Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2022
CVE-2021-24777
The view submission functionality in the Hotscot Contact Form WordPress plugin before 1.3 makes a get request with the sub_id parameter which not sanitised, escaped or validated before inserting to a SQL statement, leading to an SQL injection.
CVSS Score
7.2
EPSS Score
0.006
Published
2022-03-07
CVE-2021-24778
The test parameter of the xmlfeed in the Tradetracker-Store WordPress plugin before 4.6.60 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
CVSS Score
7.2
EPSS Score
0.006
Published
2022-03-07
CVE-2021-24810
The WP Event Manager WordPress plugin before 3.1.23 does not escape some of its Field Editor settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
CVSS Score
4.8
EPSS Score
0.002
Published
2022-03-07
CVE-2022-0766
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-03-07
CVE-2022-0767
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
CVSS Score
9.1
EPSS Score
0.002
Published
2022-03-07
CVE-2022-0697
Open Redirect in GitHub repository archivy/archivy prior to 1.7.0.
CVSS Score
3.4
EPSS Score
0.002
Published
2022-03-06
CVE-2021-44748
A vulnerability affecting F-Secure SAFE browser was discovered whereby browsers loads images automatically this vulnerability can be exploited remotely by an attacker to execute the JavaScript can be used to trigger universal cross-site scripting through the browser. User interaction is required prior to exploitation, such as entering a malicious website to trigger the vulnerability.
CVSS Score
5.5
EPSS Score
0.003
Published
2022-03-06
CVE-2021-44749
A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling can be triggered to cause universal cross-site scripting through browsing protection in a SAFE web browser. User interaction is required prior to exploitation. A successful exploitation may lead to arbitrary code execution.
CVSS Score
5.5
EPSS Score
0.006
Published
2022-03-06
CVE-2022-0868
Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10.
CVSS Score
8.0
EPSS Score
0.003
Published
2022-03-06
CVE-2022-0869
Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.
CVSS Score
4.3
EPSS Score
0.074
Published
2022-03-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved