mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-07 03:02:46 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
bd987dcbf5
commit
7dca42e1b0
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 7.5,
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
||||
"baseSeverity": "HIGH"
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -11,11 +11,11 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability classified as problematic was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file check_availability.php. The manipulation of the argument username leads to exposure of sensitive information through data queries. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220645 was assigned to this vulnerability."
|
||||
"value": "A vulnerability classified as problematic was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file check_availability.php. The manipulation of the argument username leads to exposure of sensitive information through data queries. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-220645 was assigned to this vulnerability."
|
||||
},
|
||||
{
|
||||
"lang": "deu",
|
||||
"value": "In SourceCodester Best Online News Portal 1.0 wurde eine problematische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei check_availability.php. Durch das Manipulieren des Arguments username mit unbekannten Daten kann eine exposure of sensitive information through data queries-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
|
||||
"value": "In SourceCodester Best Online News Portal 1.0 wurde eine problematische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei check_availability.php. Durch das Manipulieren des Arguments username mit unbekannten Daten kann eine exposure of sensitive information through data queries-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 2.6,
|
||||
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
|
||||
"baseSeverity": "LOW"
|
||||
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -11,11 +11,11 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. Upgrading to version MW3_16U_5406_1.53 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-220769 was assigned to this vulnerability."
|
||||
"value": "A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version MW3_16U_5406_1.53 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-220769 was assigned to this vulnerability."
|
||||
},
|
||||
{
|
||||
"lang": "deu",
|
||||
"value": "Eine Schwachstelle wurde in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471 ausgemacht. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Komponente Access Point Setting Handler. Durch Beeinflussen mit der Eingabe 12345678 mit unbekannten Daten kann eine use of hard-coded password-Schwachstelle ausgenutzt werden. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version MW3_16U_5406_1.53 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
|
||||
"value": "Eine Schwachstelle wurde in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471 ausgemacht. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Komponente Access Point Setting Handler. Durch Beeinflussen mit der Eingabe 12345678 mit unbekannten Daten kann eine use of hard-coded password-Schwachstelle ausgenutzt werden. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version MW3_16U_5406_1.53 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -146,8 +146,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 3.7,
|
||||
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
|
||||
"baseSeverity": "LOW"
|
||||
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 6.5,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 4,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 7.5,
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
||||
"baseSeverity": "HIGH"
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -93,8 +93,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 5,
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -93,8 +93,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 5.8,
|
||||
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -93,8 +93,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 3.3,
|
||||
"vectorString": "AV:N/AC:L/Au:M/C:N/I:N/A:P",
|
||||
"baseSeverity": "LOW"
|
||||
"vectorString": "AV:N/AC:L/Au:M/C:N/I:N/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 6.5,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -11,11 +11,11 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified as critical. This issue affects some unknown processing of the file tftpd64_svc.exe. The manipulation leads to unquoted search path. An attack has to be approached locally. The associated identifier of this vulnerability is VDB-221351."
|
||||
"value": "A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified as critical. This issue affects some unknown processing of the file tftpd64_svc.exe. The manipulation leads to unquoted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The associated identifier of this vulnerability is VDB-221351."
|
||||
},
|
||||
{
|
||||
"lang": "deu",
|
||||
"value": "Eine kritische Schwachstelle wurde in phjounin TFTPD64-SE 4.64 gefunden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei tftpd64_svc.exe. Durch das Beeinflussen mit unbekannten Daten kann eine unquoted search path-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal."
|
||||
"value": "Eine kritische Schwachstelle wurde in phjounin TFTPD64-SE 4.64 gefunden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei tftpd64_svc.exe. Durch das Beeinflussen mit unbekannten Daten kann eine unquoted search path-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -93,8 +93,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 6,
|
||||
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 4,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -11,11 +11,11 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221452."
|
||||
"value": "A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221452."
|
||||
},
|
||||
{
|
||||
"lang": "deu",
|
||||
"value": "In SourceCodester Employee Task Management System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei edit-task.php. Dank der Manipulation des Arguments task_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
|
||||
"value": "In SourceCodester Employee Task Management System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei edit-task.php. Dank der Manipulation des Arguments task_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 4.6,
|
||||
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 6.5,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 7.5,
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
||||
"baseSeverity": "HIGH"
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -93,8 +93,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 7.5,
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
||||
"baseSeverity": "HIGH"
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 4.3,
|
||||
"vectorString": "AV:L/AC:L/Au:M/C:N/I:N/A:C",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:L/AC:L/Au:M/C:N/I:N/A:C"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 4.6,
|
||||
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 1.7,
|
||||
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
|
||||
"baseSeverity": "LOW"
|
||||
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -93,8 +93,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 6.5,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 5.8,
|
||||
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 5.8,
|
||||
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 6.5,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 6.5,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 7.5,
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
||||
"baseSeverity": "HIGH"
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 6.5,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -102,8 +102,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 6.5,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -93,8 +93,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 6.1,
|
||||
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -102,8 +102,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 6.5,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -93,8 +93,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 5.8,
|
||||
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -93,8 +93,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 4,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -93,8 +93,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 6.5,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -103,8 +103,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 5.8,
|
||||
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 6.5,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 6.5,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 7.5,
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
||||
"baseSeverity": "HIGH"
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -11,11 +11,11 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. Affected is an unknown function of the file admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. VDB-221634 is the identifier assigned to this vulnerability."
