Shodan
Vulnerabilities
Vulnerable Software
Flowpaper:  Security Vulnerabilities
CVE-2023-5200
The flowpaper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'flipbook' shortcode in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.001
Published
2023-10-20
CVE-2023-40197
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Devaldi Ltd flowpaper plugin <= 1.9.9 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-09-04
CVE-2020-23878
pdf2json v0.71 was discovered to contain a stack buffer overflow in the component XRef::fetch.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-11-10
CVE-2020-23879
pdf2json v0.71 was discovered to contain a NULL pointer dereference in the component ObjectStream::getObject.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-11-10
CVE-2020-19463
An issue has been found in function vfprintf in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a stack overflow.
CVSS Score
5.5
EPSS Score
0.003
Published
2021-07-21
CVE-2020-19464
An issue has been found in function XRef::fetch in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a stack overflow .
CVSS Score
5.5
EPSS Score
0.003
Published
2021-07-21
CVE-2020-19465
An issue has been found in function ObjectStream::getObject in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid read of size 4 .
CVSS Score
5.5
EPSS Score
0.001
Published
2021-07-21
CVE-2020-19466
An issue has been found in function DCTStream::transformDataUnit in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid read of size 1 .
CVSS Score
5.5
EPSS Score
0.001
Published
2021-07-21
CVE-2020-19467
An issue has been found in function DCTStream::transformDataUnit in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an Illegal Use After Free .
CVSS Score
5.5
EPSS Score
0.001
Published
2021-07-21
CVE-2020-19468
An issue has been found in function EmbedStream::getChar in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a null pointer derefenrece (invalid read of size 8) .
CVSS Score
5.5
EPSS Score
0.001
Published
2021-07-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved