From 806591833d9adc798216499696e129cfc7a1b46d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 29 Mar 2022 06:01:27 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/1xxx/CVE-2022-1072.json | 36 +++---- 2022/1xxx/CVE-2022-1073.json | 140 +++++++++++++-------------- 2022/1xxx/CVE-2022-1074.json | 140 +++++++++++++-------------- 2022/1xxx/CVE-2022-1075.json | 148 +++++++++++++++-------------- 2022/1xxx/CVE-2022-1076.json | 140 +++++++++++++-------------- 2022/1xxx/CVE-2022-1077.json | 160 +++++++++++++++---------------- 2022/1xxx/CVE-2022-1078.json | 140 +++++++++++++-------------- 2022/1xxx/CVE-2022-1079.json | 140 +++++++++++++-------------- 2022/1xxx/CVE-2022-1080.json | 140 +++++++++++++-------------- 2022/1xxx/CVE-2022-1081.json | 140 +++++++++++++-------------- 2022/1xxx/CVE-2022-1082.json | 140 +++++++++++++-------------- 2022/1xxx/CVE-2022-1083.json | 140 +++++++++++++-------------- 2022/1xxx/CVE-2022-1084.json | 140 +++++++++++++-------------- 2022/1xxx/CVE-2022-1085.json | 140 +++++++++++++-------------- 2022/1xxx/CVE-2022-1086.json | 178 ++++++++++++++++++----------------- 2022/1xxx/CVE-2022-1087.json | 156 +++++++++++++++--------------- 16 files changed, 1128 insertions(+), 1090 deletions(-) diff --git a/2022/1xxx/CVE-2022-1072.json b/2022/1xxx/CVE-2022-1072.json index 7394bc70ee7..4084ba3bc12 100644 --- a/2022/1xxx/CVE-2022-1072.json +++ b/2022/1xxx/CVE-2022-1072.json @@ -1,18 +1,18 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "cna@vuldb.com", - "ID": "CVE-2022-1072", - "STATE": "REJECT" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-26254. Reason: This candidate is a reservation duplicate of CVE-2022-26254. Notes: All CVE users should reference CVE-2022-26254 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1072", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-26254. Reason: This candidate is a reservation duplicate of CVE-2022-26254. Notes: All CVE users should reference CVE-2022-26254 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1073.json b/2022/1xxx/CVE-2022-1073.json index 81a0e214cad..a404364cf59 100644 --- a/2022/1xxx/CVE-2022-1073.json +++ b/2022/1xxx/CVE-2022-1073.json @@ -1,70 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-1073", - "TITLE": "Automatic Question Paper Generator password recovery", - "REQUESTER": "cna@vuldb.com", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" - }, - "generator": "vuldb.com", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "", - "product": { - "product_data": [ - { - "product_name": "Automatic Question Paper Generator", - "version": { - "version_data": [ - { - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-640 Weak Password Recovery" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as critical. An attack leads to privilege escalation. The attack can be launched remotely." - } - ] - }, - "impact": { - "cvss": { - "version": "3.1", - "baseScore": "7.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L" - } - }, - "references": { - "reference_data": [ - { - "url": "https:\/\/vuldb.com\/?id.194839" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1073", + "TITLE": "Automatic Question Paper Generator password recovery", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "Automatic Question Paper Generator", + "version": { + "version_data": [ + { + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-640 Weak Password Recovery" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as critical. An attack leads to privilege escalation. The attack can be launched remotely." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "7.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.194839", + "refsource": "MISC", + "name": "https://vuldb.com/?id.194839" + } + ] + } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1074.json b/2022/1xxx/CVE-2022-1074.json index eeec37ca254..aa30551e11e 100644 --- a/2022/1xxx/CVE-2022-1074.json +++ b/2022/1xxx/CVE-2022-1074.json @@ -1,70 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-1074", - "TITLE": "TEM FLEX-1085 injection", - "REQUESTER": "cna@vuldb.com", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" - }, - "generator": "vuldb.com", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "TEM", - "product": { - "product_data": [ - { - "product_name": "FLEX-1085", - "version": { - "version_data": [ - { - "version_value": "1.6.0" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-74 Injection" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified as problematic. Using the input

HTML Injection

in the WiFi settings of the dashboard leads to html injection." - } - ] - }, - "impact": { - "cvss": { - "version": "3.1", - "baseScore": "4.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:N" - } - }, - "references": { - "reference_data": [ - { - "url": "https:\/\/vuldb.com\/?id.194845" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1074", + "TITLE": "TEM FLEX-1085 injection", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "TEM", + "product": { + "product_data": [ + { + "product_name": "FLEX-1085", + "version": { + "version_data": [ + { + "version_value": "1.6.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-74 Injection" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified as problematic. Using the input

HTML Injection