|
||||
"value": "A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. Affected is an unknown function of the file admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. VDB-221634 is the identifier assigned to this vulnerability."
|
||||
},
|
||||
{
|
||||
"lang": "deu",
|
||||
"value": "Es wurde eine kritische Schwachstelle in SourceCodester Sales Tracker Management System 1.0 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei admin/products/view_product.php. Mittels Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk."
|
||||
"value": "Es wurde eine kritische Schwachstelle in SourceCodester Sales Tracker Management System 1.0 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei admin/products/view_product.php. Mittels Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -93,8 +93,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 4.6,
|
||||
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 3.3,
|
||||
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
|
||||
"baseSeverity": "LOW"
|
||||
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -93,8 +93,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 6.5,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -93,8 +93,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 6.5,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -93,8 +93,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 6.5,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -93,8 +93,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 6.5,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 4,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 5,
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 7.5,
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
||||
"baseSeverity": "HIGH"
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 6.4,
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 5,
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -98,8 +98,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 4,
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -11,11 +11,11 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability, which was classified as critical, was found in Typora up to 1.5.5. Affected is an unknown function of the component WSH JScript Handler. The manipulation leads to code injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.8 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221736."
|
||||
"value": "A vulnerability, which was classified as critical, was found in Typora up to 1.5.5 on Windows. Affected is an unknown function of the component WSH JScript Handler. The manipulation leads to code injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.8 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221736."
|
||||
},
|
||||
{
|
||||
"lang": "deu",
|
||||
"value": "Es wurde eine Schwachstelle in Typora bis 1.5.5 gefunden. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Komponente WSH JScript Handler. Durch das Beeinflussen mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 1.5.8 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
|
||||
"value": "Es wurde eine Schwachstelle in Typora bis 1.5.5 f\u00fcr Windows gefunden. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Komponente WSH JScript Handler. Durch das Beeinflussen mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 1.5.8 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -118,8 +118,7 @@
|
||||
{
|
||||
"version": "2.0",
|
||||
"baseScore": 4.3,
|
||||
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
|
||||
"baseSeverity": "MEDIUM"
|
||||
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,61 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-32785",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2023-32785",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In Langchain through 0.0.155, prompt injection allows execution of arbitrary code against the SQL service provided by the chain."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://gist.github.com/rharang/9c58d39db8c01db5b7c888e467c0533f",
|
||||
"refsource": "MISC",
|
||||
"name": "https://gist.github.com/rharang/9c58d39db8c01db5b7c888e467c0533f"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,61 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-32786",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2023-32786",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1",
|
||||
"refsource": "MISC",
|
||||
"name": "https://gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,66 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-38191",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2023-38191",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "An issue was discovered in SuperWebMailer 9.00.0.01710. It allows spamtest_external.php XSS via a crafted filename."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://herolab.usd.de/security-advisories/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://herolab.usd.de/security-advisories/"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://herolab.usd.de/security-advisories/usd-2023-0012/",
|
||||
"url": "https://herolab.usd.de/security-advisories/usd-2023-0012/"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,61 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-43353",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2023-43353",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/sromanhu/CVE-2023-43353-CMSmadesimple-Stored-XSS---News---Extra",
|
||||
"url": "https://github.com/sromanhu/CVE-2023-43353-CMSmadesimple-Stored-XSS---News---Extra"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,61 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-43354",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2023-43354",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/sromanhu/CVE-2023-43354-CMSmadesimple-Stored-XSS---MicroTIny-extension",
|
||||
"url": "https://github.com/sromanhu/CVE-2023-43354-CMSmadesimple-Stored-XSS---MicroTIny-extension"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,66 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-43355",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2023-43355",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/sromanhu/CMSmadesimple-Reflected-XSS---Add-user",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/sromanhu/CMSmadesimple-Reflected-XSS---Add-user"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/sromanhu/CVE-2023-43355-CMSmadesimple-Reflected-XSS---Add-user",
|
||||
"url": "https://github.com/sromanhu/CVE-2023-43355-CMSmadesimple-Reflected-XSS---Add-user"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,61 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-43356",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2023-43356",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/sromanhu/CVE-2023-43356-CMSmadesimple-Stored-XSS---Global-Settings",
|
||||
"url": "https://github.com/sromanhu/CVE-2023-43356-CMSmadesimple-Stored-XSS---Global-Settings"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,61 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-43357",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2023-43357",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/sromanhu/CVE-2023-43357-CMSmadesimple-Stored-XSS---Shortcut",
|
||||
"url": "https://github.com/sromanhu/CVE-2023-43357-CMSmadesimple-Stored-XSS---Shortcut"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user