Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2022
CVE-2022-25948
The package liquidjs before 10.0.0 are vulnerable to Information Exposure when ownPropertyOnly parameter is set to False, which results in leaking properties of a prototype. Workaround For versions 9.34.0 and higher, an option to disable this functionality is provided.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-12-22
CVE-2021-43657
A Stored Cross-site scripting (XSS) vulnerability via MAster.php in Sourcecodetester Simple Client Management System (SCMS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the vulnerable input fields.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-12-22
CVE-2022-43271
Inhabit Systems Pty Ltd Move CRM version 4, build 260 was discovered to contain a cross-site scripting (XSS) vulnerability via the User profile component.
CVSS Score
5.4
EPSS Score
0.012
Published
2022-12-22
CVE-2022-4646
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.5.4.
CVSS Score
5.3
EPSS Score
0.0
Published
2022-12-22
CVE-2022-4647
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.
CVSS Score
5.1
EPSS Score
0.002
Published
2022-12-22
CVE-2021-36631
Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVSS Score
6.7
EPSS Score
0.0
Published
2022-12-22
CVE-2022-4644
Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.4.
CVSS Score
5.9
EPSS Score
0.001
Published
2022-12-22
CVE-2022-3183
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does not sanitize the input provided by the user, which may expose the affected to an OS command injection vulnerability.
CVSS Score
9.8
EPSS Score
0.008
Published
2022-12-21
CVE-2022-3184
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the device’s existing firmware allows unauthenticated users to access an old PHP page vulnerable to directory traversal, which may allow a user to write a file to the webroot directory.
CVSS Score
9.8
EPSS Score
0.125
Published
2022-12-21
CVE-2022-3185
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product exposes sensitive data concerning the device.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-12-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved