From 15169fe5290afbbc95315d8fbf7887f556c4f270 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 7 Jan 2025 23:01:06 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/13xxx/CVE-2024-13183.json | 18 +++++++ 2025/0xxx/CVE-2025-0318.json | 18 +++++++ 2025/22xxx/CVE-2025-22132.json | 90 ++++++++++++++++++++++++++++++++-- 2025/22xxx/CVE-2025-22133.json | 90 ++++++++++++++++++++++++++++++++-- 2025/22xxx/CVE-2025-22828.json | 18 +++++++ 5 files changed, 226 insertions(+), 8 deletions(-) create mode 100644 2024/13xxx/CVE-2024-13183.json create mode 100644 2025/0xxx/CVE-2025-0318.json create mode 100644 2025/22xxx/CVE-2025-22828.json diff --git a/2024/13xxx/CVE-2024-13183.json b/2024/13xxx/CVE-2024-13183.json new file mode 100644 index 00000000000..026a7c68eb6 --- /dev/null +++ b/2024/13xxx/CVE-2024-13183.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13183", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0318.json b/2025/0xxx/CVE-2025-0318.json new file mode 100644 index 00000000000..bddbf01daae --- /dev/null +++ b/2025/0xxx/CVE-2025-0318.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0318", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/22xxx/CVE-2025-22132.json b/2025/22xxx/CVE-2025-22132.json index ce7f7106b90..64d31d7bcfd 100644 --- a/2025/22xxx/CVE-2025-22132.json +++ b/2025/22xxx/CVE-2025-22132.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-22132", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WeGIA is a web manager for charitable institutions. A Cross-Site Scripting (XSS) vulnerability was identified in the file upload functionality of the WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint. By uploading a file containing malicious JavaScript code, an attacker can execute arbitrary scripts in the context of a victim's browser. This can lead to information theft, session hijacking, and other forms of client-side exploitation. This vulnerability is fixed in 3.2.7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-434: Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "nilsonLazarin", + "product": { + "product_data": [ + { + "product_name": "WeGIA", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.2.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nilsonLazarin/WeGIA/security/advisories/GHSA-h8hr-jhcx-fcv9", + "refsource": "MISC", + "name": "https://github.com/nilsonLazarin/WeGIA/security/advisories/GHSA-h8hr-jhcx-fcv9" + }, + { + "url": "https://github.com/nilsonLazarin/WeGIA/commit/330f641db43cfb0c8ea8bb6025cc0732de4d4d6b", + "refsource": "MISC", + "name": "https://github.com/nilsonLazarin/WeGIA/commit/330f641db43cfb0c8ea8bb6025cc0732de4d4d6b" + } + ] + }, + "source": { + "advisory": "GHSA-h8hr-jhcx-fcv9", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L", + "version": "3.1" } ] } diff --git a/2025/22xxx/CVE-2025-22133.json b/2025/22xxx/CVE-2025-22133.json index b183c552e85..568cb7c5234 100644 --- a/2025/22xxx/CVE-2025-22133.json +++ b/2025/22xxx/CVE-2025-22133.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-22133", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WeGIA is a web manager for charitable institutions. Prior to 3.2.8, a critical vulnerability was identified in the /WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint. The endpoint accepts file uploads without proper validation, allowing the upload of malicious files, such as .phar, which can then be executed by the server. This vulnerability is fixed in 3.2.8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-434: Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "nilsonLazarin", + "product": { + "product_data": [ + { + "product_name": "WeGIA", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.2.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nilsonLazarin/WeGIA/security/advisories/GHSA-mjgr-2jxv-v8qf", + "refsource": "MISC", + "name": "https://github.com/nilsonLazarin/WeGIA/security/advisories/GHSA-mjgr-2jxv-v8qf" + }, + { + "url": "https://github.com/nilsonLazarin/WeGIA/commit/a08f04de96d3caec85496d7a89a5b82d1960d9dd", + "refsource": "MISC", + "name": "https://github.com/nilsonLazarin/WeGIA/commit/a08f04de96d3caec85496d7a89a5b82d1960d9dd" + } + ] + }, + "source": { + "advisory": "GHSA-mjgr-2jxv-v8qf", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/22xxx/CVE-2025-22828.json b/2025/22xxx/CVE-2025-22828.json new file mode 100644 index 00000000000..dbcdd78752f --- /dev/null +++ b/2025/22xxx/CVE-2025-22828.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-22828", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file