diff --git a/2022/4xxx/CVE-2022-4115.json b/2022/4xxx/CVE-2022-4115.json index 0d14093a3eb..bd88648183b 100644 --- a/2022/4xxx/CVE-2022-4115.json +++ b/2022/4xxx/CVE-2022-4115.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The Editorial Calendar WordPress plugin through 3.7.12 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users." + "value": "The Editorial Calendar WordPress plugin before 3.8.3 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users." } ] }, @@ -39,18 +39,9 @@ "version": { "version_data": [ { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "status": "affected", - "versionType": "custom", - "version": "0", - "lessThanOrEqual": "3.7.12" - } - ], - "defaultStatus": "affected" - } + "version_affected": "<", + "version_name": "0", + "version_value": "3.8.3" } ] } diff --git a/2023/4xxx/CVE-2023-4321.json b/2023/4xxx/CVE-2023-4321.json new file mode 100644 index 00000000000..973a38f8141 --- /dev/null +++ b/2023/4xxx/CVE-2023-4321.json @@ -0,0 +1,92 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-4321", + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "cockpit-hq", + "product": { + "product_data": [ + { + "product_name": "cockpit-hq/cockpit", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "2.4.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.dev/bounties/fce38751-bfd6-484c-b6e1-935e0aa8ffdc", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/fce38751-bfd6-484c-b6e1-935e0aa8ffdc" + }, + { + "url": "https://github.com/cockpit-hq/cockpit/commit/34ab31ee9362da51b9709e178469dbffd7717249", + "refsource": "MISC", + "name": "https://github.com/cockpit-hq/cockpit/commit/34ab31ee9362da51b9709e178469dbffd7717249" + } + ] + }, + "source": { + "advisory": "fce38751-bfd6-484c-b6e1-935e0aa8ffdc", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "baseScore": 8.3, + "baseSeverity": "HIGH" + } + ] + } +} \ No newline at end of file