From 112b7b489d12d55623a2a6077db7e1eef9f07868 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 9 Jun 2023 13:00:44 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/33xxx/CVE-2021-33621.json | 5 ++ 2022/28xxx/CVE-2022-28739.json | 113 ++++++++++++++++++++------------- 2023/2xxx/CVE-2023-2261.json | 92 +++++++++++++++++++++++++-- 2023/2xxx/CVE-2023-2284.json | 75 ++++++++++++++++++++-- 2023/2xxx/CVE-2023-2285.json | 75 ++++++++++++++++++++-- 2023/2xxx/CVE-2023-2286.json | 92 +++++++++++++++++++++++++-- 2023/3xxx/CVE-2023-3182.json | 18 ++++++ 2023/3xxx/CVE-2023-3183.json | 106 +++++++++++++++++++++++++++++++ 2023/3xxx/CVE-2023-3184.json | 101 +++++++++++++++++++++++++++++ 9 files changed, 617 insertions(+), 60 deletions(-) create mode 100644 2023/3xxx/CVE-2023-3182.json create mode 100644 2023/3xxx/CVE-2023-3183.json create mode 100644 2023/3xxx/CVE-2023-3184.json diff --git a/2021/33xxx/CVE-2021-33621.json b/2021/33xxx/CVE-2021-33621.json index 9ac814fa0e4..ebeb481b694 100644 --- a/2021/33xxx/CVE-2021-33621.json +++ b/2021/33xxx/CVE-2021-33621.json @@ -76,6 +76,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20221228-0004/", "url": "https://security.netapp.com/advisory/ntap-20221228-0004/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230609 [SECURITY] [DLA 3450-1] ruby2.5 security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html" } ] } diff --git a/2022/28xxx/CVE-2022-28739.json b/2022/28xxx/CVE-2022-28739.json index 3b6ba7fcfb8..3484e7f922c 100644 --- a/2022/28xxx/CVE-2022-28739.json +++ b/2022/28xxx/CVE-2022-28739.json @@ -1,9 +1,32 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-28739", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -27,29 +50,6 @@ ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, "references": { "reference_data": [ { @@ -58,39 +58,64 @@ "name": "https://hackerone.com/reports/1248108" }, { + "url": "https://security-tracker.debian.org/tracker/CVE-2022-28739", "refsource": "MISC", - "name": "https://security-tracker.debian.org/tracker/CVE-2022-28739", - "url": "https://security-tracker.debian.org/tracker/CVE-2022-28739" + "name": "https://security-tracker.debian.org/tracker/CVE-2022-28739" }, { - "refsource": "CONFIRM", - "name": "https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/", - "url": "https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/" + "url": "https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/", + "refsource": "MISC", + "name": "https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/" }, { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20220624-0002/", - "url": "https://security.netapp.com/advisory/ntap-20220624-0002/" + "url": "https://security.netapp.com/advisory/ntap-20220624-0002/", + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20220624-0002/" }, { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT213488", - "url": "https://support.apple.com/kb/HT213488" + "url": "https://support.apple.com/kb/HT213488", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT213488" }, { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT213494", - "url": "https://support.apple.com/kb/HT213494" + "url": "https://support.apple.com/kb/HT213494", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT213494" }, { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT213493", - "url": "https://support.apple.com/kb/HT213493" + "url": "https://support.apple.com/kb/HT213493", + "refsource": "MISC", + "name": "https://support.apple.com/kb/HT213493" }, { - "refsource": "FULLDISC", - "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", - "url": "http://seclists.org/fulldisclosure/2022/Oct/41" + "url": "http://seclists.org/fulldisclosure/2022/Oct/41", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2022/Oct/41" + }, + { + "url": "http://seclists.org/fulldisclosure/2022/Oct/28", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2022/Oct/28" + }, + { + "url": "http://seclists.org/fulldisclosure/2022/Oct/30", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2022/Oct/30" + }, + { + "url": "http://seclists.org/fulldisclosure/2022/Oct/29", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2022/Oct/29" + }, + { + "url": "http://seclists.org/fulldisclosure/2022/Oct/42", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2022/Oct/42" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html" } ] } diff --git a/2023/2xxx/CVE-2023-2261.json b/2023/2xxx/CVE-2023-2261.json index 4538b053828..1b3589f4866 100644 --- a/2023/2xxx/CVE-2023-2261.json +++ b/2023/2xxx/CVE-2023-2261.json @@ -1,17 +1,101 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2261", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_ajax_call function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of users with accounts on the site. This includes ids, usernames and emails." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wpwhitesecurity", + "product": { + "product_data": [ + { + "product_name": "WP Activity Log", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "4.5.0" + } + ] + } + }, + { + "product_name": "WP Activity Log Premium", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "4.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f51f0919-498e-4f86-a933-1b7f2c4a10a4?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f51f0919-498e-4f86-a933-1b7f2c4a10a4?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-security-audit-log/trunk/vendor/wpwhitesecurity/select2-wpwhitesecurity/load.php#L70", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wp-security-audit-log/trunk/vendor/wpwhitesecurity/select2-wpwhitesecurity/load.php#L70" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2911239%40wp-security-audit-log%2Ftrunk&old=2897171%40wp-security-audit-log%2Ftrunk&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2911239%40wp-security-audit-log%2Ftrunk&old=2897171%40wp-security-audit-log%2Ftrunk&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Marco Wotschka" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/2xxx/CVE-2023-2284.json b/2023/2xxx/CVE-2023-2284.json index bf8dbac84de..5f3f8c48dde 100644 --- a/2023/2xxx/CVE-2023-2284.json +++ b/2023/2xxx/CVE-2023-2284.