admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adds CVEs

Browse Source
This commit is contained in:
erwanlr 2022-10-03 15:44:03 +02:00
parent 9f619c4160
commit 7d7db40a01
11 changed files with 602 additions and 188 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
2022/2xxx/CVE-2022-2314.json
View File

@ -3,7 +3,7 @@
"ID": "CVE-2022-2314",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "VR Calendar <= 2.2.2 - Unauthenticated Arbitrary Function Call"
"TITLE": "VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -21,9 +21,9 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.2.2",
"version_value": "2.2.2"
"version_affected": "<",
"version_name": "2.3.2",
"version_value": "2.3.2"
}
]
}
@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "The VR Calendar WordPress plugin through 2.2.2 lets any user execute arbitrary PHP functions on the site."
"value": "The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site."
}
]
},

10
2022/2xxx/CVE-2022-2404.json
View File

@ -3,7 +3,7 @@
"ID": "CVE-2022-2404",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WP Popup Builder <= 1.2.8 - Reflected Cross-Site Scripting"
"TITLE": "WP Popup Builder < 1.2.9 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -21,9 +21,9 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.2.8",
"version_value": "1.2.8"
"version_affected": "<",
"version_name": "1.2.9",
"version_value": "1.2.9"
}
]
}
@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "The WP Popup Builder WordPress plugin through 1.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting"
"value": "The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting"
}
]
},

10
2022/2xxx/CVE-2022-2405.json
View File

@ -3,7 +3,7 @@
"ID": "CVE-2022-2405",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WP Popup Builder <= 1.2.8 - Subscriber+ Arbitrary Popup Deletion"
"TITLE": "WP Popup Builder < 1.3.0 - Subscriber+ Arbitrary Popup Deletion"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -21,9 +21,9 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.2.8",
"version_value": "1.2.8"
"version_affected": "<",
"version_name": "1.2.9",
"version_value": "1.2.9"
}
]
}
@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "The WP Popup Builder WordPress plugin through 1.2.8 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup"
"value": "The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup"
}
]
},

87
2022/2xxx/CVE-2022-2628.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2628",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2628",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "DSGVO All in one for WP < 4.2 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "DSGVO All in one for WP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.2",
"version_value": "4.2"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/e712f83e-b437-4bc6-9511-2b0290ed315d",
"name": "https://wpscan.com/vulnerability/e712f83e-b437-4bc6-9511-2b0290ed315d"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Asif Nawaz Minhas"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

84
2022/2xxx/CVE-2022-2763.json
View File

@ -1,18 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2763",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2763",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WP Socializer < 7.3 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WP Socializer Simple & Easy Social Media Share Icons",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.3",
"version_value": "7.3"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Socializer WordPress plugin before 7.3 does not sanitise and escape some of its Icons settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/36a7b872-31fa-4375-9be7-8f787e616ed5",
"name": "https://wpscan.com/vulnerability/36a7b872-31fa-4375-9be7-8f787e616ed5"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
],
"source": {
"discovery": "EXTERNAL"
}
}

95
2022/2xxx/CVE-2022-2839.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2839",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2839",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Zephyr Project Manager < 3.2.55 - Unauthorised AJAX Calls To Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Zephyr Project Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.2.55",
"version_value": "3.2.55"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks against logged in admins."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/82e01f95-81c2-46d8-898e-07b3b8a3f8c9",
"name": "https://wpscan.com/vulnerability/82e01f95-81c2-46d8-898e-07b3b8a3f8c9"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "eng"
}
]
},
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Rizacan Tufan"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

146
2022/2xxx/CVE-2022-2846.json
View File

@ -1,73 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2846",
"TITLE": "Calendar Event Multi View Plugin cross-site request forgery",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "Calendar Event Multi View Plugin",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
"CVE_data_meta": {
"ID": "CVE-2022-2846",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Calendar Event Multi View",
"version": {
"version_data": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery"
"version_affected": "<",
"version_name": "1.4.07",
"version_value": "1.4.07"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic was found in Calendar Event Multi View Plugin. This vulnerability affects unknown code of the file /wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The identifier of this vulnerability is VDB-206488."
}
]
},
"credit": "Mostafa Farzaneh",
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
]
}
}
]
}
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.206488",
"refsource": "MISC",
"name": "https://vuldb.com/?id.206488"
}
]
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and put Cross-Site Scripting payloads in it."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/95f92062-08ce-478a-a2bc-6d026adf657c",
"name": "https://wpscan.com/vulnerability/95f92062-08ce-478a-a2bc-6d026adf657c"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-862 Missing Authorization",
"lang": "eng"
}
]
},
{
"description": [
{
"value": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Mostafa Farzaneh"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/3xxx/CVE-2022-3124.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3124",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-3124",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Frontend File Manager < 21.3 - Unauthenticated File Renaming"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Frontend File Manager Plugin",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608",
"name": "https://wpscan.com/vulnerability/00f76765-95af-4dbc-8c37-f1b15a0e8608"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-862 Missing Authorization",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad of Cloudyrion GmbH"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/3xxx/CVE-2022-3125.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3125",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-3125",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Frontend File Manager < 21.3 - Subscriber+ Arbitrary File Upload"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Frontend File Manager Plugin",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/d3d9dc9a-226b-4f76-995e-e2af1dd6b17e",
"name": "https://wpscan.com/vulnerability/d3d9dc9a-226b-4f76-995e-e2af1dd6b17e"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad of Cloudyrion GmbH"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/3xxx/CVE-2022-3128.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3128",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-3128",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Donation Thermometer < 2.1.3 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Donation Thermometer",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.1.3",
"version_value": "2.1.3"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Donation Thermometer WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/97201998-1859-4428-9b81-9c2748806cf4",
"name": "https://wpscan.com/vulnerability/97201998-1859-4428-9b81-9c2748806cf4"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Asif Nawaz Minhas"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/3xxx/CVE-2022-3132.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3132",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-3132",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Goolytics - Simple Google Analytics < 1.1.2 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Goolytics Simple Google Analytics",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.1.2",
"version_value": "1.1.2"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Goolytics WordPress plugin before 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/ed2dc1b9-f9f9-4e99-87b3-a614c223dd64",
"name": "https://wpscan.com/vulnerability/ed2dc1b9-f9f9-4e99-87b3-a614c223dd64"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Mika"
}
],
"source": {
"discovery": "EXTERNAL"
}
}