From 0d2595ff9ac348cc2e0b47cf19672fe803e15ee9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 14 Aug 2023 11:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/4xxx/CVE-2022-4115.json | 17 ++----- 2023/4xxx/CVE-2023-4321.json | 92 ++++++++++++++++++++++++++++++++++++ 2 files changed, 96 insertions(+), 13 deletions(-) create mode 100644 2023/4xxx/CVE-2023-4321.json diff --git a/2022/4xxx/CVE-2022-4115.json b/2022/4xxx/CVE-2022-4115.json index 0d14093a3eb..bd88648183b 100644 --- a/2022/4xxx/CVE-2022-4115.json +++ b/2022/4xxx/CVE-2022-4115.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The Editorial Calendar WordPress plugin through 3.7.12 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users." + "value": "The Editorial Calendar WordPress plugin before 3.8.3 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users." } ] }, @@ -39,18 +39,9 @@ "version": { "version_data": [ { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "status": "affected", - "versionType": "custom", - "version": "0", - "lessThanOrEqual": "3.7.12" - } - ], - "defaultStatus": "affected" - } + "version_affected": "<", + "version_name": "0", + "version_value": "3.8.3" } ] } diff --git a/2023/4xxx/CVE-2023-4321.json b/2023/4xxx/CVE-2023-4321.json new file mode 100644 index 00000000000..973a38f8141 --- /dev/null +++ b/2023/4xxx/CVE-2023-4321.json @@ -0,0 +1,92 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-4321", + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "cockpit-hq", + "product": { + "product_data": [ + { + "product_name": "cockpit-hq/cockpit", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "2.4.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.dev/bounties/fce38751-bfd6-484c-b6e1-935e0aa8ffdc", + "refsource": "MISC", + "name": "https://huntr.dev/bounties/fce38751-bfd6-484c-b6e1-935e0aa8ffdc" + }, + { + "url": "https://github.com/cockpit-hq/cockpit/commit/34ab31ee9362da51b9709e178469dbffd7717249", + "refsource": "MISC", + "name": "https://github.com/cockpit-hq/cockpit/commit/34ab31ee9362da51b9709e178469dbffd7717249" + } + ] + }, + "source": { + "advisory": "fce38751-bfd6-484c-b6e1-935e0aa8ffdc", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "baseScore": 8.3, + "baseSeverity": "HIGH" + } + ] + } +} \ No newline at end of file