admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-04-10 19:00:34 +00:00
parent d26aae762f
commit 5ad134afa2
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
23 changed files with 732 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
2023/25xxx/CVE-2023-25829.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks."
"value": "There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks."
}
]
},
@ -40,12 +40,9 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_affected": "<=",
"version_name": "all",
"version_value": "11.0"
},
{
"version_affected": "=",
"version_value": "10.9.1"
}
]
}

10
2023/25xxx/CVE-2023-25830.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser."
"value": "There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and before which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser."
}
]
},
@ -41,8 +41,8 @@
"version_data": [
{
"version_affected": "<=",
"version_name": "10.9.1",
"version_value": "<=10.7.1"
"version_name": "all",
"version_value": "10.9.1"
}
]
}
@ -86,7 +86,7 @@
"value": "Mitigation: Leverage a WAF to filter JavaScript from URL query parameters<br>"
}
],
"value": "Mitigation: Leverage a WAF to filter JavaScript from URL query parameters\n"
"value": "Mitigation: Leverage a WAF to filter JavaScript from URL query parameters"
}
],
"solution": [
@ -99,7 +99,7 @@
"value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095\">https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8...</a><br>"
}
],
"value": " https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8... https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095 \n"
"value": "https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8... https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095"
}
],
"credits": [

6
2023/25xxx/CVE-2023-25831.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser.\n"
"value": "There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser."
}
]
},
@ -41,8 +41,8 @@
"version_data": [
{
"version_affected": "<=",
"version_name": "10.9.1",
"version_value": "<="
"version_name": "All",
"version_value": "10.9.1"
}
]
}

8
2023/25xxx/CVE-2023-25832.json
View File

@ -44,8 +44,10 @@
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "11.0",
"status": "affected",
"version": "11.0"
"version": "All",
"versionType": "Portal for ArcGIS"
}
],
"defaultStatus": "affected"
@ -95,8 +97,8 @@
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",

10
2023/25xxx/CVE-2023-25833.json
View File

@ -44,8 +44,10 @@
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "11.0",
"status": "affected",
"version": "11.0"
"version": "All",
"versionType": "Portal for ArcGIS"
}
],
"defaultStatus": "affected"
@ -93,7 +95,7 @@
"value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095\">https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8...</a><br>"
}
],
"value": " https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8... https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095 \n"
"value": "https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8... https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095"
}
],
"credits": [
@ -108,7 +110,7 @@
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
@ -120,4 +122,4 @@
}
]
}
}
}

10
2023/25xxx/CVE-2023-25834.json
View File

@ -41,7 +41,7 @@
"version_data": [
{
"version_affected": "<=",
"version_name": "10.7.1",
"version_name": "all",
"version_value": "10.9.1"
}
]
@ -86,7 +86,7 @@
"value": "Install P<a target=\"_blank\" rel=\"nofollow\" href=\"https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2023-update-1-patch-is-now-available/\">ortal for ArcGIS Security 2023 Update 1</a><br>"
}
],
"value": "Install P ortal for ArcGIS Security 2023 Update 1 https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2023-update-1-patch-is-now-available/ \n"
"value": "Install P ortal for ArcGIS Security 2023 Update 1 https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2023-update-1-patch-is-now-available/"
}
],
"impact": {
@ -95,16 +95,16 @@
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "None",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}
}
}

4
2023/25xxx/CVE-2023-25835.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "There is a stored Cross-site Scripting vulnerability\u00a0in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 \u2013 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser. \u00a0The privileges required to execute this attack are high. The impact to Confidentiality, Integrity and Availability are High."
"value": "There is a stored Cross-site Scripting vulnerability\u00a0in Esri Portal for ArcGIS Sites versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser. \u00a0The privileges required to execute this attack are high. The impact to Confidentiality, Integrity and Availability are High."
}
]
},
@ -41,7 +41,7 @@
"version_data": [
{
"version_affected": "<=",
"version_name": "10.8.1",
"version_name": "All",
"version_value": "11.1"
}
]

4
2023/25xxx/CVE-2023-25836.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "There is a Cross-site Scripting vulnerability\u00a0in Esri Portal Sites in versions 10.8.1 \u2013 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. \u00a0The privileges required to execute this attack are low."
"value": "There is a Cross-site Scripting vulnerability\u00a0in Esri Portal for ArcGIS Sites in versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. \u00a0The privileges required to execute this attack are low."
}
]
},
@ -41,7 +41,7 @@
"version_data": [
{
"version_affected": "<=",
"version_name": "10.8.1",
"version_name": "All",
"version_value": "10.9"
}
]

4
2023/25xxx/CVE-2023-25837.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "There is a Cross-site Scripting vulnerability\u00a0in Esri ArcGIS Enterprise Sites versions 10.8.1 \u2013 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target's browser. \u00a0The privileges required to execute this attack are high.\u00a0 \u00a0\n\nThe impact to Confidentiality, Integrity and Availability are High."
"value": "There is a Cross-site Scripting vulnerability\u00a0in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target's browser. \u00a0The privileges required to execute this attack are high.\u00a0 \u00a0\n\nThe impact to Confidentiality, Integrity and Availability are High."
}
]
},
@ -41,7 +41,7 @@
"version_data": [
{
"version_affected": "<=",
"version_name": "10.8.1",
"version_name": "All",
"version_value": "10.9"
}
]

6
2023/25xxx/CVE-2023-25840.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "There is a Cross-site Scripting vulnerability\u00a0in ArcGIS Server in versions 10.8.1 \u2013 11.1 that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser. \u00a0The privileges required to execute this attack are high."
"value": "There is a Cross-site Scripting vulnerability\u00a0in ArcGIS Server in versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser. \u00a0The privileges required to execute this attack are high."
}
]
},
@ -46,8 +46,8 @@
{
"lessThanOrEqual": "11.1",
"status": "affected",
"version": "10.8.1",
"versionType": "ArcGIS Server"
"version": "All",
"versionType": "ArcGIS Enterprise Server"
}
],
"defaultStatus": "affected"

6
2023/25xxx/CVE-2023-25841.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 10.8.1 \u2013 11.0 on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser.\n\nMitigation: Disable anonymous access to ArcGIS Feature services with edit capabilities."
"value": "There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 11.0 and below on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser.\n\nMitigation: Disable anonymous access to ArcGIS Feature services with edit capabilities."
}
]
},
@ -46,8 +46,8 @@
{
"lessThanOrEqual": "11.1",
"status": "affected",
"version": "10.8.1",
"versionType": "ArcGIS Server"
"version": "All",
"versionType": "ArcGIS Enterprise Server"
}
],
"defaultStatus": "affected"

10
2024/25xxx/CVE-2024-25708.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.8.1 \u2013 10.9.1 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser. The privileges required to execute this attack are high.\u00a0"
"value": "There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.9.1 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser. The privileges required to execute this attack are high."
}
]
},
@ -39,14 +39,10 @@
"product_name": "ArcGIS Enterprise Web App Builder",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.8.1"
},
{
"version_affected": "<=",
"version_name": "10.9.1",
"version_value": "<=10.9.1"
"version_name": "All",
"version_value": "10.9.1"
}
]
}

84
2024/25xxx/CVE-2024-25709.json
View File

@ -5,13 +5,93 @@
"CVE_data_meta": {
"ID": "CVE-2024-25709",
"ASSIGNER": "psirt@esri.com",
"STATE": "REJECT"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS versions 10.8.1 \u2013 1121 that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item which will potentially execute arbitrary JavaScript code in the victim\u2019s browser. The privileges required to execute this attack are high."
"value": "There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS versions 11.2 and below that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item which will potentially execute arbitrary JavaScript code in the victim\u2019s browser. The privileges required to execute this attack are high."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Esri",
"product": {
"product_data": [
{
"product_name": "Portal for ArcGIS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "All",
"version_value": "11.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-1/",
"refsource": "MISC",
"name": "https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-1/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"BUG-000165286"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Miguel Fal\u00e9"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

19
2024/38xxx/CVE-2024-38040.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2. 11.1, 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files."
"value": "There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files."
}
]
},
@ -36,23 +36,12 @@
"product": {
"product_data": [
{
"product_name": "Portal",
"product_name": "Portal for ArcGIS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.8.1"
},
{
"version_affected": "=",
"version_value": "10.9.1"
},
{
"version_affected": "=",
"version_value": "11.1"
},
{
"version_affected": "=",
"version_affected": "<=",
"version_name": "All",
"version_value": "11.2"
}
]

61
2025/23xxx/CVE-2025-23008.json
View File

@ -1,18 +1,71 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23008",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@sonicwall.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250 Execution with Unnecessary Privileges",
"cweId": "CWE-250"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SonicWall",
"product": {
"product_data": [
{
"product_name": "NetExtender",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.3.1 and earlier versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006",
"refsource": "MISC",
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "SNWLID-2025-0006",
"discovery": "EXTERNAL"
}
}