in the WiFi settings of the dashboard leads to html injection." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.194845", + "refsource": "MISC", + "name": "https://vuldb.com/?id.194845" + } + ] + } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1075.json b/2022/1xxx/CVE-2022-1075.json index b00ecac37bf..8f1bca0c82b 100644 --- a/2022/1xxx/CVE-2022-1075.json +++ b/2022/1xxx/CVE-2022-1075.json @@ -1,73 +1,77 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-1075", - "TITLE": "College Website Management System Contact cross site scripting", - "REQUESTER": "cna@vuldb.com", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" - }, - "generator": "vuldb.com", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "", - "product": { - "product_data": [ - { - "product_name": "College Website Management System", - "version": { - "version_data": [ - { - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross Site Scripting" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability was found in College Website Management System 1.0 and classified as problematic. Affected by this issue is the file \/cwms\/classes\/Master.php?f=save_contact of the component Contact Handler. The manipulation leads to persistent cross site scripting. The attack may be launched remotely and requires authentication." - } - ] - }, - "impact": { - "cvss": { - "version": "3.1", - "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" - } - }, - "references": { - "reference_data": [ - { - "url": "https:\/\/www.sourcecodester.com\/php\/15203\/college-website-content-management-system-phpoop-free-source-code.ht" - }, - { - "url": "https:\/\/vuldb.com\/?id.194846" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1075", + "TITLE": "College Website Management System Contact cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "College Website Management System", + "version": { + "version_data": [ + { + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in College Website Management System 1.0 and classified as problematic. Affected by this issue is the file /cwms/classes/Master.php?f=save_contact of the component Contact Handler. The manipulation leads to persistent cross site scripting. The attack may be launched remotely and requires authentication." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/php/15203/college-website-content-management-system-phpoop-free-source-code.ht", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/15203/college-website-content-management-system-phpoop-free-source-code.ht" + }, + { + "url": "https://vuldb.com/?id.194846", + "refsource": "MISC", + "name": "https://vuldb.com/?id.194846" + } + ] + } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1076.json b/2022/1xxx/CVE-2022-1076.json index e0146119d47..a80871b3ebc 100644 --- a/2022/1xxx/CVE-2022-1076.json +++ b/2022/1xxx/CVE-2022-1076.json @@ -1,70 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-1076", - "TITLE": "Automatic Question Paper Generator System My Account Page login.php cross site scripting", - "REQUESTER": "cna@vuldb.com", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" - }, - "generator": "vuldb.com", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "", - "product": { - "product_data": [ - { - "product_name": "Automatic Question Paper Generator System", - "version": { - "version_data": [ - { - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross Site Scripting" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability was found in Automatic Question Paper Generator System 1.0. It has been classified as problematic. This affects the file \/aqpg\/users\/login.php of the component My Account Page. The manipulation of the argument First Name\/Middle Name\/Last Name leads to cross site scripting. It is possible to initiate the attack remotely." - } - ] - }, - "impact": { - "cvss": { - "version": "3.1", - "baseScore": "4.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:N" - } - }, - "references": { - "reference_data": [ - { - "url": "https:\/\/vuldb.com\/?id.194847" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1076", + "TITLE": "Automatic Question Paper Generator System My Account Page login.php cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "Automatic Question Paper Generator System", + "version": { + "version_data": [ + { + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in Automatic Question Paper Generator System 1.0. It has been classified as problematic. This affects the file /aqpg/users/login.php of the component My Account Page. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.194847", + "refsource": "MISC", + "name": "https://vuldb.com/?id.194847" + } + ] + } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1077.json b/2022/1xxx/CVE-2022-1077.json index e8653c7498a..b1d0afda659 100644 --- a/2022/1xxx/CVE-2022-1077.json +++ b/2022/1xxx/CVE-2022-1077.json @@ -1,80 +1,82 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-1077", - "TITLE": "TEM FLEX-1080\/FLEX-1085 Log information disclosure", - "REQUESTER": "cna@vuldb.com", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" - }, - "generator": "vuldb.com", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "TEM", - "product": { - "product_data": [ - { - "product_name": "FLEX-1080", - "version": { - "version_data": [ - { - "version_value": "1.6.0" - } - ] - } - }, - { - "product_name": "FLEX-1085", - "version": { - "version_data": [ - { - "version_value": "1.6.0" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-200 Information Disclosure" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication." - } - ] - }, - "impact": { - "cvss": { - "version": "3.1", - "baseScore": "5.