diff --git a/2023/0xxx/CVE-2023-0784.json b/2023/0xxx/CVE-2023-0784.json index 50c547daca8..598637d1221 100644 --- a/2023/0xxx/CVE-2023-0784.json +++ b/2023/0xxx/CVE-2023-0784.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 7.5, - "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "baseSeverity": "HIGH" + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0785.json b/2023/0xxx/CVE-2023-0785.json index 333a08635f5..187cb47e6cc 100644 --- a/2023/0xxx/CVE-2023-0785.json +++ b/2023/0xxx/CVE-2023-0785.json @@ -11,11 +11,11 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as problematic was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file check_availability.php. The manipulation of the argument username leads to exposure of sensitive information through data queries. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220645 was assigned to this vulnerability." + "value": "A vulnerability classified as problematic was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file check_availability.php. The manipulation of the argument username leads to exposure of sensitive information through data queries. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-220645 was assigned to this vulnerability." }, { "lang": "deu", - "value": "In SourceCodester Best Online News Portal 1.0 wurde eine problematische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei check_availability.php. Durch das Manipulieren des Arguments username mit unbekannten Daten kann eine exposure of sensitive information through data queries-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + "value": "In SourceCodester Best Online News Portal 1.0 wurde eine problematische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei check_availability.php. Durch das Manipulieren des Arguments username mit unbekannten Daten kann eine exposure of sensitive information through data queries-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ] }, @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 2.6, - "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", - "baseSeverity": "LOW" + "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N" } ] } diff --git a/2023/0xxx/CVE-2023-0808.json b/2023/0xxx/CVE-2023-0808.json index f8dc89c4229..0714f875b9b 100644 --- a/2023/0xxx/CVE-2023-0808.json +++ b/2023/0xxx/CVE-2023-0808.json @@ -11,11 +11,11 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. Upgrading to version MW3_16U_5406_1.53 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-220769 was assigned to this vulnerability." + "value": "A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version MW3_16U_5406_1.53 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-220769 was assigned to this vulnerability." }, { "lang": "deu", - "value": "Eine Schwachstelle wurde in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471 ausgemacht. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Komponente Access Point Setting Handler. Durch Beeinflussen mit der Eingabe 12345678 mit unbekannten Daten kann eine use of hard-coded password-Schwachstelle ausgenutzt werden. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version MW3_16U_5406_1.53 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + "value": "Eine Schwachstelle wurde in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471 ausgemacht. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Komponente Access Point Setting Handler. Durch Beeinflussen mit der Eingabe 12345678 mit unbekannten Daten kann eine use of hard-coded password-Schwachstelle ausgenutzt werden. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version MW3_16U_5406_1.53 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." } ] }, @@ -146,8 +146,7 @@ { "version": "2.0", "baseScore": 3.7, - "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", - "baseSeverity": "LOW" + "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0830.json b/2023/0xxx/CVE-2023-0830.json index dafa62e42aa..de32a69005f 100644 --- a/2023/0xxx/CVE-2023-0830.json +++ b/2023/0xxx/CVE-2023-0830.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0840.json b/2023/0xxx/CVE-2023-0840.json index 0b0d6e21e90..962d730c3f3 100644 --- a/2023/0xxx/CVE-2023-0840.json +++ b/2023/0xxx/CVE-2023-0840.