"-Synchronized-Data."

2025-08-04 08:44:25 +00:00 · 2023-12-30 21:00:35 +00:00 · 2023-12-30 21:00:35 +00:00 · 57781e824f
commit 57781e824f
parent 6e92d582d0
3 changed files with 40 additions and 2 deletions
--- a/2023/31xxx/CVE-2023-31698.json
+++ b/2023/31xxx/CVE-2023-31698.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo."
+                "value": "** DISPUTED ** Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration)."
            }
        ]
    },
@ -61,6 +61,16 @@
                "refsource": "MISC",
                "name": "http://packetstormsecurity.com/files/172462/Bludit-CMS-3.14.1-Cross-Site-Scripting.html",
                "url": "http://packetstormsecurity.com/files/172462/Bludit-CMS-3.14.1-Cross-Site-Scripting.html"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://github.com/bludit/bludit/issues/1212#issuecomment-649514491",
+                "url": "https://github.com/bludit/bludit/issues/1212#issuecomment-649514491"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://github.com/bludit/bludit/issues/1369#issuecomment-940806199",
+                "url": "https://github.com/bludit/bludit/issues/1369#issuecomment-940806199"
            }
        ]
    }
--- a/2023/34xxx/CVE-2023-34845.json
+++ b/2023/34xxx/CVE-2023-34845.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file."
+                "value": "** DISPUTED ** Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration)."
            }
        ]
    },
@ -56,6 +56,16 @@
                "url": "https://github.com/bludit/bludit/issues/1508",
                "refsource": "MISC",
                "name": "https://github.com/bludit/bludit/issues/1508"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://github.com/bludit/bludit/issues/1212#issuecomment-649514491",
+                "url": "https://github.com/bludit/bludit/issues/1212#issuecomment-649514491"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://github.com/bludit/bludit/issues/1369#issuecomment-940806199",
+                "url": "https://github.com/bludit/bludit/issues/1369#issuecomment-940806199"
            }
        ]
    }
--- a/2023/7xxx/CVE-2023-7193.json
+++ b/2023/7xxx/CVE-2023-7193.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2023-7193",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}