diff --git a/2015/9xxx/CVE-2015-9501.json b/2015/9xxx/CVE-2015-9501.json new file mode 100644 index 00000000000..728c4733357 --- /dev/null +++ b/2015/9xxx/CVE-2015-9501.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wpvulndb.com/vulnerabilities/7994", + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/7994" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/duchenerc/artificial-intelligence/commit/c70631b1f80518411df2f88476041351110c6eac", + "url": "https://github.com/duchenerc/artificial-intelligence/commit/c70631b1f80518411df2f88476041351110c6eac" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12402.json b/2019/12xxx/CVE-2019-12402.json index 32068e097e7..805b81e622f 100644 --- a/2019/12xxx/CVE-2019-12402.json +++ b/2019/12xxx/CVE-2019-12402.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b@%3Cdev.commons.apache.org%3E", "url": "https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b@%3Cdev.commons.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[creadur-commits] 20191022 [creadur-rat] branch master updated: RAT-258: Update to latest commons-compress to fix CVE-2019-12402", + "url": "https://lists.apache.org/thread.html/54cc4e9fa6b24520135f6fa4724dfb3465bc14703c7dc7e52353a0ea@%3Ccommits.creadur.apache.org%3E" } ] }, diff --git a/2019/16xxx/CVE-2019-16971.json b/2019/16xxx/CVE-2019-16971.json new file mode 100644 index 00000000000..3468f8f929f --- /dev/null +++ b/2019/16xxx/CVE-2019-16971.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In FusionPBX up to 4.5.7, the file app\\messages\\messages_thread.php uses an unsanitized \"contact_uuid\" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.fusionpbx.com/app/tickets/ticket_edit.php?id=bc250780-76ba-48c1-adc0-de421cbd61fd", + "refsource": "MISC", + "name": "https://www.fusionpbx.com/app/tickets/ticket_edit.php?id=bc250780-76ba-48c1-adc0-de421cbd61fd" + }, + { + "url": "https://github.com/fusionpbx/fusionpbx/commit/c48a160af53352ad1a43518b7d0faab16b8dfbcc", + "refsource": "MISC", + "name": "https://github.com/fusionpbx/fusionpbx/commit/c48a160af53352ad1a43518b7d0faab16b8dfbcc" + }, + { + "refsource": "MISC", + "name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-4/", + "url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-4/" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16972.json b/2019/16xxx/CVE-2019-16972.json new file mode 100644 index 00000000000..47f363e9dfa --- /dev/null +++ b/2019/16xxx/CVE-2019-16972.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In FusionPBX up to 4.5.7, the file app\\contacts\\contact_addresses.php uses an unsanitized \"id\" variable coming from the URL, which is reflected in HTML, leading to XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.fusionpbx.com/app/tickets/ticket_edit.php?id=f0f687f2-63c6-4740-b90b-d3ba3a3bd043", + "refsource": "MISC", + "name": "https://www.fusionpbx.com/app/tickets/ticket_edit.php?id=f0f687f2-63c6-4740-b90b-d3ba3a3bd043" + }, + { + "url": "https://github.com/fusionpbx/fusionpbx/commit/913ad234cf145a55e5f2faaab08d776d83c1699b", + "refsource": "MISC", + "name": "https://github.com/fusionpbx/fusionpbx/commit/913ad234cf145a55e5f2faaab08d776d83c1699b" + }, + { + "refsource": "MISC", + "name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-5/", + "url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-5/" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16973.json b/2019/16xxx/CVE-2019-16973.json new file mode 100644 index 00000000000..b7e1f5b4d03 --- /dev/null +++ b/2019/16xxx/CVE-2019-16973.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In FusionPBX up to 4.5.7, the file app\\contacts\\contact_edit.php uses an unsanitized \"query_string\" variable coming from the URL, which is reflected in HTML, leading to XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.fusionpbx.com/app/tickets/ticket_edit.php?id=c76ef65c-3df5-48cc-8c63-01e3325564f4", + "refsource": "MISC", + "name": "https://www.fusionpbx.com/app/tickets/ticket_edit.php?id=c76ef65c-3df5-48cc-8c63-01e3325564f4" + }, + { + "url": "https://github.com/fusionpbx/fusionpbx/commit/cc820b2eb12a3b7070afdcb7f977f70a1d49ce49", + "refsource": "MISC", + "name": "https://github.com/fusionpbx/fusionpbx/commit/cc820b2eb12a3b7070afdcb7f977f70a1d49ce49" + }, + { + "refsource": "MISC", + "name": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-6/", + "url": "https://resp3ctblog.wordpress.com/2019/10/19/fusionpbx-xss-6/" + } + ] + } +} \ No newline at end of file