From 23d90bf44dca1c3bf0cde63cee8cb002ef27f3d6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 24 May 2025 23:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/5xxx/CVE-2025-5134.json | 109 +++++++++++++++++++++++++++++++++-- 2025/5xxx/CVE-2025-5135.json | 109 +++++++++++++++++++++++++++++++++-- 2025/5xxx/CVE-2025-5154.json | 18 ++++++ 2025/5xxx/CVE-2025-5155.json | 18 ++++++ 4 files changed, 246 insertions(+), 8 deletions(-) create mode 100644 2025/5xxx/CVE-2025-5154.json create mode 100644 2025/5xxx/CVE-2025-5155.json diff --git a/2025/5xxx/CVE-2025-5134.json b/2025/5xxx/CVE-2025-5134.json index 55ee72ab65d..70460440334 100644 --- a/2025/5xxx/CVE-2025-5134.json +++ b/2025/5xxx/CVE-2025-5134.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-5134", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic was found in Tmall Demo up to 20250505. Affected by this vulnerability is an unknown functionality of the component Buy Item Page. The manipulation of the argument Detailed Address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In Tmall Demo bis 20250505 wurde eine problematische Schwachstelle entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Komponente Buy Item Page. Mit der Manipulation des Arguments Detailed Address mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verf\u00fcgbar." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting", + "cweId": "CWE-79" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Code Injection", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tmall", + "product": { + "product_data": [ + { + "product_name": "Demo", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20250505" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.310213", + "refsource": "MISC", + "name": "https://vuldb.com/?id.310213" + }, + { + "url": "https://vuldb.com/?ctiid.310213", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.310213" + }, + { + "url": "https://vuldb.com/?submit.571939", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.571939" + }, + { + "url": "https://github.com/bdkuzma/vuln/issues/13", + "refsource": "MISC", + "name": "https://github.com/bdkuzma/vuln/issues/13" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "baihekuz (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2025/5xxx/CVE-2025-5135.json b/2025/5xxx/CVE-2025-5135.json index 1d3ef050da2..ca14bb34d6a 100644 --- a/2025/5xxx/CVE-2025-5135.json +++ b/2025/5xxx/CVE-2025-5135.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-5135", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, has been found in Tmall Demo up to 20250505. Affected by this issue is some unknown functionality of the file /tmall/admin/ of the component Product Details Page. The manipulation of the argument Product Name/Product Title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in Tmall Demo bis 20250505 entdeckt. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /tmall/admin/ der Komponente Product Details Page. Durch die Manipulation des Arguments Product Name/Product Title mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting", + "cweId": "CWE-79" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Code Injection", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tmall", + "product": { + "product_data": [ + { + "product_name": "Demo", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20250505" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.310214", + "refsource": "MISC", + "name": "https://vuldb.com/?id.310214" + }, + { + "url": "https://vuldb.com/?ctiid.310214", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.310214" + }, + { + "url": "https://vuldb.com/?submit.571941", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.571941" + }, + { + "url": "https://github.com/bdkuzma/vuln/issues/14", + "refsource": "MISC", + "name": "https://github.com/bdkuzma/vuln/issues/14" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "baihekuz (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 3.3, + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N" } ] } diff --git a/2025/5xxx/CVE-2025-5154.json b/2025/5xxx/CVE-2025-5154.json new file mode 100644 index 00000000000..8643fa23246 --- /dev/null +++ b/2025/5xxx/CVE-2025-5154.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-5154", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/5xxx/CVE-2025-5155.json b/2025/5xxx/CVE-2025-5155.json new file mode 100644 index 00000000000..87075c9336f --- /dev/null +++ b/2025/5xxx/CVE-2025-5155.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-5155", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file