From 5f707fcc981cf71f3bd54a9ac83a3799c98eb37c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 19 May 2023 13:00:39 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/31xxx/CVE-2023-31756.json | 56 ++++++++++++++++++++++++++++++---- 2023/31xxx/CVE-2023-31862.json | 56 ++++++++++++++++++++++++++++++---- 2 files changed, 100 insertions(+), 12 deletions(-) diff --git a/2023/31xxx/CVE-2023-31756.json b/2023/31xxx/CVE-2023-31756.json index d953f913aa4..038125daa44 100644 --- a/2023/31xxx/CVE-2023-31756.json +++ b/2023/31xxx/CVE-2023-31756.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-31756", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-31756", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions <= 0.1.0. 0.9.1 v5006.0 Build 220518 Rel.32480n which allows remote attackers, authenticated to the administrative web portal as an administrator user to open an operating system level shell via the 'X_TP_IfName' parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://stanleyjobsonau.github.io/tp-link-advisory.html", + "refsource": "MISC", + "name": "https://stanleyjobsonau.github.io/tp-link-advisory.html" } ] } diff --git a/2023/31xxx/CVE-2023-31862.json b/2023/31xxx/CVE-2023-31862.json index 5a3db8faf5e..22cec73c913 100644 --- a/2023/31xxx/CVE-2023-31862.json +++ b/2023/31xxx/CVE-2023-31862.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-31862", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-31862", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the request package." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Cherry-toto/jizhicms/issues/86", + "refsource": "MISC", + "name": "https://github.com/Cherry-toto/jizhicms/issues/86" } ] }