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2023/0xxx/CVE-2023-0841.json b/2023/0xxx/CVE-2023-0841.json index e448df6cc95..40f27ec64f2 100644 --- a/2023/0xxx/CVE-2023-0841.json +++ b/2023/0xxx/CVE-2023-0841.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 7.5, - "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "baseSeverity": "HIGH" + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0848.json b/2023/0xxx/CVE-2023-0848.json index 0dd72305f1c..a1dfd101026 100644 --- a/2023/0xxx/CVE-2023-0848.json +++ b/2023/0xxx/CVE-2023-0848.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 5, - "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0849.json b/2023/0xxx/CVE-2023-0849.json index 9240f28236e..410fa6ee836 100644 --- a/2023/0xxx/CVE-2023-0849.json +++ b/2023/0xxx/CVE-2023-0849.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 5.8, - "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0850.json b/2023/0xxx/CVE-2023-0850.json index d32ea67ff89..25b24465f6d 100644 --- a/2023/0xxx/CVE-2023-0850.json +++ b/2023/0xxx/CVE-2023-0850.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 3.3, - "vectorString": "AV:N/AC:L/Au:M/C:N/I:N/A:P", - "baseSeverity": "LOW" + "vectorString": "AV:N/AC:L/Au:M/C:N/I:N/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0883.json b/2023/0xxx/CVE-2023-0883.json index ab8b508e45b..50d8f0dfb1a 100644 --- a/2023/0xxx/CVE-2023-0883.json +++ b/2023/0xxx/CVE-2023-0883.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0887.json b/2023/0xxx/CVE-2023-0887.json index a869044d85f..0dd0cb036ff 100644 --- a/2023/0xxx/CVE-2023-0887.json +++ b/2023/0xxx/CVE-2023-0887.json @@ -11,11 +11,11 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified as critical. This issue affects some unknown processing of the file tftpd64_svc.exe. The manipulation leads to unquoted search path. An attack has to be approached locally. The associated identifier of this vulnerability is VDB-221351." + "value": "A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified as critical. This issue affects some unknown processing of the file tftpd64_svc.exe. The manipulation leads to unquoted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The associated identifier of this vulnerability is VDB-221351." }, { "lang": "deu", - "value": "Eine kritische Schwachstelle wurde in phjounin TFTPD64-SE 4.64 gefunden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei tftpd64_svc.exe. Durch das Beeinflussen mit unbekannten Daten kann eine unquoted search path-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal." + "value": "Eine kritische Schwachstelle wurde in phjounin TFTPD64-SE 4.64 gefunden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei tftpd64_svc.exe. Durch das Beeinflussen mit unbekannten Daten kann eine unquoted search path-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig." } ] }, @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 6, - "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C", - "baseSeverity": "MEDIUM" + "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C" } ] } diff --git a/2023/0xxx/CVE-2023-0902.json b/2023/0xxx/CVE-2023-0902.json index f5e8f00e3a2..632cb9f667c 100644 --- a/2023/0xxx/CVE-2023-0902.json +++ b/2023/0xxx/CVE-2023-0902.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2023/0xxx/CVE-2023-0903.json b/2023/0xxx/CVE-2023-0903.json index 2f2db88edc2..ea5c8ac4077 100644 --- a/2023/0xxx/CVE-2023-0903.json +++ b/2023/0xxx/CVE-2023-0903.json @@ -11,11 +11,11 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221452." + "value": "A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221452." }, { "lang": "deu", - "value": "In SourceCodester Employee Task Management System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei edit-task.php. Dank der Manipulation des Arguments task_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + "value": "In SourceCodester Employee Task Management System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei edit-task.php. Dank der Manipulation des Arguments task_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ] }, @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 4.6, - "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0904.json b/2023/0xxx/CVE-2023-0904.json index de008e1a1c7..f3582bc9ebe 100644 --- a/2023/0xxx/CVE-2023-0904.json +++ b/2023/0xxx/CVE-2023-0904.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0905.json b/2023/0xxx/CVE-2023-0905.json index c902835fc19..3cfa7864a2c 100644 --- a/2023/0xxx/CVE-2023-0905.json +++ b/2023/0xxx/CVE-2023-0905.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 7.5, - "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "baseSeverity": "HIGH" + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0906.json b/2023/0xxx/CVE-2023-0906.json index c3f2e4ba77c..6f367fa764a 100644 --- a/2023/0xxx/CVE-2023-0906.json +++ b/2023/0xxx/CVE-2023-0906.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 7.5, - "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "baseSeverity": "HIGH" + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0907.json b/2023/0xxx/CVE-2023-0907.json index 2328767568f..bfd606ce4d2 100644 --- a/2023/0xxx/CVE-2023-0907.json +++ b/2023/0xxx/CVE-2023-0907.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 4.3, - "vectorString": "AV:L/AC:L/Au:M/C:N/I:N/A:C", - "baseSeverity": "MEDIUM" + "vectorString": "AV:L/AC:L/Au:M/C:N/I:N/A:C" } ] } diff --git a/2023/0xxx/CVE-2023-0908.json b/2023/0xxx/CVE-2023-0908.json index a040513b597..2af08666610 100644 --- a/2023/0xxx/CVE-2023-0908.json +++ b/2023/0xxx/CVE-2023-0908.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 4.6, - "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C", - "baseSeverity": "MEDIUM" + "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C" } ] } diff --git a/2023/0xxx/CVE-2023-0909.json b/2023/0xxx/CVE-2023-0909.json index 1670e7bc6bb..25bb40fb176 100644 --- a/2023/0xxx/CVE-2023-0909.json +++ b/2023/0xxx/CVE-2023-0909.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 1.7, - "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", - "baseSeverity": "LOW" + "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0910.json b/2023/0xxx/CVE-2023-0910.json index 9f72e2dcf22..3cd3ac14aa3 100644 --- a/2023/0xxx/CVE-2023-0910.json +++ b/2023/0xxx/CVE-2023-0910.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0912.json b/2023/0xxx/CVE-2023-0912.json index 2ec0a5b4127..2fea5f0e6db 100644 --- a/2023/0xxx/CVE-2023-0912.json +++ b/2023/0xxx/CVE-2023-0912.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 5.8, - "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0913.json b/2023/0xxx/CVE-2023-0913.json index 0995f0a6ed2..517fc41b574 100644 --- a/2023/0xxx/CVE-2023-0913.json +++ b/2023/0xxx/CVE-2023-0913.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 5.8, - "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0915.json b/2023/0xxx/CVE-2023-0915.json index 02c4e32d4fb..f21ee4f77af 100644 --- a/2023/0xxx/CVE-2023-0915.json +++ b/2023/0xxx/CVE-2023-0915.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0916.json b/2023/0xxx/CVE-2023-0916.json index 6456700dc87..61ff7cfeaa4 100644 --- a/2023/0xxx/CVE-2023-0916.json +++ b/2023/0xxx/CVE-2023-0916.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0917.json b/2023/0xxx/CVE-2023-0917.json index b193be8c783..ce522ba2cbe 100644 --- a/2023/0xxx/CVE-2023-0917.json +++ b/2023/0xxx/CVE-2023-0917.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 7.5, - "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "baseSeverity": "HIGH" + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0918.json b/2023/0xxx/CVE-2023-0918.json index 5c6bcd6d935..e95253c1e17 100644 --- a/2023/0xxx/CVE-2023-0918.json +++ b/2023/0xxx/CVE-2023-0918.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0935.json b/2023/0xxx/CVE-2023-0935.json index fe73ac3526c..afb70f79e36 100644 --- a/2023/0xxx/CVE-2023-0935.json +++ b/2023/0xxx/CVE-2023-0935.json @@ -102,8 +102,7 @@ { "version": "2.0", "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0936.json b/2023/0xxx/CVE-2023-0936.json index 6ac40ec9a94..84c752ae913 100644 --- a/2023/0xxx/CVE-2023-0936.json +++ b/2023/0xxx/CVE-2023-0936.