admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-05-06 17:01:24 +00:00
parent 262f1b5ed9
commit 7d6618966d
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
14 changed files with 963 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
2021/26xxx/CVE-2021-26253.json
View File

@ -4,15 +4,80 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26253",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"ASSIGNER": "prodsec@splunk.com",
"TITLE": "Bypass of Splunk Enterprise's implementation of DUO MFA"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Splunk",
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_value": "Version(s) before 8.1.6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0504.html",
"refsource": "MISC",
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0504.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service."
}
]
},
"impact": {
"cvss": {
"baseScore": "8.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"credit": [
{
"lang": "eng",
"value": "Sanket Bhimani"
}
],
"generator": {
"engine": "advisoriator"
},
"source": {
"advisory": "SVD-2022-0504",
"discovery": "EXTERNAL"
}
}

68
2021/31xxx/CVE-2021-31559.json
View File

@ -4,15 +4,77 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-31559",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"ASSIGNER": "prodsec@splunk.com",
"TITLE": "S2S TcpToken authentication bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Splunk",
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_value": "8.2 version(s) before 8.2.1"
},
{
"version_value": "Version(s) before 8.1.5"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0503.html",
"refsource": "MISC",
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0503.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"generator": {
"engine": "advisoriator"
},
"source": {
"advisory": "SVD-2022-0503",
"discovery": "EXTERNAL"
}
}

76
2021/33xxx/CVE-2021-33845.json
View File

@ -4,15 +4,85 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33845",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"ASSIGNER": "prodsec@splunk.com",
"TITLE": "Username enumeration through lockout message in REST API"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Splunk",
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_value": "Version(s) before 8.1.7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0502.html",
"refsource": "MISC",
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0502.html"
},
{
"url": "https://research.splunk.com/application/splunk_user_enumeration_attempt/",
"refsource": "MISC",
"name": "https://research.splunk.com/application/splunk_user_enumeration_attempt/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"credit": [
{
"lang": "eng",
"value": "Kyle Bambrick"
}
],
"generator": {
"engine": "advisoriator"
},
"source": {
"advisory": "SVD-2022-0502",
"discovery": "EXTERNAL"
}
}

93
2021/36xxx/CVE-2021-36912.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-05-04T10:07:00.000Z",
"ID": "CVE-2021-36912",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Andrea Pernici News Sitemap for Google plugin <= 1.0.16 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Andrea Pernici News Sitemap for Google (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 1.0.16",
"version_value": "1.0.16"
}
]
}
}
]
},
"vendor_name": "Andrea Pernici"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by John Castro aka mirphak (Pagely)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/google-news-sitemap/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/google-news-sitemap/"
},
{
"name": "https://patchstack.com/database/vulnerability/google-news-sitemap/wordpress-andrea-pernici-news-sitemap-for-google-plugin-1-0-16-authenticated-stored-cross-site-scripting-xss-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/google-news-sitemap/wordpress-andrea-pernici-news-sitemap-for-google-plugin-1-0-16-authenticated-stored-cross-site-scripting-xss-vulnerability"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

71
2021/42xxx/CVE-2021-42743.json
View File

@ -4,15 +4,80 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42743",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"ASSIGNER": "prodsec@splunk.com",
"TITLE": "Local privilege escalation via a default path in Splunk Enterprise Windows"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Splunk",
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_value": "8.1 version(s) before 8.1.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html",
"refsource": "MISC",
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows."
}
]
},
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"credit": [
{
"lang": "eng",
"value": "Ilias Dimopoulos of\u202fRedyOps Research Labs"
}
],
"generator": {
"engine": "advisoriator"
},
"source": {
"advisory": "SVD-2022-0501",
"discovery": "EXTERNAL"
}
}

60
2022/1xxx/CVE-2022-1053.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1053",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "keylime",
"version": {
"version_data": [
{
"version_value": "Affects keylime v6.4.0 and prior, Fixed in \u2013 v6.4.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 - Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/keylime/keylime/commit/bd5de712acdd77860e7dc58969181e16c7a8dc5d",
"url": "https://github.com/keylime/keylime/commit/bd5de712acdd77860e7dc58969181e16c7a8dc5d"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2065024,",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065024,"
},
{
"refsource": "MISC",
"name": "https://github.com/keylime/keylime/security/advisories/GHSA-jf66-3q76-h5p5,",
"url": "https://github.com/keylime/keylime/security/advisories/GHSA-jf66-3q76-h5p5,"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an AK of a software TPM. A successful attack breaks the entire chain of trust because a not validated AK is used by the verifier. This issue is worse if the validation happens first and then the agent gets added to the verifier because the timing is easier and the verifier does not validate the regcount entry being equal to 1,"
}
]
}

71
2022/26xxx/CVE-2022-26070.json
View File

@ -4,15 +4,80 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26070",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"ASSIGNER": "prodsec@splunk.com",
"TITLE": "Error message discloses internal path"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Splunk",
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_value": "Version(s) before 8.1.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0507.html",
"refsource": "MISC",
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0507.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"credit": [
{
"lang": "eng",
"value": "Dipak Prajapati (Lethal)"
}
],
"generator": {
"engine": "advisoriator"
},
"source": {
"advisory": "SVD-2022-0507",
"discovery": "EXTERNAL"
}
}

