diff --git a/2023/50xxx/CVE-2023-50070.json b/2023/50xxx/CVE-2023-50070.json index 3073ff7f60e..26c3e3b826b 100644 --- a/2023/50xxx/CVE-2023-50070.json +++ b/2023/50xxx/CVE-2023-50070.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-50070", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-50070", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/geraldoalcantara/CVE-2023-50070", + "url": "https://github.com/geraldoalcantara/CVE-2023-50070" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@geraldoalcantarapro/cve-2023-50070-1f58c2a64b1c", + "url": "https://medium.com/@geraldoalcantarapro/cve-2023-50070-1f58c2a64b1c" } ] } diff --git a/2023/50xxx/CVE-2023-50071.json b/2023/50xxx/CVE-2023-50071.json index c65491e8bde..ec86d37892a 100644 --- a/2023/50xxx/CVE-2023-50071.json +++ b/2023/50xxx/CVE-2023-50071.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-50071", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-50071", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/geraldoalcantara/CVE-2023-50071", + "url": "https://github.com/geraldoalcantara/CVE-2023-50071" + }, + { + "refsource": "MISC", + "name": "https://medium.com/@geraldoalcantarapro/cve-2023-50071-a20767cb3c7b", + "url": "https://medium.com/@geraldoalcantarapro/cve-2023-50071-a20767cb3c7b" } ] } diff --git a/2023/52xxx/CVE-2023-52240.json b/2023/52xxx/CVE-2023-52240.json new file mode 100644 index 00000000000..5b1670dd6fc --- /dev/null +++ b/2023/52xxx/CVE-2023-52240.json @@ -0,0 +1,87 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2023-52240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 through 4.14.8 before 4.14.9, 5.0.0 through 5.11.4 before 5.11.5, and 6.0.0 through 6.19.0 before 6.20.0. The full product names are Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server (Kantega SSO Enterprise), and Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server (Kantega SSO Enterprise). (Here, FeCru refers to the Atlassian Fisheye and Crucible products running together.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/1226473473/Security+Vulnerability+HTML+injection+Cross-site+scripting+in+SAML+POST+binding+Kantega+SSO+Enterprise", + "refsource": "MISC", + "name": "https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/1226473473/Security+Vulnerability+HTML+injection+Cross-site+scripting+in+SAML+POST+binding+Kantega+SSO+Enterprise" + }, + { + "url": "https://marketplace.atlassian.com/apps/1211923/kantega-saml-sso-oidc-kerberos-single-sign-on-for-jira?hosting=datacenter&tab=versions", + "refsource": "MISC", + "name": "https://marketplace.atlassian.com/apps/1211923/kantega-saml-sso-oidc-kerberos-single-sign-on-for-jira?hosting=datacenter&tab=versions" + }, + { + "url": "https://marketplace.atlassian.com/apps/1212126/kantega-saml-sso-oidc-kerberos-single-sign-on-for-confluence?hosting=datacenter&tab=overview", + "refsource": "MISC", + "name": "https://marketplace.atlassian.com/apps/1212126/kantega-saml-sso-oidc-kerberos-single-sign-on-for-confluence?hosting=datacenter&tab=overview" + }, + { + "url": "https://marketplace.atlassian.com/apps/1213019/kantega-saml-sso-oidc-kerberos-single-sign-on-for-bitbucket?hosting=datacenter&tab=overview", + "refsource": "MISC", + "name": "https://marketplace.atlassian.com/apps/1213019/kantega-saml-sso-oidc-kerberos-single-sign-on-for-bitbucket?hosting=datacenter&tab=overview" + }, + { + "url": "https://marketplace.atlassian.com/apps/1215262/kantega-saml-sso-oidc-kerberos-single-sign-on-for-bamboo?hosting=datacenter&tab=overview", + "refsource": "MISC", + "name": "https://marketplace.atlassian.com/apps/1215262/kantega-saml-sso-oidc-kerberos-single-sign-on-for-bamboo?hosting=datacenter&tab=overview" + }, + { + "url": "https://marketplace.atlassian.com/apps/1215263/kantega-saml-sso-oidc-kerberos-single-sign-on-for-fecru?hosting=server&tab=overview", + "refsource": "MISC", + "name": "https://marketplace.atlassian.com/apps/1215263/kantega-saml-sso-oidc-kerberos-single-sign-on-for-fecru?hosting=server&tab=overview" + } + ] + } +} \ No newline at end of file