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2284", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_switch_db function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level or higher to make changes to the plugin's settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wpwhitesecurity", + "product": { + "product_data": [ + { + "product_name": "WP Activity Log Premium", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "4.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e29fd6b-462a-42be-9a2a-b6717b20a937?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e29fd6b-462a-42be-9a2a-b6717b20a937?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2911239%40wp-security-audit-log%2Ftrunk&old=2897171%40wp-security-audit-log%2Ftrunk&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2911239%40wp-security-audit-log%2Ftrunk&old=2897171%40wp-security-audit-log%2Ftrunk&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Marco Wotschka" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/2xxx/CVE-2023-2285.json b/2023/2xxx/CVE-2023-2285.json index a091ca110a8..cd5a180fb0c 100644 --- a/2023/2xxx/CVE-2023-2285.json +++ b/2023/2xxx/CVE-2023-2285.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2285", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Activity Log Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_switch_db function. This makes it possible for unauthenticated attackers to make changes to the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wpwhitesecurity", + "product": { + "product_data": [ + { + "product_name": "WP Activity Log Premium", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "4.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4c659f6d-e02b-42ab-ba02-eb9b00602ad4?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4c659f6d-e02b-42ab-ba02-eb9b00602ad4?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2911239%40wp-security-audit-log%2Ftrunk&old=2897171%40wp-security-audit-log%2Ftrunk&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2911239%40wp-security-audit-log%2Ftrunk&old=2897171%40wp-security-audit-log%2Ftrunk&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Marco Wotschka" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/2xxx/CVE-2023-2286.json b/2023/2xxx/CVE-2023-2286.json index 465c03b7a56..3f7cef05224 100644 --- a/2023/2xxx/CVE-2023-2286.json +++ b/2023/2xxx/CVE-2023-2286.json @@ -1,17 +1,101 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2286", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_run_cleanup function. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wpwhitesecurity", + "product": { + "product_data": [ + { + "product_name": "WP Activity Log", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "4.5.0" + } + ] + } + }, + { + "product_name": "WP Activity Log Premium", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "4.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2008e0b-32c6-46fb-93b9-2b0004f478e8?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2008e0b-32c6-46fb-93b9-2b0004f478e8?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-security-audit-log/trunk/classes/Views/Settings.php#L278", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wp-security-audit-log/trunk/classes/Views/Settings.php#L278" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2911239%40wp-security-audit-log%2Ftrunk&old=2897171%40wp-security-audit-log%2Ftrunk&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2911239%40wp-security-audit-log%2Ftrunk&old=2897171%40wp-security-audit-log%2Ftrunk&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Marco Wotschka" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/3xxx/CVE-2023-3182.json b/2023/3xxx/CVE-2023-3182.json new file mode 100644 index 00000000000..71bbd0cf139 --- /dev/null +++ b/2023/3xxx/CVE-2023-3182.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-3182", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3183.json b/2023/3xxx/CVE-2023-3183.json new file mode 100644 index 00000000000..4953af1590a --- /dev/null +++ b/2023/3xxx/CVE-2023-3183.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-3183", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in SourceCodester Performance Indicator System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addproduct.php. The manipulation of the argument prodname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231163." + }, + { + "lang": "deu", + "value": "In SourceCodester Performance Indicator System 1.0 wurde eine problematische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /admin/addproduct.php. Durch das Beeinflussen des Arguments prodname mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Performance Indicator System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.231163", + "refsource": "MISC", + "name": "https://vuldb.com/?id.231163" + }, + { + "url": "https://vuldb.com/?ctiid.231163", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.231163" + }, + { + "url": "https://github.com/wenwochunfeng/bugReport/blob/main/XSS.md", + "refsource": "MISC", + "name": "https://github.com/wenwochunfeng/bugReport/blob/main/XSS.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "BaiXiJun (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3184.json b/2023/3xxx/CVE-2023-3184.json new file mode 100644 index 00000000000..14fc3e77708 --- /dev/null +++ b/2023/3xxx/CVE-2023-3184.json @@ -0,0 +1,101 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-3184", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-231164." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in SourceCodester Sales Tracker Management System 1.0 ausgemacht. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /classes/Users.php?f=save. Durch Beeinflussen des Arguments firstname/middlename/lastname/username mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Sales Tracker Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.231164", + "refsource": "MISC", + "name": "https://vuldb.com/?id.231164" + }, + { + "url": "https://vuldb.com/?ctiid.231164", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.231164" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Affan (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 3.3, + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file