76
2022/26xxx/CVE-2022-26889.json
View File

@ -4,15 +4,85 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26889",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"ASSIGNER": "prodsec@splunk.com",
"TITLE": "Path Traversal in search parameter results in external content injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Splunk",
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_value": "Version(s) before 8.1.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html",
"refsource": "MISC",
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html"
},
{
"url": "https://research.splunk.com/application/path_traversal_spl_injection/",
"refsource": "MISC",
"name": "https://research.splunk.com/application/path_traversal_spl_injection/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The lack of sanitization in a relative url path in a search parameter allows for arbitrary injection of external content in Splunk Enterprise versions before 8.1.2."
}
]
},
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"credit": [
{
"lang": "eng",
"value": "Jason Tsang Mui Chung"
}
],
"generator": {
"engine": "advisoriator"
},
"source": {
"advisory": "SVD-2022-0506",
"discovery": "EXTERNAL"
}
}

76
2022/27xxx/CVE-2022-27183.json
View File

@ -4,15 +4,85 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-27183",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"ASSIGNER": "prodsec@splunk.com",
"TITLE": "Reflected XSS in a query parameter of the Monitoring Console"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Splunk",
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_value": "Version(s) before 8.1.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0505.html",
"refsource": "MISC",
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0505.html"
},
{
"url": "https://research.splunk.com/application/splunk_xss_in_monitoring_console/",
"refsource": "MISC",
"name": "https://research.splunk.com/application/splunk_xss_in_monitoring_console/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platform instances. Note that the Cloud Monitoring Console is not impacted."
}
]
},
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"credit": [
{
"lang": "eng",
"value": "Danylo Dmytriiev (DDV_UA)"
}
],
"generator": {
"engine": "advisoriator"
},
"source": {
"advisory": "SVD-2022-0505",
"discovery": "EXTERNAL"
}
}

50
2022/28xxx/CVE-2022-28165.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-28165",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "sirt@brocade.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Brocade SANNav",
"version": {
"version_data": [
{
"version_value": "Brocade SANNav before 2.2.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1844",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1844"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests."
}
]
}

61
2022/28xxx/CVE-2022-28507.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-28507",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-28507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 version 1.0 is vulnerable to Cross Site Scripting (XSS) via Dragon path router admin page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://youtu.be/Ra7tWMs5dkk",
"refsource": "MISC",
"name": "https://youtu.be/Ra7tWMs5dkk"
},
{
"url": "https://drive.google.com/file/d/1gAssizx8A6450rIfkfeI9_7o4t5NV0MH/view?usp=sharing",
"refsource": "MISC",
"name": "https://drive.google.com/file/d/1gAssizx8A6450rIfkfeI9_7o4t5NV0MH/view?usp=sharing"
}
]
}

61
2022/28xxx/CVE-2022-28545.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-28545",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-28545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "FUDforum 3.1.1 is vulnerable to Stored XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/fudforum/FUDforum/commit/8ff446881932a45ce538b84a76f833d44eada93b",
"refsource": "MISC",
"name": "https://github.com/fudforum/FUDforum/commit/8ff446881932a45ce538b84a76f833d44eada93b"
},
{
"url": "https://github.com/fudforum/FUDforum/commit/aed69661b6f876c916abec9ca4fcf5035b8e2390",
"refsource": "MISC",
"name": "https://github.com/fudforum/FUDforum/commit/aed69661b6f876c916abec9ca4fcf5035b8e2390"
}
]
}

93
2022/29xxx/CVE-2022-29420.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-04-28T10:50:00.000Z",
"ID": "CVE-2022-29420",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Countdown & Clock plugin <= 2.3.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Countdown & Clock (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 2.3.2",
"version_value": "2.3.2"
}
]
}
}
]
},
"vendor_name": "Adam Skaat"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Jeong Wonjun aka Pongchi (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-circle-countdown-before-countdown and &ycd-circle-countdown-after-countdown vulnerable parameters."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/countdown-builder/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/countdown-builder/"
},
{
"name": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-1-authenticated-stored-cross-site-scripting-xss-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-1-authenticated-stored-cross-site-scripting-xss-vulnerability"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

93
2022/29xxx/CVE-2022-29421.json
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-04-28T11:30:00.000Z",
"ID": "CVE-2022-29421",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "WordPress Countdown & Clock plugin <= 2.3.2 - Reflected Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Countdown & Clock (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "<= 2.3.2",
"version_value": "2.3.2"
}
]
}
}
]
},
"vendor_name": "Adam Skaat"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Ex.Mi (Patchstack)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/countdown-builder/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/countdown-builder/"
},
{
"name": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-stored-cross-site-scripting-xss-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-stored-cross-site-scripting-xss-vulnerability"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}