mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-06 02:32:02 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
7810b433b5
commit
34fb3ae857
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A Stored cross-site scripting (XSS) vulnerability in upnp page of the web Interface in TP-Link WR841N v14 <= Build 231119 Rel.67074n allows remote attackers to inject arbitrary JavaScript code via the port mapping description. This leads to an execution of the JavaScript payload when the upnp page is loaded."
|
||||
"value": "A Stored cross-site scripting (XSS) vulnerability in upnp page of the web Interface in TP-Link WR841N v14/v14.6/v14.8 <= Build 231119 Rel.67074n allows adjacent attackers to inject arbitrary JavaScript code via the port mapping description. This leads to an execution of the JavaScript payload when the upnp page is loaded."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -32,11 +32,11 @@
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "TP-Link",
|
||||
"vendor_name": "TP-Link Systems Inc.",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "TL-WR841N v14",
|
||||
"product_name": "TL-WR841N v14/v14.6/v14.8",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -64,6 +64,11 @@
|
||||
"url": "https://www.tp-link.com/en/support/download/tl-wr841n/#Firmware",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.tp-link.com/en/support/download/tl-wr841n/#Firmware"
|
||||
},
|
||||
{
|
||||
"url": "https://www.tp-link.com/us/support/download/tl-wr841n/#Firmware",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.tp-link.com/us/support/download/tl-wr841n/#Firmware"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,17 +1,123 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-3796",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cna@vuldb.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability classified as critical has been found in PHPGurukul Men Salon Management System 1.0. This affects an unknown part of the file /admin/contact-us.php. The manipulation of the argument pagetitle/pagedes/email/mobnumber/timing leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
|
||||
},
|
||||
{
|
||||
"lang": "deu",
|
||||
"value": "Es wurde eine Schwachstelle in PHPGurukul Men Salon Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /admin/contact-us.php. Durch die Manipulation des Arguments pagetitle/pagedes/email/mobnumber/timing mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "SQL Injection",
|
||||
"cweId": "CWE-89"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Injection",
|
||||
"cweId": "CWE-74"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "PHPGurukul",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Men Salon Management System",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://vuldb.com/?id.305649",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?id.305649"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.305649",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?ctiid.305649"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?submit.554659",
|
||||
"refsource": "MISC",
|
||||
"name": "https://vuldb.com/?submit.554659"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/yaklang/IRifyScanResult/blob/main/Men-Salon-Management-System/sql_inject_in_contact_us.md",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/yaklang/IRifyScanResult/blob/main/Men-Salon-Management-System/sql_inject_in_contact_us.md"
|
||||
},
|
||||
{
|
||||
"url": "https://phpgurukul.com/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://phpgurukul.com/"
|
||||
}
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "1098024193 (VulDB User)"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"baseScore": 6.3,
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
{
|
||||
"version": "3.0",
|
||||
"baseScore": 6.3,
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 6.5,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
18
2025/3xxx/CVE-2025-3815.json
Normal file
18
2025/3xxx/CVE-2025-3815.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2025-3815",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
62
2025/43xxx/CVE-2025-43903.json
Normal file
62
2025/43xxx/CVE-2025-43903.json
Normal file
@ -0,0 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2025-43903",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/f1b9c830f145a0042e853d6462b2f9ca4016c669",
|
||||
"refsource": "MISC",
|
||||
"name": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/f1b9c830f145a0042e853d6462b2f9ca4016c669"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user