admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-11-29 20:00:32 +00:00
parent 2806b5b39e
commit 715ff6858e
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
3 changed files with 150 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2023/25xxx/CVE-2023-25837.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nThere is a Cross-site Scripting vulnerability\u00a0in Esri Portal Sites in versions 10.8.1 \u2013 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. \u00a0The privileges required to execute this attack are high.\u00a0 No security boundary can be crossed scope is unchanged, If an admin account fell victim to this attack Confidentiality, Integrity and Availability are all High.\u00a0\n\n"
"value": "\nThere is a Cross-site Scripting vulnerability\u00a0in Esri ArcGIS Enterprise Sites versions 10.8.1 \u2013 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target's browser. \u00a0The privileges required to execute this attack are high.\u00a0 \u00a0\n\n"
}
]
},

81
2023/44xxx/CVE-2023-44383.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-44383",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "October is a Content Management System (CMS) and web platform to assist with development workflow. A user with access to the media manager that stores SVG files could create a stored XSS attack against themselves and any other user with access to the media manager when SVG files are supported. This issue has been patched in version 3.5.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "octobercms",
"product": {
"product_data": [
{
"product_name": "october",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 3.0.0, 3.5.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/octobercms/october/security/advisories/GHSA-rvx8-p3xp-fj3p",
"refsource": "MISC",
"name": "https://github.com/octobercms/october/security/advisories/GHSA-rvx8-p3xp-fj3p"
},
{
"url": "https://github.com/octobercms/october/commit/b7eed0bbf54d07ff310fcdc7037a8e8bf1f5043b",
"refsource": "MISC",
"name": "https://github.com/octobercms/october/commit/b7eed0bbf54d07ff310fcdc7037a8e8bf1f5043b"
}
]
},
"source": {
"advisory": "GHSA-rvx8-p3xp-fj3p",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

76
2023/49xxx/CVE-2023-49091.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-49091",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an attacker to use the token to gain unauthorized access to the application/system even after the user has logged out. This issue has been patched in version 0.13.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-613: Insufficient Session Expiration",
"cweId": "CWE-613"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "azukaar",
"product": {
"product_data": [
{
"product_name": "Cosmos-Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 0.13.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x",
"refsource": "MISC",
"name": "https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x"
}
]
},
"source": {
"advisory": "GHSA-hpvm-x7m8-3c6x",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}