From 9708f33b8c7b70dab46d2e432809287d9adbdffe Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 18 Jul 2023 15:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/36xxx/CVE-2020-36762.json | 214 ++++++++++++++++++++++++++++++++- 2022/47xxx/CVE-2022-47421.json | 130 +++++++++++++++++++- 2023/24xxx/CVE-2023-24390.json | 85 ++++++++++++- 2023/30xxx/CVE-2023-30906.json | 30 ++++- 2023/31xxx/CVE-2023-31441.json | 61 +++++++++- 2023/36xxx/CVE-2023-36120.json | 4 +- 2023/36xxx/CVE-2023-36383.json | 113 ++++++++++++++++- 2023/36xxx/CVE-2023-36384.json | 113 ++++++++++++++++- 2023/38xxx/CVE-2023-38484.json | 18 +++ 2023/38xxx/CVE-2023-38485.json | 18 +++ 2023/38xxx/CVE-2023-38486.json | 18 +++ 2023/3xxx/CVE-2023-3749.json | 18 +++ 12 files changed, 790 insertions(+), 32 deletions(-) create mode 100644 2023/38xxx/CVE-2023-38484.json create mode 100644 2023/38xxx/CVE-2023-38485.json create mode 100644 2023/38xxx/CVE-2023-38486.json create mode 100644 2023/3xxx/CVE-2023-3749.json diff --git a/2020/36xxx/CVE-2020-36762.json b/2020/36xxx/CVE-2020-36762.json index 92ad87f7ab3..dcfb95850d0 100644 --- a/2020/36xxx/CVE-2020-36762.json +++ b/2020/36xxx/CVE-2020-36762.json @@ -1,17 +1,223 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-36762", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in ONS Digital RAS Collection Instrument up to 2.0.27 and classified as critical. Affected by this issue is the function jobs of the file .github/workflows/comment.yml. The manipulation of the argument $COMMENT_BODY leads to os command injection. Upgrading to version 2.0.28 is able to address this issue. The name of the patch is dcaad2540f7d50c512ff2e031d3778dd9337db2b. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-234248." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in ONS Digital RAS Collection Instrument bis 2.0.27 gefunden. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion jobs der Datei .github/workflows/comment.yml. Durch die Manipulation des Arguments $COMMENT_BODY mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 2.0.28 vermag dieses Problem zu l\u00f6sen. Der Patch wird als dcaad2540f7d50c512ff2e031d3778dd9337db2b bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ONS Digital", + "product": { + "product_data": [ + { + "product_name": "RAS Collection Instrument", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.0" + }, + { + "version_affected": "=", + "version_value": "2.0.1" + }, + { + "version_affected": "=", + "version_value": "2.0.2" + }, + { + "version_affected": "=", + "version_value": "2.0.3" + }, + { + "version_affected": "=", + "version_value": "2.0.4" + }, + { + "version_affected": "=", + "version_value": "2.0.5" + }, + { + "version_affected": "=", + "version_value": "2.0.6" + }, + { + "version_affected": "=", + "version_value": "2.0.7" + }, + { + "version_affected": "=", + "version_value": "2.0.8" + }, + { + "version_affected": "=", + "version_value": "2.0.9" + }, + { + "version_affected": "=", + "version_value": "2.0.10" + }, + { + "version_affected": "=", + "version_value": "2.0.11" + }, + { + "version_affected": "=", + "version_value": "2.0.12" + }, + { + "version_affected": "=", + "version_value": "2.0.13" + }, + { + "version_affected": "=", + "version_value": "2.0.14" + }, + { + "version_affected": "=", + "version_value": "2.0.15" + }, + { + "version_affected": "=", + "version_value": "2.0.16" + }, + { + "version_affected": "=", + "version_value": "2.0.17" + }, + { + "version_affected": "=", + "version_value": "2.0.18" + }, + { + "version_affected": "=", + "version_value": "2.0.19" + }, + { + "version_affected": "=", + "version_value": "2.0.20" + }, + { + "version_affected": "=", + "version_value": "2.0.21" + }, + { + "version_affected": "=", + "version_value": "2.0.22" + }, + { + "version_affected": "=", + "version_value": "2.0.23" + }, + { + "version_affected": "=", + "version_value": "2.0.24" + }, + { + "version_affected": "=", + "version_value": "2.0.25" + }, + { + "version_affected": "=", + "version_value": "2.0.26" + }, + { + "version_affected": "=", + "version_value": "2.0.27" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.234248", + "refsource": "MISC", + "name": "https://vuldb.com/?id.234248" + }, + { + "url": "https://vuldb.com/?ctiid.234248", