From 3f3750ee75f0187e5b83d9eefdb3cfc3a9b2bfbc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 29 Mar 2023 07:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/27xxx/CVE-2022-27597.json | 7 +-- 2022/27xxx/CVE-2022-27598.json | 7 +-- 2023/1xxx/CVE-2023-1686.json | 96 ++++++++++++++++++++++++++++++++-- 3 files changed, 100 insertions(+), 10 deletions(-) diff --git a/2022/27xxx/CVE-2022-27597.json b/2022/27xxx/CVE-2022-27597.json index a6e61bb6e8d..357f0b924cf 100644 --- a/2022/27xxx/CVE-2022-27597.json +++ b/2022/27xxx/CVE-2022-27597.json @@ -54,7 +54,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability have been reported to affect multiple QNAP operating systems. If exploited, the vulnerability allow remote authenticated users to get secret values.\nThe vulnerabilities affect the following QNAP operating systems:\nQTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)\nWe have already fixed the vulnerabilities in the following operating system versions:\nQTS 5.0.1.2346 build 20230322 and later\nQuTS hero h5.0.1.2348 build 20230324 and later\n" + "value": "A vulnerability have been reported to affect multiple QNAP operating systems. If exploited, the vulnerability allow remote authenticated users to get secret values. The vulnerabilities affect the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerabilities in the following operating system versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later" } ] }, @@ -108,8 +108,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.qnap.com/en/security-advisory/qsa-23-06" + "refsource": "MISC", + "url": "https://www.qnap.com/en/security-advisory/qsa-23-06", + "name": "https://www.qnap.com/en/security-advisory/qsa-23-06" } ] }, diff --git a/2022/27xxx/CVE-2022-27598.json b/2022/27xxx/CVE-2022-27598.json index 6003ee8469a..aef7be85385 100644 --- a/2022/27xxx/CVE-2022-27598.json +++ b/2022/27xxx/CVE-2022-27598.json @@ -54,7 +54,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability have been reported to affect multiple QNAP operating systems. If exploited, the vulnerability allow remote authenticated users to get secret values.\nThe vulnerabilities affect the following QNAP operating systems:\nQTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)\nWe have already fixed the vulnerabilities in the following operating system versions:\nQTS 5.0.1.2346 build 20230322 and later\nQuTS hero h5.0.1.2348 build 20230324 and later\n" + "value": "A vulnerability have been reported to affect multiple QNAP operating systems. If exploited, the vulnerability allow remote authenticated users to get secret values. The vulnerabilities affect the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerabilities in the following operating system versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later" } ] }, @@ -92,8 +92,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.qnap.com/en/security-advisory/" + "refsource": "MISC", + "url": "https://www.qnap.com/en/security-advisory/", + "name": "https://www.qnap.com/en/security-advisory/" } ] }, diff --git a/2023/1xxx/CVE-2023-1686.json b/2023/1xxx/CVE-2023-1686.json index 59e54479d11..f595560fd24 100644 --- a/2023/1xxx/CVE-2023-1686.json +++ b/2023/1xxx/CVE-2023-1686.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-1686", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file bsenordering/admin/category/index.php of the component GET Parameter Handler. The manipulation of the argument view with the input leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224243." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in SourceCodester Young Entrepreneur E-Negosyo System 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei bsenordering/admin/category/index.php der Komponente GET Parameter Handler. Durch Manipulieren des Arguments view mit der Eingabe mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Young Entrepreneur E-Negosyo System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.224243", + "refsource": "MISC", + "name": "https://vuldb.com/?id.224243" + }, + { + "url": "https://vuldb.com/?ctiid.224243", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.224243" + }, + { + "url": "https://github.com/Apeng96/bug_report/blob/main/XSS-1.md", + "refsource": "MISC", + "name": "https://github.com/Apeng96/bug_report/blob/main/XSS-1.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "aroc (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" } ] }