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N" - } - }, - "references": { - "reference_data": [ - { - "url": "https:\/\/vuldb.com\/?id.194848" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1077", + "TITLE": "TEM FLEX-1080/FLEX-1085 Log information disclosure", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "TEM", + "product": { + "product_data": [ + { + "product_name": "FLEX-1080", + "version": { + "version_data": [ + { + "version_value": "1.6.0" + } + ] + } + }, + { + "product_name": "FLEX-1085", + "version": { + "version_data": [ + { + "version_value": "1.6.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Information Disclosure" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "5.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.194848", + "refsource": "MISC", + "name": "https://vuldb.com/?id.194848" + } + ] + } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1078.json b/2022/1xxx/CVE-2022-1078.json index 078ac015965..92f9bd5712b 100644 --- a/2022/1xxx/CVE-2022-1078.json +++ b/2022/1xxx/CVE-2022-1078.json @@ -1,70 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-1078", - "TITLE": "SourceCodester College Website Management System sql injection", - "REQUESTER": "cna@vuldb.com", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" - }, - "generator": "vuldb.com", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "SourceCodester", - "product": { - "product_data": [ - { - "product_name": "College Website Management System", - "version": { - "version_data": [ - { - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability was found in SourceCodester College Website Management System 1.0. It has been classified as critical. Affected is the file \/cwms\/admin\/?page=articles\/view_article\/. The manipulation of the argument id with the input ' and (select * from(select(sleep(10)))Avx) and 'abc' = 'abc with an unknown input leads to sql injection. It is possible to launch the attack remotely and without authentication." - } - ] - }, - "impact": { - "cvss": { - "version": "3.1", - "baseScore": "7.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L" - } - }, - "references": { - "reference_data": [ - { - "url": "https:\/\/vuldb.com\/?id.194856" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1078", + "TITLE": "SourceCodester College Website Management System sql injection", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "College Website Management System", + "version": { + "version_data": [ + { + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in SourceCodester College Website Management System 1.0. It has been classified as critical. Affected is the file /cwms/admin/?page=articles/view_article/. The manipulation of the argument id with the input ' and (select * from(select(sleep(10)))Avx) and 'abc' = 'abc with an unknown input leads to sql injection. It is possible to launch the attack remotely and without authentication." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "7.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.194856", + "refsource": "MISC", + "name": "https://vuldb.com/?id.194856" + } + ] + } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1079.json b/2022/1xxx/CVE-2022-1079.json index 65ff0738cf0..aa45714ae85 100644 --- a/2022/1xxx/CVE-2022-1079.json +++ b/2022/1xxx/CVE-2022-1079.json @@ -1,70 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-1079", - "TITLE": "SourceCodester One Church Management System churchprofile.php cross site scripting", - "REQUESTER": "cna@vuldb.com", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" - }, - "generator": "vuldb.com", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "SourceCodester", - "product": { - "product_data": [ - { - "product_name": "One Church Management System", - "version": { - "version_data": [ - { - "version_value": "n\/a" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross Site Scripting" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability classified as problematic has been found in SourceCodester One Church Management System. Affected are multiple files and parameters which are prone to to cross site scripting. It is possible to launch the attack remotely." - } - ] - }, - "impact": { - "cvss": { - "version": "3.1", - "baseScore": "4.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:N" - } - }, - "references": { - "reference_data": [ - { - "url": "https:\/\/vuldb.com\/?id.195426" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1079", + "TITLE": "SourceCodester One Church Management System churchprofile.php cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "One Church Management System", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as problematic has been found in SourceCodester One Church Management System. Affected are multiple files and parameters which are prone to to cross site scripting. It is possible to launch the attack remotely." