Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2022
CVE-2021-45467
In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/account_new_create&acc=guadaapi URI. Any number of %00 instances can be used, e.g., .%00%00%00./.%00%00%00./api/account_new_create could also be used for the scripts parameter.
CVSS Score
9.8
EPSS Score
0.172
Published
2022-12-26
CVE-2022-24116
Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before 8.3.0.
CVSS Score
9.8
EPSS Score
0.0
Published
2022-12-26
CVE-2022-24117
Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-12-26
CVE-2022-29852
OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked.
CVSS Score
5.4
EPSS Score
0.006
Published
2022-12-26
CVE-2022-29853
OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message.
CVSS Score
5.4
EPSS Score
0.006
Published
2022-12-26
CVE-2022-37309
OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name.
CVSS Score
6.1
EPSS Score
0.006
Published
2022-12-26
CVE-2022-37310
OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI.
CVSS Score
6.1
EPSS Score
0.006
Published
2022-12-26
CVE-2022-37308
OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages.
CVSS Score
6.1
EPSS Score
0.006
Published
2022-12-26
CVE-2022-31469
OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI.
CVSS Score
6.1
EPSS Score
0.006
Published
2022-12-26
CVE-2022-37307
OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature.
CVSS Score
6.1
EPSS Score
0.009
Published
2022-12-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved