From 72200b2f739e1f08b0cd275acdb75dbaa8112f27 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 30 Aug 2023 02:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/41xxx/CVE-2023-41269.json | 8 ++-- 2023/4xxx/CVE-2023-4525.json | 8 ++-- 2023/4xxx/CVE-2023-4526.json | 8 ++-- 2023/4xxx/CVE-2023-4596.json | 80 ++++++++++++++++++++++++++++++++-- 2023/4xxx/CVE-2023-4597.json | 80 ++++++++++++++++++++++++++++++++-- 2023/4xxx/CVE-2023-4599.json | 80 ++++++++++++++++++++++++++++++++-- 2023/4xxx/CVE-2023-4609.json | 8 ++-- 7 files changed, 244 insertions(+), 28 deletions(-) diff --git a/2023/41xxx/CVE-2023-41269.json b/2023/41xxx/CVE-2023-41269.json index 80c0ac6f166..b8830bad3fe 100644 --- a/2023/41xxx/CVE-2023-41269.json +++ b/2023/41xxx/CVE-2023-41269.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41269", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "PSIRT@samsung.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2023/4xxx/CVE-2023-4525.json b/2023/4xxx/CVE-2023-4525.json index 96758337b70..d892b5aea5f 100644 --- a/2023/4xxx/CVE-2023-4525.json +++ b/2023/4xxx/CVE-2023-4525.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4525", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mandiant-cve@google.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2023/4xxx/CVE-2023-4526.json b/2023/4xxx/CVE-2023-4526.json index af96c3716f3..fbb8330d025 100644 --- a/2023/4xxx/CVE-2023-4526.json +++ b/2023/4xxx/CVE-2023-4526.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4526", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mandiant-cve@google.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } diff --git a/2023/4xxx/CVE-2023-4596.json b/2023/4xxx/CVE-2023-4596.json index 81e6903a4d1..66f00539b42 100644 --- a/2023/4xxx/CVE-2023-4596.json +++ b/2023/4xxx/CVE-2023-4596.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4596", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "wpmudev", + "product": { + "product_data": [ + { + "product_name": "Forminator \u2013 Contact Form, Payment Form & Custom Form Builder", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.24.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513?source=cve" + }, + { + "url": "https://www.exploit-db.com/exploits/51664", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/51664" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/2954409/forminator/trunk/library/fields/postdata.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/2954409/forminator/trunk/library/fields/postdata.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "mehmet" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" } ] } diff --git a/2023/4xxx/CVE-2023-4597.json b/2023/4xxx/CVE-2023-4597.json index 59668c40016..2fa88bb70dd 100644 --- a/2023/4xxx/CVE-2023-4597.json +++ b/2023/4xxx/CVE-2023-4597.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4597", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slimstat' shortcode in versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mostafas1990", + "product": { + "product_data": [ + { + "product_name": "Slimstat Analytics", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "5.0.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52aee4b8-f494-4eeb-8357-71ce8d5bc656?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52aee4b8-f494-4eeb-8357-71ce8d5bc656?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-slimstat/tags/5.0.9/wp-slimstat.php#L892", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wp-slimstat/tags/5.0.9/wp-slimstat.php#L892" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2959452%40wp-slimstat&new=2959452%40wp-slimstat&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2959452%40wp-slimstat&new=2959452%40wp-slimstat&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/4xxx/CVE-2023-4599.json b/2023/4xxx/CVE-2023-4599.json index 8e7b53e7352..c749a100152 100644 --- a/2023/4xxx/CVE-2023-4599.json +++ b/2023/4xxx/CVE-2023-4599.json @@ -1,17 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4599", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb_mailto' shortcode in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ironikus", + "product": { + "product_data": [ + { + "product_name": "Email Encoder \u2013 Protect Email Addresses and Phone Numbers", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.1.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e90f04e4-eb4c-4822-89c6-79f553987c37?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e90f04e4-eb4c-4822-89c6-79f553987c37?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/email-encoder-bundle/tags/2.1.7/core/includes/classes/class-email-encoder-bundle-run.php#L529", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/email-encoder-bundle/tags/2.1.7/core/includes/classes/class-email-encoder-bundle-run.php#L529" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/2958823/email-encoder-bundle#file60", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/2958823/email-encoder-bundle#file60" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/4xxx/CVE-2023-4609.json b/2023/4xxx/CVE-2023-4609.json index 9a77a5158b9..db1b0246358 100644 --- a/2023/4xxx/CVE-2023-4609.json +++ b/2023/4xxx/CVE-2023-4609.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4609", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@tigera.io", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] }