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.234248" + }, + { + "url": "https://github.com/ONSdigital/ras-collection-instrument/pull/199", + "refsource": "MISC", + "name": "https://github.com/ONSdigital/ras-collection-instrument/pull/199" + }, + { + "url": "https://github.com/ONSdigital/ras-collection-instrument/commit/dcaad2540f7d50c512ff2e031d3778dd9337db2b", + "refsource": "MISC", + "name": "https://github.com/ONSdigital/ras-collection-instrument/commit/dcaad2540f7d50c512ff2e031d3778dd9337db2b" + }, + { + "url": "https://github.com/ONSdigital/ras-collection-instrument/releases/tag/2.0.28", + "refsource": "MISC", + "name": "https://github.com/ONSdigital/ras-collection-instrument/releases/tag/2.0.28" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" } ] } diff --git a/2022/47xxx/CVE-2022-47421.json b/2022/47xxx/CVE-2022-47421.json index c345bc5bb0d..01008115cda 100644 --- a/2022/47xxx/CVE-2022-47421.json +++ b/2022/47xxx/CVE-2022-47421.json @@ -1,17 +1,139 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-47421", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember (free), Repute InfoSystems ARMember (premium) plugins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Repute InfoSystems", + "product": { + "product_data": [ + { + "product_name": "ARMember (free)", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "4.0.5", + "status": "unaffected" + } + ], + "lessThanOrEqual": "4.0.4", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + }, + { + "product_name": "ARMember (premium)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "5.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-4-stored-cross-site-scripting-xss-on-common-messages-settings?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-4-stored-cross-site-scripting-xss-on-common-messages-settings?_s_id=cve" + }, + { + "url": "https://patchstack.com/database/vulnerability/armember/wordpress-armember-premium-wordpress-membership-plugin-plugin-5-8-stored-cross-site-scripting-xss?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/armember/wordpress-armember-premium-wordpress-membership-plugin-plugin-5-8-stored-cross-site-scripting-xss?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the ARMember (free) to 4.0.5 or a higher version." + } + ], + "value": "Update the\u00a0ARMember (free)\u00a0to\u00a04.0.5 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Cat (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/24xxx/CVE-2023-24390.json b/2023/24xxx/CVE-2023-24390.json index 6f659d5abdd..9669cf2551d 100644 --- a/2023/24xxx/CVE-2023-24390.json +++ b/2023/24xxx/CVE-2023-24390.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-24390", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WeSecur Security plugin <=\u00a01.2.1 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WeSecur", + "product": { + "product_data": [ + { + "product_name": "WeSecur Security", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wesecur-security/wordpress-wesecur-security-plugin-1-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wesecur-security/wordpress-wesecur-security-plugin-1-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Prasanna V Balaji (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/30xxx/CVE-2023-30906.json b/2023/30xxx/CVE-2023-30906.json index 10db97dbbcd..afa9977ec48 100644 --- a/2023/30xxx/CVE-2023-30906.json +++ b/2023/30xxx/CVE-2023-30906.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The vulnerability could be locally exploited to allow escalation of privilege." + "value": "The vulnerability could be locally exploited to allow escalation of privilege.\n\n" } ] }, @@ -43,10 +43,11 @@ "x_cve_json_5_version_data": { "versions": [ { - "version": "v2.87 or later", - "status": "unaffected" + "status": "unaffected", + "version": "v2.87 or later" } - ] + ], + "defaultStatus": "unaffected" } } ] @@ -69,5 +70,26 @@ }, "generator": { "engine": "cveClient/1.0.13" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" + } + ] } } \ No newline at end of file diff --git a/2023/31xxx/CVE-2023-31441.json b/2023/31xxx/CVE-2023-31441.json index c48b3b2ee24..307a17ace60 100644 --- a/2023/31xxx/CVE-2023-31441.json +++ b/2023/31xxx/CVE-2023-31441.