From 2a4adfd43eb61fbcc53f2df064ace3d25a642525 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 21 Dec 2024 06:00:55 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/11xxx/CVE-2024-11977.json | 76 ++++++++++++++++++++-- 2024/12xxx/CVE-2024-12846.json | 113 +++++++++++++++++++++++++++++++-- 2 files changed, 181 insertions(+), 8 deletions(-) diff --git a/2024/11xxx/CVE-2024-11977.json b/2024/11xxx/CVE-2024-11977.json index a727387ee4d..55e7b3a0c10 100644 --- a/2024/11xxx/CVE-2024-11977.json +++ b/2024/11xxx/CVE-2024-11977.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11977", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The The kk Star Ratings \u2013 Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "collizo4sky", + "product": { + "product_data": [ + { + "product_name": "kk Star Ratings \u2013 Rate Post & Collect User Feedbacks", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "5.4.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5dea49fb-2703-4754-9abd-5f4e526d5570?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5dea49fb-2703-4754-9abd-5f4e526d5570?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/kk-star-ratings/tags/5.4.9/src/core/wp/actions/wp_ajax_kk-star-ratings.php#L84", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/kk-star-ratings/tags/5.4.9/src/core/wp/actions/wp_ajax_kk-star-ratings.php#L84" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Michael Mazzolini" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH" } ] } diff --git a/2024/12xxx/CVE-2024-12846.json b/2024/12xxx/CVE-2024-12846.json index a25a0b29ca3..2eeec6627af 100644 --- a/2024/12xxx/CVE-2024-12846.json +++ b/2024/12xxx/CVE-2024-12846.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12846", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, has been found in Emlog Pro up to 2.4.1. Affected by this issue is some unknown functionality of the file /admin/link.php. The manipulation of the argument siteurl/icon leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in Emlog Pro bis 2.4.1 entdeckt. Dies betrifft einen unbekannten Teil der Datei /admin/link.php. Mit der Manipulation des Arguments siteurl/icon mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting", + "cweId": "CWE-79" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Code Injection", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Emlog Pro", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.4.0" + }, + { + "version_affected": "=", + "version_value": "2.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.289082", + "refsource": "MISC", + "name": "https://vuldb.com/?id.289082" + }, + { + "url": "https://vuldb.com/?ctiid.289082", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.289082" + }, + { + "url": "https://vuldb.com/?submit.462614", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.462614" + }, + { + "url": "https://github.com/emlog/emlog/issues/307", + "refsource": "MISC", + "name": "https://github.com/emlog/emlog/issues/307" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "jiashenghe (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ] }