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 6.1, - "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", - "baseSeverity": "MEDIUM" + "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C" } ] } diff --git a/2023/0xxx/CVE-2023-0938.json b/2023/0xxx/CVE-2023-0938.json index 948aea7f3ab..8ae082b0cf2 100644 --- a/2023/0xxx/CVE-2023-0938.json +++ b/2023/0xxx/CVE-2023-0938.json @@ -102,8 +102,7 @@ { "version": "2.0", "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0943.json b/2023/0xxx/CVE-2023-0943.json index 6b53ca42632..32f2d75a540 100644 --- a/2023/0xxx/CVE-2023-0943.json +++ b/2023/0xxx/CVE-2023-0943.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 5.8, - "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0945.json b/2023/0xxx/CVE-2023-0945.json index 04437b5aa47..9b77239f0df 100644 --- a/2023/0xxx/CVE-2023-0945.json +++ b/2023/0xxx/CVE-2023-0945.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2023/0xxx/CVE-2023-0946.json b/2023/0xxx/CVE-2023-0946.json index 7c7546a6ef2..39a364a6654 100644 --- a/2023/0xxx/CVE-2023-0946.json +++ b/2023/0xxx/CVE-2023-0946.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0960.json b/2023/0xxx/CVE-2023-0960.json index ec8089aec88..db3c0bc5bcc 100644 --- a/2023/0xxx/CVE-2023-0960.json +++ b/2023/0xxx/CVE-2023-0960.json @@ -103,8 +103,7 @@ { "version": "2.0", "baseScore": 5.8, - "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0961.json b/2023/0xxx/CVE-2023-0961.json index 625685303d7..15bf459de28 100644 --- a/2023/0xxx/CVE-2023-0961.json +++ b/2023/0xxx/CVE-2023-0961.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0962.json b/2023/0xxx/CVE-2023-0962.json index e708fc724cc..7fdca74c80f 100644 --- a/2023/0xxx/CVE-2023-0962.json +++ b/2023/0xxx/CVE-2023-0962.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0963.json b/2023/0xxx/CVE-2023-0963.json index 1e0bf8ef27a..4f97c10fae9 100644 --- a/2023/0xxx/CVE-2023-0963.json +++ b/2023/0xxx/CVE-2023-0963.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 7.5, - "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "baseSeverity": "HIGH" + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0964.json b/2023/0xxx/CVE-2023-0964.json index f7760ea9306..a19d06778eb 100644 --- a/2023/0xxx/CVE-2023-0964.json +++ b/2023/0xxx/CVE-2023-0964.json @@ -11,11 +11,11 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. Affected is an unknown function of the file admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. VDB-221634 is the identifier assigned to this vulnerability." + "value": "A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. Affected is an unknown function of the file admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. VDB-221634 is the identifier assigned to this vulnerability." }, { "lang": "deu", - "value": "Es wurde eine kritische Schwachstelle in SourceCodester Sales Tracker Management System 1.0 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei admin/products/view_product.php. Mittels Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk." + "value": "Es wurde eine kritische Schwachstelle in SourceCodester Sales Tracker Management System 1.0 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei admin/products/view_product.php. Mittels Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen." } ] }, @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 4.6, - "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0966.json b/2023/0xxx/CVE-2023-0966.json index 79e21cce467..380521469d5 100644 --- a/2023/0xxx/CVE-2023-0966.json +++ b/2023/0xxx/CVE-2023-0966.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 3.3, - "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", - "baseSeverity": "LOW" + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N" } ] } diff --git a/2023/0xxx/CVE-2023-0980.json b/2023/0xxx/CVE-2023-0980.json index 89c1fa1ecc9..09995af401f 100644 --- a/2023/0xxx/CVE-2023-0980.json +++ b/2023/0xxx/CVE-2023-0980.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0981.json b/2023/0xxx/CVE-2023-0981.json index 422769cf1ba..aa56fa9c44f 100644 --- a/2023/0xxx/CVE-2023-0981.json +++ b/2023/0xxx/CVE-2023-0981.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0982.json b/2023/0xxx/CVE-2023-0982.json index 1375747d521..e27489b1207 100644 --- a/2023/0xxx/CVE-2023-0982.json +++ b/2023/0xxx/CVE-2023-0982.