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.195426", + "refsource": "MISC", + "name": "https://vuldb.com/?id.195426" + } + ] + } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1080.json b/2022/1xxx/CVE-2022-1080.json index 974f5d8d70e..06dd1ad888b 100644 --- a/2022/1xxx/CVE-2022-1080.json +++ b/2022/1xxx/CVE-2022-1080.json @@ -1,70 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-1080", - "TITLE": "SourceCodester One Church Management System attendancy.php sql injection", - "REQUESTER": "cna@vuldb.com", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" - }, - "generator": "vuldb.com", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "SourceCodester", - "product": { - "product_data": [ - { - "product_name": "One Church Management System", - "version": { - "version_data": [ - { - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability was found in SourceCodester One Church Management System 1.0. It has been declared as critical. This vulnerability affects code of the file attendancy.php as the manipulation of the argument search2 leads to sql injection. The attack can be initiated remotely." - } - ] - }, - "impact": { - "cvss": { - "version": "3.1", - "baseScore": "7.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L" - } - }, - "references": { - "reference_data": [ - { - "url": "https:\/\/vuldb.com\/?id.195442" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1080", + "TITLE": "SourceCodester One Church Management System attendancy.php sql injection", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "One Church Management System", + "version": { + "version_data": [ + { + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in SourceCodester One Church Management System 1.0. It has been declared as critical. This vulnerability affects code of the file attendancy.php as the manipulation of the argument search2 leads to sql injection. The attack can be initiated remotely." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "7.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.195442", + "refsource": "MISC", + "name": "https://vuldb.com/?id.195442" + } + ] + } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1081.json b/2022/1xxx/CVE-2022-1081.json index fb319626e63..9b2a5e4871e 100644 --- a/2022/1xxx/CVE-2022-1081.json +++ b/2022/1xxx/CVE-2022-1081.json @@ -1,70 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-1081", - "TITLE": "SourceCodester Microfinance Management System addcustomerHandler.php cross site scripting", - "REQUESTER": "cna@vuldb.com", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" - }, - "generator": "vuldb.com", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "SourceCodester", - "product": { - "product_data": [ - { - "product_name": "Microfinance Management System", - "version": { - "version_data": [ - { - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross Site Scripting" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability was found in SourceCodester Microfinance Management System 1.0. It has been declared as problematic. This vulnerability affects the file \/mims\/app\/addcustomerHandler.php. The manipulation of the argument first_name, middle_name, and surname leads to cross site scripting. The attack can be initiated remotely." - } - ] - }, - "impact": { - "cvss": { - "version": "3.1", - "baseScore": "4.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:N" - } - }, - "references": { - "reference_data": [ - { - "url": "https:\/\/vuldb.com\/?id.195640" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1081", + "TITLE": "SourceCodester Microfinance Management System addcustomerHandler.php cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Microfinance Management System", + "version": { + "version_data": [ + { + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in SourceCodester Microfinance Management System 1.0. It has been declared as problematic. This vulnerability affects the file /mims/app/addcustomerHandler.php. The manipulation of the argument first_name, middle_name, and surname leads to cross site scripting. The attack can be initiated remotely." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.195640", + "refsource": "MISC", + "name": "https://vuldb.com/?id.195640" + } + ] + } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1082.json b/2022/1xxx/CVE-2022-1082.json index 3e0c5d95b54..ef332046746 100644 --- a/2022/1xxx/CVE-2022-1082.json +++ b/2022/1xxx/CVE-2022-1082.json @@ -1,70 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-1082", - "TITLE": "SourceCodester Microfinance Management System Login Page login.php sql injection", - "REQUESTER": "cna@vuldb.com", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" - }, - "generator": "vuldb.com", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "SourceCodester", - "product": { - "product_data": [ - { - "product_name": "Microfinance Management System", - "version": { - "version_data": [ - { - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability was found in SourceCodester Microfinance Management System 1.0. It has been rated as critical. This issue affects the file \/mims\/login.php of the Login Page. The manipulation of the argument username\/password with the input '||1=1# leads to sql injection. The attack may be initiated remotely." - } - ] - }, - "impact": { - "cvss": { - "version": "3.1", - "baseScore": "7.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L" - } - }, - "references": { - "reference_data": [ - { - "url": "https:\/\/vuldb.com\/?id.195641" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1082", + "TITLE": "SourceCodester Microfinance Management System Login Page login.php sql injection", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Microfinance Management System", + "version": { + "version_data": [ + { + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in SourceCodester Microfinance Management System 1.0. It has been rated as critical. This issue affects the file /mims/login.php of the Login Page. The manipulation of the argument username/password with the input '||1=1# leads to sql injection. The attack may be initiated remotely." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "7.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.195641", + "refsource": "MISC", + "name": "https://vuldb.com/?id.195641" + } + ] + } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1083.json b/2022/1xxx/CVE-2022-1083.json index 69859e4e00d..634d06e247e 100644 --- a/2022/1xxx/CVE-2022-1083.json +++ b/2022/1xxx/CVE-2022-1083.json @@ -1,70 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-1083", - "TITLE": "Microfinance Management System sql injection", - "REQUESTER": "cna@vuldb.com", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" - }, - "generator": "vuldb.com", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "", - "product": { - "product_data": [ - { - "product_name": "Microfinance Management System", - "version": { - "version_data": [ - { - "version_value": "n\/a" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-89 SQL Injection" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability classified as critical has been found in Microfinance Management System. The manipulation of arguments like customer_type_number\/account_number\/account_status_number\/account_type_number with the input ' and (select * from(select(sleep(10)))Avx) and 'abc' = 'abc leads to sql injection in multiple files. It is possible to launch the attack remotely." - } - ] - }, - "impact": { - "cvss": { - "version": "3.1", - "baseScore": "7.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L" - } - }, - "references": { - "reference_data": [ - { - "url": "https:\/\/vuldb.com\/?id.195642" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1083", + "TITLE": "Microfinance Management System sql injection", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "Microfinance Management System", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical has been found in Microfinance Management System. The manipulation of arguments like customer_type_number/account_number/account_status_number/account_type_number with the input ' and (select * from(select(sleep(10)))Avx) and 'abc' = 'abc leads to sql injection in multiple files. It is possible to launch the attack remotely." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "7.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.195642", + "refsource": "MISC", + "name": "https://vuldb.com/?id.195642" + } + ] + } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1084.json b/2022/1xxx/CVE-2022-1084.json index 62ab1afa906..951c8a5b69d 100644 --- a/2022/1xxx/CVE-2022-1084.json +++ b/2022/1xxx/CVE-2022-1084.json @@ -1,70 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-1084", - "TITLE": "SourceCodester One Church Management System Session userregister.php improper authentication", - "REQUESTER": "cna@vuldb.com", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" - }, - "generator": "vuldb.com", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "SourceCodester", - "product": { - "product_data": [ - { - "product_name": "One Church Management System", - "version": { - "version_data": [ - { - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-287 Improper Authentication" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability classified as critical was found in SourceCodester One Church Management System 1.0. Affected by this vulnerability is an unknown functionality of the file \/one_church\/userregister.php. The manipulation leads to authentication bypass. The attack can be launched remotely." - } - ] - }, - "impact": { - "cvss": { - "version": "3.1", - "baseScore": "7.3", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L" - } - }, - "references": { - "reference_data": [ - { - "url": "https:\/\/vuldb.com\/?id.195643" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1084", + "TITLE": "SourceCodester One Church Management System Session userregister.php improper authentication", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "One Church Management System", + "version": { + "version_data": [ + { + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical was found in SourceCodester One Church Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /one_church/userregister.php. The manipulation leads to authentication bypass. The attack can be launched remotely." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "7.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.195643", + "refsource": "MISC", + "name": "https://vuldb.com/?id.195643" + } + ] + } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1085.json b/2022/1xxx/CVE-2022-1085.json index 60f6652f818..11a3aa301df 100644 --- a/2022/1xxx/CVE-2022-1085.json +++ b/2022/1xxx/CVE-2022-1085.json @@ -1,70 +1,72 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-1085", - "TITLE": "CLTPHP POST Parameter cross site scripting", - "REQUESTER": "cna@vuldb.com", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" - }, - "generator": "vuldb.com", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "", - "product": { - "product_data": [ - { - "product_name": "CLTPHP", - "version": { - "version_data": [ - { - "version_value": "6.0" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross Site Scripting" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability was found in CLTPHP up to 6.0. It has been declared as problematic. Affected by this vulnerability is the POST Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." - } - ] - }, - "impact": { - "cvss": { - "version": "3.1", - "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" - } - }, - "references": { - "reference_data": [ - { - "url": "https:\/\/vuldb.com\/?id.194857" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1085", + "TITLE": "CLTPHP POST Parameter cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "CLTPHP", + "version": { + "version_data": [ + { + "version_value": "6.