Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2023
CVE-2023-48828
Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-12-07
CVE-2023-43303
An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVSS Score
8.2
EPSS Score
0.002
Published
2023-12-07
CVE-2023-43304
An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVSS Score
8.2
EPSS Score
0.002
Published
2023-12-07
CVE-2023-48205
Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-12-07
CVE-2023-48206
A Cross Site Scripting (XSS) vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-12-07
CVE-2023-48207
Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-12-07
CVE-2023-48208
A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-12-07
CVE-2023-43299
An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-12-07
CVE-2023-43300
An issue in urban_project mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVSS Score
8.2
EPSS Score
0.002
Published
2023-12-07
CVE-2023-43301
An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVSS Score
8.2
EPSS Score
0.002
Published
2023-12-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved