From 05de73d934892805fb5f8ef6d75c11bb06aa26eb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 10 Nov 2021 07:01:01 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/42xxx/CVE-2021-42662.json | 71 +++++++++++++++++++++++++++++++--- 2021/42xxx/CVE-2021-42664.json | 71 +++++++++++++++++++++++++++++++--- 2 files changed, 130 insertions(+), 12 deletions(-) diff --git a/2021/42xxx/CVE-2021-42662.json b/2021/42xxx/CVE-2021-42662.json index 253a6309e8a..f293d5203e4 100644 --- a/2021/42xxx/CVE-2021-42662.json +++ b/2021/42xxx/CVE-2021-42662.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42662", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42662", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164615/Online-Event-Booking-And-Reservation-System-1.0-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/164615/Online-Event-Booking-And-Reservation-System-1.0-Cross-Site-Scripting.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/TheHackingRabbi/CVE-2021-42662", + "url": "https://github.com/TheHackingRabbi/CVE-2021-42662" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/50450", + "url": "https://www.exploit-db.com/exploits/50450" } ] } diff --git a/2021/42xxx/CVE-2021-42664.json b/2021/42xxx/CVE-2021-42664.json index 830472da535..348d7490dfb 100644 --- a/2021/42xxx/CVE-2021-42664.json +++ b/2021/42xxx/CVE-2021-42664.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42664", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42664", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164618/Engineers-Online-Portal-1.0-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/164618/Engineers-Online-Portal-1.0-SQL-Injection.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/TheHackingRabbi/CVE-2021-42664", + "url": "https://github.com/TheHackingRabbi/CVE-2021-42664" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/50451", + "url": "https://www.exploit-db.com/exploits/50451" } ] }