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in CLTPHP up to 6.0. It has been declared as problematic. Affected by this vulnerability is the POST Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.194857", + "refsource": "MISC", + "name": "https://vuldb.com/?id.194857" + } + ] + } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1086.json b/2022/1xxx/CVE-2022-1086.json index 9ef44e968ef..b4bba032aa1 100644 --- a/2022/1xxx/CVE-2022-1086.json +++ b/2022/1xxx/CVE-2022-1086.json @@ -1,88 +1,92 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-1086", - "TITLE": "DolphinPHP User Management Page cross site scripting", - "REQUESTER": "cna@vuldb.com", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" - }, - "generator": "vuldb.com", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "", - "product": { - "product_data": [ - { - "product_name": "DolphinPHP", - "version": { - "version_data": [ - { - "version_value": "1.0" - }, - { - "version_value": "1.1" - }, - { - "version_value": "1.2" - }, - { - "version_value": "1.3" - }, - { - "version_value": "1.4" - }, - { - "version_value": "1.5" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross Site Scripting" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability was found in DolphinPHP up to 1.5.0 and classified as problematic. Affected by this issue is the User Management Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." - } - ] - }, - "impact": { - "cvss": { - "version": "3.1", - "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" - } - }, - "references": { - "reference_data": [ - { - "url": "https:\/\/github.com\/xiahao90\/CVEproject\/blob\/main\/DolphinPHPV1.5.0_xss.md" - }, - { - "url": "https:\/\/vuldb.com\/?id.195368" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1086", + "TITLE": "DolphinPHP User Management Page cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "DolphinPHP", + "version": { + "version_data": [ + { + "version_value": "1.0" + }, + { + "version_value": "1.1" + }, + { + "version_value": "1.2" + }, + { + "version_value": "1.3" + }, + { + "version_value": "1.4" + }, + { + "version_value": "1.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in DolphinPHP up to 1.5.0 and classified as problematic. Affected by this issue is the User Management Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xiahao90/CVEproject/blob/main/DolphinPHPV1.5.0_xss.md", + "refsource": "MISC", + "name": "https://github.com/xiahao90/CVEproject/blob/main/DolphinPHPV1.5.0_xss.md" + }, + { + "url": "https://vuldb.com/?id.195368", + "refsource": "MISC", + "name": "https://vuldb.com/?id.195368" + } + ] + } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1087.json b/2022/1xxx/CVE-2022-1087.json index 564a5698d98..dae708684dd 100644 --- a/2022/1xxx/CVE-2022-1087.json +++ b/2022/1xxx/CVE-2022-1087.json @@ -1,76 +1,82 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-1087", - "TITLE": "htmly Edit Profile Module cross site scripting", - "REQUESTER": "cna@vuldb.com", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" - }, - "generator": "vuldb.com", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "", - "product": { - "product_data": [ - { - "product_name": "htmly", - "version": { - "version_data": [ - { - "version_value": "5.3" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross Site Scripting" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The manipulation of the field Title with script tags leads to persistent cross site scripting. The attack may be initiated remotely and requires an authentication. A simple POC has been disclosed to the public and may be used." - } - ] - }, - "impact": { - "cvss": { - "version": "3.1", - "baseScore": "3.5", - "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" - } - }, - "references": { - "reference_data": [ - { - "url": "https:\/\/github.com\/liaojia-99\/project\/tree\/main\/htmly" - }, - { - "url": "https:\/\/github.com\/liaojia-99\/project\/blob\/main\/htmly\/1.md" - }, - { - "url": "https:\/\/vuldb.com\/?id.195203" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-1087", + "TITLE": "htmly Edit Profile Module cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "", + "product": { + "product_data": [ + { + "product_name": "htmly", + "version": { + "version_data": [ + { + "version_value": "5.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The manipulation of the field Title with script tags leads to persistent cross site scripting. The attack may be initiated remotely and requires an authentication. A simple POC has been disclosed to the public and may be used." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/liaojia-99/project/tree/main/htmly", + "refsource": "MISC", + "name": "https://github.com/liaojia-99/project/tree/main/htmly" + }, + { + "url": "https://github.com/liaojia-99/project/blob/main/htmly/1.md", + "refsource": "MISC", + "name": "https://github.com/liaojia-99/project/blob/main/htmly/1.md" + }, + { + "url": "https://vuldb.com/?id.195203", + "refsource": "MISC", + "name": "https://vuldb.com/?id.195203" + } + ] + } } \ No newline at end of file