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0986.json b/2023/0xxx/CVE-2023-0986.json index 0ce2c492158..bd73be5b3c2 100644 --- a/2023/0xxx/CVE-2023-0986.json +++ b/2023/0xxx/CVE-2023-0986.json @@ -93,8 +93,7 @@ { "version": "2.0", "baseScore": 6.5, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0987.json b/2023/0xxx/CVE-2023-0987.json index c4dc210b632..de26460b30d 100644 --- a/2023/0xxx/CVE-2023-0987.json +++ b/2023/0xxx/CVE-2023-0987.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2023/0xxx/CVE-2023-0988.json b/2023/0xxx/CVE-2023-0988.json index 16ae9f18990..15276d9525f 100644 --- a/2023/0xxx/CVE-2023-0988.json +++ b/2023/0xxx/CVE-2023-0988.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 5, - "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ] } diff --git a/2023/0xxx/CVE-2023-0997.json b/2023/0xxx/CVE-2023-0997.json index 93d1b8cf1f7..7e3a0f8fe68 100644 --- a/2023/0xxx/CVE-2023-0997.json +++ b/2023/0xxx/CVE-2023-0997.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 7.5, - "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "baseSeverity": "HIGH" + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0998.json b/2023/0xxx/CVE-2023-0998.json index 56e6700e112..186a2b4a710 100644 --- a/2023/0xxx/CVE-2023-0998.json +++ b/2023/0xxx/CVE-2023-0998.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 6.4, - "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P" } ] } diff --git a/2023/0xxx/CVE-2023-0999.json b/2023/0xxx/CVE-2023-0999.json index 052f88b9a54..26a1ee5c8d8 100644 --- a/2023/0xxx/CVE-2023-0999.json +++ b/2023/0xxx/CVE-2023-0999.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 5, - "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ] } diff --git a/2023/1xxx/CVE-2023-1002.json b/2023/1xxx/CVE-2023-1002.json index 434b07627e8..98455860bee 100644 --- a/2023/1xxx/CVE-2023-1002.json +++ b/2023/1xxx/CVE-2023-1002.json @@ -98,8 +98,7 @@ { "version": "2.0", "baseScore": 4, - "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", - "baseSeverity": "MEDIUM" + "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N" } ] } diff --git a/2023/1xxx/CVE-2023-1003.json b/2023/1xxx/CVE-2023-1003.json index 942e9308fbe..5adba27d255 100644 --- a/2023/1xxx/CVE-2023-1003.json +++ b/2023/1xxx/CVE-2023-1003.json @@ -11,11 +11,11 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability, which was classified as critical, was found in Typora up to 1.5.5. Affected is an unknown function of the component WSH JScript Handler. The manipulation leads to code injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.8 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221736." + "value": "A vulnerability, which was classified as critical, was found in Typora up to 1.5.5 on Windows. Affected is an unknown function of the component WSH JScript Handler. The manipulation leads to code injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.8 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221736." }, { "lang": "deu", - "value": "Es wurde eine Schwachstelle in Typora bis 1.5.5 gefunden. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Komponente WSH JScript Handler. Durch das Beeinflussen mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 1.5.8 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + "value": "Es wurde eine Schwachstelle in Typora bis 1.5.5 f\u00fcr Windows gefunden. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Komponente WSH JScript Handler. Durch das Beeinflussen mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 1.5.8 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." } ] }, @@ -118,8 +118,7 @@ { "version": "2.0", "baseScore": 4.3, - "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", - "baseSeverity": "MEDIUM" + "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/32xxx/CVE-2023-32785.json b/2023/32xxx/CVE-2023-32785.json index 1935877640d..303ef95992f 100644 --- a/2023/32xxx/CVE-2023-32785.json +++ b/2023/32xxx/CVE-2023-32785.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-32785", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-32785", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Langchain through 0.0.155, prompt injection allows execution of arbitrary code against the SQL service provided by the chain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/rharang/9c58d39db8c01db5b7c888e467c0533f", + "refsource": "MISC", + "name": "https://gist.github.com/rharang/9c58d39db8c01db5b7c888e467c0533f" } ] } diff --git a/2023/32xxx/CVE-2023-32786.json b/2023/32xxx/CVE-2023-32786.json index 80a7d1a4fa3..8dc34a89727 100644 --- a/2023/32xxx/CVE-2023-32786.json +++ b/2023/32xxx/CVE-2023-32786.