Shodan
Vulnerabilities
Vulnerable Software
Litespeedtech:  Security Vulnerabilities
CVE-2023-45000
Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache.This issue affects LiteSpeed Cache: from n/a through 5.7.
CVSS Score
8.2
EPSS Score
0.003
Published
2024-04-16
CVE-2024-25678
In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-09
CVE-2023-4372
The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi' shortcode in versions up to, and including, 5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.015
Published
2024-01-11
CVE-2023-40518
LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-08-14
CVE-2022-46800
Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache plugin <= 5.3 versions.
CVSS Score
5.4
EPSS Score
0.0
Published
2023-05-25
CVE-2022-0072
Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1
CVSS Score
5.8
EPSS Score
0.002
Published
2022-10-27
CVE-2022-0073
Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1.
CVSS Score
8.8
EPSS Score
0.005
Published
2022-10-27
CVE-2022-0074
Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-10-27
CVE-2022-30592
liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY.
CVSS Score
9.8
EPSS Score
0.348
Published
2022-05-11
CVE-2021-24963
The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the qc_res parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scripting
CVSS Score
4.8
EPSS Score
0.002
Published
2022-01-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved