From 0ba798a6edb11b8ebaf48eb03c853a6fa2e33607 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 5 Jan 2025 15:00:59 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/13xxx/CVE-2024-13141.json | 117 +++++++++++++++++++++++++++++++-- 1 file changed, 113 insertions(+), 4 deletions(-) diff --git a/2024/13xxx/CVE-2024-13141.json b/2024/13xxx/CVE-2024-13141.json index 2013987a76b..6d89e84a2e0 100644 --- a/2024/13xxx/CVE-2024-13141.json +++ b/2024/13xxx/CVE-2024-13141.json @@ -1,17 +1,126 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13141", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic was found in osuuu LightPicture up to 1.2.2. This vulnerability affects unknown code of the file /api/upload of the component SVG File Upload Handler. The manipulation of the argument file leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "In osuuu LightPicture bis 1.2.2 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /api/upload der Komponente SVG File Upload Handler. Dank der Manipulation des Arguments file mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting", + "cweId": "CWE-79" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Code Injection", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "osuuu", + "product": { + "product_data": [ + { + "product_name": "LightPicture", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.2.0" + }, + { + "version_affected": "=", + "version_value": "1.2.1" + }, + { + "version_affected": "=", + "version_value": "1.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.290224", + "refsource": "MISC", + "name": "https://vuldb.com/?id.290224" + }, + { + "url": "https://vuldb.com/?ctiid.290224", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.290224" + }, + { + "url": "https://vuldb.com/?submit.468645", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.468645" + }, + { + "url": "https://github.com/Hebing123/cve/issues/83", + "refsource": "MISC", + "name": "https://github.com/Hebing123/cve/issues/83" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "jiashenghe (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] }