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-32786", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-32786", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1", + "refsource": "MISC", + "name": "https://gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1" } ] } diff --git a/2023/38xxx/CVE-2023-38191.json b/2023/38xxx/CVE-2023-38191.json index 648786cbd6f..bf3c008451c 100644 --- a/2023/38xxx/CVE-2023-38191.json +++ b/2023/38xxx/CVE-2023-38191.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-38191", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-38191", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in SuperWebMailer 9.00.0.01710. It allows spamtest_external.php XSS via a crafted filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://herolab.usd.de/security-advisories/", + "refsource": "MISC", + "name": "https://herolab.usd.de/security-advisories/" + }, + { + "refsource": "MISC", + "name": "https://herolab.usd.de/security-advisories/usd-2023-0012/", + "url": "https://herolab.usd.de/security-advisories/usd-2023-0012/" } ] } diff --git a/2023/43xxx/CVE-2023-43353.json b/2023/43xxx/CVE-2023-43353.json index 62f6a8e2adc..5dee86ae425 100644 --- a/2023/43xxx/CVE-2023-43353.json +++ b/2023/43xxx/CVE-2023-43353.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-43353", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-43353", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/sromanhu/CVE-2023-43353-CMSmadesimple-Stored-XSS---News---Extra", + "url": "https://github.com/sromanhu/CVE-2023-43353-CMSmadesimple-Stored-XSS---News---Extra" } ] } diff --git a/2023/43xxx/CVE-2023-43354.json b/2023/43xxx/CVE-2023-43354.json index a8a7a785195..4d9569b126f 100644 --- a/2023/43xxx/CVE-2023-43354.json +++ b/2023/43xxx/CVE-2023-43354.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-43354", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-43354", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/sromanhu/CVE-2023-43354-CMSmadesimple-Stored-XSS---MicroTIny-extension", + "url": "https://github.com/sromanhu/CVE-2023-43354-CMSmadesimple-Stored-XSS---MicroTIny-extension" } ] } diff --git a/2023/43xxx/CVE-2023-43355.json b/2023/43xxx/CVE-2023-43355.json index fbb972dd232..a2e22885acf 100644 --- a/2023/43xxx/CVE-2023-43355.json +++ b/2023/43xxx/CVE-2023-43355.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-43355", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-43355", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sromanhu/CMSmadesimple-Reflected-XSS---Add-user", + "refsource": "MISC", + "name": "https://github.com/sromanhu/CMSmadesimple-Reflected-XSS---Add-user" + }, + { + "refsource": "MISC", + "name": "https://github.com/sromanhu/CVE-2023-43355-CMSmadesimple-Reflected-XSS---Add-user", + "url": "https://github.com/sromanhu/CVE-2023-43355-CMSmadesimple-Reflected-XSS---Add-user" } ] } diff --git a/2023/43xxx/CVE-2023-43356.json b/2023/43xxx/CVE-2023-43356.json index 014bba5679d..6508d653263 100644 --- a/2023/43xxx/CVE-2023-43356.json +++ b/2023/43xxx/CVE-2023-43356.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-43356", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-43356", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/sromanhu/CVE-2023-43356-CMSmadesimple-Stored-XSS---Global-Settings", + "url": "https://github.com/sromanhu/CVE-2023-43356-CMSmadesimple-Stored-XSS---Global-Settings" } ] } diff --git a/2023/43xxx/CVE-2023-43357.json b/2023/43xxx/CVE-2023-43357.json index 7e87e05de2c..bdd67cc7286 100644 --- a/2023/43xxx/CVE-2023-43357.json +++ b/2023/43xxx/CVE-2023-43357.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-43357", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-43357", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/sromanhu/CVE-2023-43357-CMSmadesimple-Stored-XSS---Shortcut", + "url": "https://github.com/sromanhu/CVE-2023-43357-CMSmadesimple-Stored-XSS---Shortcut" } ] }