Auto-merge PR#7679

2025-08-04 08:44:25 +00:00 · 2022-10-14 06:25:18 -04:00 · 2022-10-14 06:25:18 -04:00 · 32be820142
commit 32be820142
parent 4abc5b4cf0 4f8645556f
2 changed files with 116 additions and 6 deletions
--- a/2022/3xxx/CVE-2022-3502.json
+++ b/2022/3xxx/CVE-2022-3502.json
@ -4,14 +4,69 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2022-3502",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "TITLE": "Human Resource Management System Leave cross site scripting",
+        "REQUESTER": "cna@vuldb.com",
+        "ASSIGNER": "cna@vuldb.com",
+        "STATE": "PUBLIC"
+    },
+    "generator": "vuldb.com",
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Human Resource Management System",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "1.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
+                    }
+                ]
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability was found in Human Resource Management System 1.0. It has been classified as problematic. This affects an unknown part of the component Leave Handler. The manipulation of the argument Reason leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210831."
+            }
+        ]
+    },
+    "impact": {
+        "cvss": {
+            "version": "3.1",
+            "baseScore": "3.5",
+            "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N"
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https:\/\/github.com\/draco1725\/POC\/blob\/main\/Exploit\/Stored%20Xss"
+            },
+            {
+                "url": "https:\/\/vuldb.com\/?id.210831"
            }
        ]
    }
--- a/2022/3xxx/CVE-2022-3503.json
+++ b/2022/3xxx/CVE-2022-3503.json
@ -4,14 +4,69 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2022-3503",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "TITLE": "SourceCodester Purchase Order Management System Supplier cross site scripting",
+        "REQUESTER": "cna@vuldb.com",
+        "ASSIGNER": "cna@vuldb.com",
+        "STATE": "PUBLIC"
+    },
+    "generator": "vuldb.com",
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "SourceCodester",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Purchase Order Management System",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "1.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting"
+                    }
+                ]
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Supplier Handler. The manipulation of the argument Supplier Name\/Address\/Contact person\/Contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210832."
+            }
+        ]
+    },
+    "impact": {
+        "cvss": {
+            "version": "3.1",
+            "baseScore": "3.5",
+            "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N"
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https:\/\/github.com\/DisguisedRoot\/Exploit\/blob\/main\/Persistent%20XSS\/PoC"
+            },
+            {
+                "url": "https:\/\/vuldb.com\/?id.210832"
            }
        ]
    }