61
2025/23xxx/CVE-2025-23009.json
View File

@ -1,18 +1,71 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23009",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@sonicwall.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250 Execution with Unnecessary Privileges",
"cweId": "CWE-250"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SonicWall",
"product": {
"product_data": [
{
"product_name": "NetExtender",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.3.1 and earlier versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006",
"refsource": "MISC",
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "SNWLID-2025-0006",
"discovery": "EXTERNAL"
}
}

61
2025/23xxx/CVE-2025-23010.json
View File

@ -1,18 +1,71 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23010",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@sonicwall.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to manipulate file paths."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 Improper Link Resolution Before File Access ('Link Following')",
"cweId": "CWE-59"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SonicWall",
"product": {
"product_data": [
{
"product_name": "NetExtender",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.3.1 and earlier versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006",
"refsource": "MISC",
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "SNWLID-2025-0006",
"discovery": "EXTERNAL"
}
}

74
2025/32xxx/CVE-2025-32696.json
View File

@ -1,18 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-32696",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php.\n\nThis issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-281 Improper Preservation of Permissions",
"cweId": "CWE-281"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Wikimedia Foundation",
"product": {
"product_data": [
{
"product_name": "MediaWiki",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.39.12, 1.42.6, 1.43.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://phabricator.wikimedia.org/T304474",
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T304474"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"defect": [
"https://phabricator.wikimedia.org/T304474"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Porplemontage"
},
{
"lang": "en",
"value": "Bartosz Dziewo\u0144ski"
}
]
}

72
2025/32xxx/CVE-2025-32697.json
View File

@ -1,18 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-32697",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/editpage/IntroMessageBuilder.Php, includes/Permissions/PermissionManager.Php, includes/Permissions/RestrictionStore.Php.\n\nThis issue affects MediaWiki: before 1.42.6, 1.43.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-281 Improper Preservation of Permissions",
"cweId": "CWE-281"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Wikimedia Foundation",
"product": {
"product_data": [
{
"product_name": "MediaWiki",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.42.6, 1.43.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://phabricator.wikimedia.org/T140010",
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T140010"
},
{
"url": "https://phabricator.wikimedia.org/T62109",
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T62109"
},
{
"url": "https://phabricator.wikimedia.org/T24521",
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T24521"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"defect": [
"https://phabricator.wikimedia.org/T140010"
],
"discovery": "UNKNOWN"
}
}

74
2025/32xxx/CVE-2025-32698.json
View File

@ -1,18 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-32698",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/LogPager.Php.\n\nThis issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Wikimedia Foundation",
"product": {
"product_data": [
{
"product_name": "MediaWiki",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.39.12, 1.42.6, 1.43.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://phabricator.wikimedia.org/T385958",
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T385958"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"defect": [
"https://phabricator.wikimedia.org/T385958"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "A_smart_kitten"
},
{
"lang": "en",
"value": "Bartosz Dziewo\u0144ski"
}
]
}

83
2025/32xxx/CVE-2025-32699.json
View File

@ -1,18 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-32699",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Wikimedia Foundation",
"product": {
"product_data": [
{
"product_name": "MediaWiki",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.39.12, 1.42.6, 1.43.1"
}
]
}
},
{
"product_name": "Parsoid",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "0.16.5, 0.19.2, 0.20.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://phabricator.wikimedia.org/T387130",
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T387130"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"defect": [
"https://phabricator.wikimedia.org/T387130"
],
"discovery": "INTERNAL"
}
}

74
2025/32xxx/CVE-2025-32700.json
View File

@ -1,18 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-32700",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseLog.Php, includes/Pager/AbuseLogPager.Php, includes/Special/SpecialAbuseLog.Php, includes/View/AbuseFilterViewExamine.Php.\n\nThis issue affects AbuseFilter: from >= 1.43.0 before 1.43.1."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Wikimedia Foundation",
"product": {
"product_data": [
{
"product_name": "MediaWiki",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": ">= 1.43.0",
"version_value": "1.43.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://phabricator.wikimedia.org/T389235",
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T389235"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"defect": [
"https://phabricator.wikimedia.org/T389235"
],
"discovery": "INTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Dreamy_Jazz"
},
{
"lang": "en",
"value": "Dreamy_Jazz"
}
]
}

78
2025/3xxx/CVE-2025-3469.json
View File

@ -1,18 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3469",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLMultiSelectField.Php.\n\nThis issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Wikimedia Foundation",
"product": {
"product_data": [
{
"product_name": "MediaWiki",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.39.12, 1.42.6, 1.43.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://phabricator.wikimedia.org/T358689",
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T358689"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"defect": [
"https://phabricator.wikimedia.org/T358689"
],
"discovery": "INTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Daimona"
},
{
"lang": "en",
"value": "Daimona"
},
{
"lang": "en",
"value": "Daimona"
}
]
}