From 5aa88986a492d2720c0256e72e1bedca842bb897 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 28 Mar 2025 00:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/2xxx/CVE-2025-2878.json | 109 +++++++++++++++++++++++++++++++-- 2025/2xxx/CVE-2025-2892.json | 18 ++++++ 2025/30xxx/CVE-2025-30232.json | 56 +++++++++++++++-- 2025/31xxx/CVE-2025-31092.json | 85 +++++++++++++++++++++++-- 2025/31xxx/CVE-2025-31324.json | 18 ++++++ 2025/31xxx/CVE-2025-31325.json | 18 ++++++ 2025/31xxx/CVE-2025-31326.json | 18 ++++++ 2025/31xxx/CVE-2025-31327.json | 18 ++++++ 2025/31xxx/CVE-2025-31328.json | 18 ++++++ 2025/31xxx/CVE-2025-31329.json | 18 ++++++ 2025/31xxx/CVE-2025-31330.json | 18 ++++++ 2025/31xxx/CVE-2025-31331.json | 18 ++++++ 2025/31xxx/CVE-2025-31332.json | 18 ++++++ 2025/31xxx/CVE-2025-31333.json | 18 ++++++ 2025/31xxx/CVE-2025-31334.json | 18 ++++++ 15 files changed, 452 insertions(+), 14 deletions(-) create mode 100644 2025/2xxx/CVE-2025-2892.json create mode 100644 2025/31xxx/CVE-2025-31324.json create mode 100644 2025/31xxx/CVE-2025-31325.json create mode 100644 2025/31xxx/CVE-2025-31326.json create mode 100644 2025/31xxx/CVE-2025-31327.json create mode 100644 2025/31xxx/CVE-2025-31328.json create mode 100644 2025/31xxx/CVE-2025-31329.json create mode 100644 2025/31xxx/CVE-2025-31330.json create mode 100644 2025/31xxx/CVE-2025-31331.json create mode 100644 2025/31xxx/CVE-2025-31332.json create mode 100644 2025/31xxx/CVE-2025-31333.json create mode 100644 2025/31xxx/CVE-2025-31334.json diff --git a/2025/2xxx/CVE-2025-2878.json b/2025/2xxx/CVE-2025-2878.json index 24756b7cda7..881a885f382 100644 --- a/2025/2xxx/CVE-2025-2878.json +++ b/2025/2xxx/CVE-2025-2878.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2878", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Kentico CMS up to 13.0.178. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /CMSInstall/install.aspx of the component Additional Database Installation Wizard. The manipulation of the argument new database leads to cross site scripting. The attack can be launched remotely. Upgrading to version 13.0.179 is able to address this issue. It is recommended to upgrade the affected component." + }, + { + "lang": "deu", + "value": "In Kentico CMS bis 13.0.178 wurde eine problematische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /CMSInstall/install.aspx der Komponente Additional Database Installation Wizard. Mittels Manipulieren des Arguments new database mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 13.0.179 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting", + "cweId": "CWE-79" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Code Injection", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kentico", + "product": { + "product_data": [ + { + "product_name": "CMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13.0.178" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.301813", + "refsource": "MISC", + "name": "https://vuldb.com/?id.301813" + }, + { + "url": "https://vuldb.com/?ctiid.301813", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.301813" + }, + { + "url": "https://vuldb.com/?submit.503058", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.503058" + }, + { + "url": "https://devnet.kentico.com/download/hotfixes", + "refsource": "MISC", + "name": "https://devnet.kentico.com/download/hotfixes" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "c4ng4c3ir0 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 3.3, + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N" } ] } diff --git a/2025/2xxx/CVE-2025-2892.json b/2025/2xxx/CVE-2025-2892.json new file mode 100644 index 00000000000..355857780da --- /dev/null +++ b/2025/2xxx/CVE-2025-2892.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2892", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30232.json b/2025/30xxx/CVE-2025-30232.json index 8fd505c20f5..002dfc29cf5 100644 --- a/2025/30xxx/CVE-2025-30232.json +++ b/2025/30xxx/CVE-2025-30232.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-30232", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-30232", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exim.org/static/doc/security/CVE-2025-30232.txt", + "refsource": "MISC", + "name": "https://www.exim.org/static/doc/security/CVE-2025-30232.txt" } ] } diff --git a/2025/31xxx/CVE-2025-31092.json b/2025/31xxx/CVE-2025-31092.json index bc75aae2848..2bc717b3501 100644 --- a/2025/31xxx/CVE-2025-31092.json +++ b/2025/31xxx/CVE-2025-31092.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-31092", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ninja Team Click to Chat \u2013 WP Support All-in-One Floating Widget allows Stored XSS. This issue affects Click to Chat \u2013 WP Support All-in-One Floating Widget: from n/a through 2.3.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ninja Team", + "product": { + "product_data": [ + { + "product_name": "Click to Chat \u2013 WP Support All-in-One Floating Widget", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "2.3.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/support-chat/vulnerability/wordpress-click-to-chat-wp-support-all-in-one-floating-widget-plugin-2-3-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/support-chat/vulnerability/wordpress-click-to-chat-wp-support-all-in-one-floating-widget-plugin-2-3-4-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Gab (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2025/31xxx/CVE-2025-31324.json b/2025/31xxx/CVE-2025-31324.json new file mode 100644 index 00000000000..9f33c2f2537 --- /dev/null +++ b/2025/31xxx/CVE-2025-31324.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31324", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31325.json b/2025/31xxx/CVE-2025-31325.json new file mode 100644 index 00000000000..9e7d2d523bd --- /dev/null +++ b/2025/31xxx/CVE-2025-31325.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31325", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31326.json b/2025/31xxx/CVE-2025-31326.json new file mode 100644 index 00000000000..e8b9f6a8904 --- /dev/null +++ b/2025/31xxx/CVE-2025-31326.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31326", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31327.json b/2025/31xxx/CVE-2025-31327.json new file mode 100644 index 00000000000..b7ffc2f96d6 --- /dev/null +++ b/2025/31xxx/CVE-2025-31327.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31327", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31328.json b/2025/31xxx/CVE-2025-31328.json new file mode 100644 index 00000000000..4a84b321696 --- /dev/null +++ b/2025/31xxx/CVE-2025-31328.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31328", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31329.json b/2025/31xxx/CVE-2025-31329.json new file mode 100644 index 00000000000..e58601c134a --- /dev/null +++ b/2025/31xxx/CVE-2025-31329.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31329", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31330.json b/2025/31xxx/CVE-2025-31330.json new file mode 100644 index 00000000000..a0f9f6a7d23 --- /dev/null +++ b/2025/31xxx/CVE-2025-31330.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31330", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31331.json b/2025/31xxx/CVE-2025-31331.json new file mode 100644 index 00000000000..a0b691683de --- /dev/null +++ b/2025/31xxx/CVE-2025-31331.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31331", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31332.json b/2025/31xxx/CVE-2025-31332.json new file mode 100644 index 00000000000..114c0d2220f --- /dev/null +++ b/2025/31xxx/CVE-2025-31332.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31332", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31333.json b/2025/31xxx/CVE-2025-31333.json new file mode 100644 index 00000000000..998fbf4b335 --- /dev/null +++ b/2025/31xxx/CVE-2025-31333.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31333", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/31xxx/CVE-2025-31334.json b/2025/31xxx/CVE-2025-31334.json new file mode 100644 index 00000000000..50a57820cc8 --- /dev/null +++ b/2025/31xxx/CVE-2025-31334.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-31334", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file