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-31441", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-31441", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modified during loop execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/NCI-Agency/anet/blob/0662b99dfdec1ce07439eb7bed02d90320acc721/src/main/java/mil/dds/anet/utils/Utils.java", + "refsource": "MISC", + "name": "https://github.com/NCI-Agency/anet/blob/0662b99dfdec1ce07439eb7bed02d90320acc721/src/main/java/mil/dds/anet/utils/Utils.java" + }, + { + "refsource": "MISC", + "name": "https://github.com/NCI-Agency/anet/issues/4408", + "url": "https://github.com/NCI-Agency/anet/issues/4408" } ] } diff --git a/2023/36xxx/CVE-2023-36120.json b/2023/36xxx/CVE-2023-36120.json index 9e7de110cf9..5c516422a14 100644 --- a/2023/36xxx/CVE-2023-36120.json +++ b/2023/36xxx/CVE-2023-36120.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2023-36120", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2023/36xxx/CVE-2023-36383.json b/2023/36xxx/CVE-2023-36383.json index de0670cdbd3..bde676d8202 100644 --- a/2023/36xxx/CVE-2023-36383.json +++ b/2023/36xxx/CVE-2023-36383.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36383", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <=\u00a03.9.5 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MagePeople Team", + "product": { + "product_data": [ + { + "product_name": "Event Manager and Tickets Selling Plugin for WooCommerce", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.9.6", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.9.5", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/mage-eventpress/wordpress-event-manager-and-tickets-selling-plugin-for-woocommerce-plugin-3-9-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/mage-eventpress/wordpress-event-manager-and-tickets-selling-plugin-for-woocommerce-plugin-3-9-5-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.9.6 or a higher version." + } + ], + "value": "Update to\u00a03.9.6 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "emad (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/36xxx/CVE-2023-36384.json b/2023/36xxx/CVE-2023-36384.json index ff4562f3fe4..d9fbcbf2c1a 100644 --- a/2023/36xxx/CVE-2023-36384.json +++ b/2023/36xxx/CVE-2023-36384.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-36384", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodePeople Booking Calendar Contact Form plugin <=\u00a01.2.40 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CodePeople", + "product": { + "product_data": [ + { + "product_name": "Booking Calendar Contact Form", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.2.41", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.2.40", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/booking-calendar-contact-form/wordpress-booking-calendar-contact-form-plugin-1-2-40-cross-site-scripting-xss?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/booking-calendar-contact-form/wordpress-booking-calendar-contact-form-plugin-1-2-40-cross-site-scripting-xss?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.2.41 or a higher version." + } + ], + "value": "Update to\u00a01.2.41 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "BOT (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/38xxx/CVE-2023-38484.json b/2023/38xxx/CVE-2023-38484.json new file mode 100644 index 00000000000..db0933b46c8 --- /dev/null +++ b/2023/38xxx/CVE-2023-38484.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-38484", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/38xxx/CVE-2023-38485.json b/2023/38xxx/CVE-2023-38485.json new file mode 100644 index 00000000000..65ea3056e72 --- /dev/null +++ b/2023/38xxx/CVE-2023-38485.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-38485", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/38xxx/CVE-2023-38486.json b/2023/38xxx/CVE-2023-38486.json new file mode 100644 index 00000000000..aade841c61e --- /dev/null +++ b/2023/38xxx/CVE-2023-38486.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-38486", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3749.json b/2023/3xxx/CVE-2023-3749.json new file mode 100644 index 00000000000..317b54b4186 --- /dev/null +++ b/2023/3xxx/CVE-2023-3749.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-3749", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file