6128
Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVSS Score
6.8
EPSS Score
0.002
Published
2023-11-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved