From 9ad59dbba2e229f14f5d8a8fa70f7c083f2ea2f2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 30 Nov 2023 17:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/37xxx/CVE-2022-37424.json | 6 +- 2022/37xxx/CVE-2022-37425.json | 6 +- 2022/37xxx/CVE-2022-37426.json | 6 +- 2023/2xxx/CVE-2023-2264.json | 140 ++++++++++++++++++++++++++++++- 2023/2xxx/CVE-2023-2265.json | 140 ++++++++++++++++++++++++++++++- 2023/2xxx/CVE-2023-2266.json | 140 ++++++++++++++++++++++++++++++- 2023/2xxx/CVE-2023-2267.json | 140 ++++++++++++++++++++++++++++++- 2023/31xxx/CVE-2023-31176.json | 145 ++++++++++++++++++++++++++++++++- 2023/31xxx/CVE-2023-31177.json | 145 ++++++++++++++++++++++++++++++++- 2023/34xxx/CVE-2023-34388.json | 145 ++++++++++++++++++++++++++++++++- 2023/34xxx/CVE-2023-34389.json | 145 ++++++++++++++++++++++++++++++++- 2023/34xxx/CVE-2023-34390.json | 145 ++++++++++++++++++++++++++++++++- 2023/38xxx/CVE-2023-38400.json | 113 ++++++++++++++++++++++++- 2023/47xxx/CVE-2023-47521.json | 85 ++++++++++++++++++- 2023/47xxx/CVE-2023-47844.json | 85 ++++++++++++++++++- 2023/47xxx/CVE-2023-47848.json | 113 ++++++++++++++++++++++++- 2023/47xxx/CVE-2023-47853.json | 85 ++++++++++++++++++- 2023/47xxx/CVE-2023-47872.json | 113 ++++++++++++++++++++++++- 2023/47xxx/CVE-2023-47875.json | 113 ++++++++++++++++++++++++- 2023/47xxx/CVE-2023-47876.json | 113 ++++++++++++++++++++++++- 2023/47xxx/CVE-2023-47877.json | 113 ++++++++++++++++++++++++- 2023/48xxx/CVE-2023-48272.json | 113 ++++++++++++++++++++++++- 2023/48xxx/CVE-2023-48278.json | 85 ++++++++++++++++++- 2023/48xxx/CVE-2023-48317.json | 85 ++++++++++++++++++- 2023/48xxx/CVE-2023-48320.json | 85 ++++++++++++++++++- 2023/48xxx/CVE-2023-48321.json | 113 ++++++++++++++++++++++++- 2023/48xxx/CVE-2023-48328.json | 113 ++++++++++++++++++++++++- 2023/48xxx/CVE-2023-48746.json | 113 ++++++++++++++++++++++++- 2023/48xxx/CVE-2023-48748.json | 113 ++++++++++++++++++++++++- 2023/48xxx/CVE-2023-48749.json | 113 ++++++++++++++++++++++++- 2023/48xxx/CVE-2023-48752.json | 85 ++++++++++++++++++- 2023/48xxx/CVE-2023-48754.json | 85 ++++++++++++++++++- 2023/6xxx/CVE-2023-6204.json | 5 ++ 2023/6xxx/CVE-2023-6205.json | 5 ++ 2023/6xxx/CVE-2023-6206.json | 5 ++ 2023/6xxx/CVE-2023-6207.json | 5 ++ 2023/6xxx/CVE-2023-6208.json | 5 ++ 2023/6xxx/CVE-2023-6209.json | 5 ++ 2023/6xxx/CVE-2023-6212.json | 5 ++ 2023/6xxx/CVE-2023-6445.json | 18 ++++ 40 files changed, 3267 insertions(+), 125 deletions(-) create mode 100644 2023/6xxx/CVE-2023-6445.json diff --git a/2022/37xxx/CVE-2022-37424.json b/2022/37xxx/CVE-2022-37424.json index fd3a6d2f410..70368722405 100644 --- a/2022/37xxx/CVE-2022-37424.json +++ b/2022/37xxx/CVE-2022-37424.json @@ -4,7 +4,7 @@ "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-37424", - "ASSIGNER": "secure@blackberry.com", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, "description": { @@ -40,8 +40,8 @@ "version": { "version_data": [ { - "version_value": "6.2", - "version_affected": "=" + "version_affected": "=", + "version_value": "6.2" } ] } diff --git a/2022/37xxx/CVE-2022-37425.json b/2022/37xxx/CVE-2022-37425.json index 355b07b94cd..c744cb2d5ff 100644 --- a/2022/37xxx/CVE-2022-37425.json +++ b/2022/37xxx/CVE-2022-37425.json @@ -4,7 +4,7 @@ "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-37425", - "ASSIGNER": "secure@blackberry.com", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, "description": { @@ -40,8 +40,8 @@ "version": { "version_data": [ { - "version_value": "6.2", - "version_affected": "=" + "version_affected": "=", + "version_value": "6.2" } ] } diff --git a/2022/37xxx/CVE-2022-37426.json b/2022/37xxx/CVE-2022-37426.json index 17111f4f3e4..43539326fe3 100644 --- a/2022/37xxx/CVE-2022-37426.json +++ b/2022/37xxx/CVE-2022-37426.json @@ -4,7 +4,7 @@ "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-37426", - "ASSIGNER": "secure@blackberry.com", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, "description": { @@ -40,8 +40,8 @@ "version": { "version_data": [ { - "version_value": "6.2", - "version_affected": "=" + "version_affected": "=", + "version_value": "6.2" } ] } diff --git a/2023/2xxx/CVE-2023-2264.json b/2023/2xxx/CVE-2023-2264.json index 00ec297485e..05252a3d7a4 100644 --- a/2023/2xxx/CVE-2023-2264.json +++ b/2023/2xxx/CVE-2023-2264.json @@ -1,17 +1,149 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2264", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-411L", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R118-V0", + "version_value": "R118-V4" + }, + { + "version_affected": "<", + "version_name": "R119-V0", + "version_value": "R119-V5" + }, + { + "version_affected": "<", + "version_name": "R120-V0", + "version_value": "R120-V6" + }, + { + "version_affected": "<", + "version_name": "R121-V0", + "version_value": "R121-V3" + }, + { + "version_affected": "<", + "version_name": "R122-V0", + "version_value": "R122-V3" + }, + { + "version_affected": "<", + "version_name": "R123-V0", + "version_value": "R123-V3" + }, + { + "version_affected": "<", + "version_name": "R124-V0", + "version_value": "R124-V3" + }, + { + "version_affected": "<", + "version_name": "R125-V0", + "version_value": "R125-V3" + }, + { + "version_affected": "<", + "version_name": "R126-V0", + "version_value": "R126-V4" + }, + { + "version_affected": "<", + "version_name": "R127-V0", + "version_value": "R127-V2" + }, + { + "version_affected": "<", + "version_name": "R128-V0", + "version_value": "R128-V1" + }, + { + "version_affected": "<", + "version_name": "R129-V0", + "version_value": "R129-V1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Sushant Mane, Parul Sindhwad, Imran Jamadar & Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/2xxx/CVE-2023-2265.json b/2023/2xxx/CVE-2023-2265.json index 72d9d64c33e..d97bdf0c2f6 100644 --- a/2023/2xxx/CVE-2023-2265.json +++ b/2023/2xxx/CVE-2023-2265.json @@ -1,17 +1,149 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2265", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An\u00a0Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames", + "cweId": "CWE-1021" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-411L", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R118-V0", + "version_value": "R118-V4" + }, + { + "version_affected": "<", + "version_name": "R119-V0", + "version_value": "R119-V5" + }, + { + "version_affected": "<", + "version_name": "R120-V0", + "version_value": "R120-V6" + }, + { + "version_affected": "<", + "version_name": "R121-V0", + "version_value": "R121-V3" + }, + { + "version_affected": "<", + "version_name": "R122-V0", + "version_value": "R122-V3" + }, + { + "version_affected": "<", + "version_name": "R123-V0", + "version_value": "R123-V3" + }, + { + "version_affected": "<", + "version_name": "R124-V0", + "version_value": "R124-V3" + }, + { + "version_affected": "<", + "version_name": "R125-V0", + "version_value": "R125-V3" + }, + { + "version_affected": "<", + "version_name": "R126-V0", + "version_value": "R126-V4" + }, + { + "version_affected": "<", + "version_name": "R127-V0", + "version_value": "R127-V2" + }, + { + "version_affected": "<", + "version_name": "R128-V0", + "version_value": "R128-V1" + }, + { + "version_affected": "<", + "version_name": "R129-V0", + "version_value": "R129-V1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Sushant Mane, Parul Sindhwad, Imran Jamadar & Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/2xxx/CVE-2023-2266.json b/2023/2xxx/CVE-2023-2266.json index 45832c5f641..aaab9b79ef4 100644 --- a/2023/2xxx/CVE-2023-2266.json +++ b/2023/2xxx/CVE-2023-2266.json @@ -1,17 +1,149 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2266", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An\u00a0Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L\u00a0could allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-411L", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R118-V0", + "version_value": "R118-V4" + }, + { + "version_affected": "<", + "version_name": "R119-V0", + "version_value": "R119-V5" + }, + { + "version_affected": "<", + "version_name": "R120-V0", + "version_value": "R120-V6" + }, + { + "version_affected": "<", + "version_name": "R121-V0", + "version_value": "R121-V3" + }, + { + "version_affected": "<", + "version_name": "R122-V0", + "version_value": "R122-V3" + }, + { + "version_affected": "<", + "version_name": "R123-V0", + "version_value": "R123-V3" + }, + { + "version_affected": "<", + "version_name": "R124-V0", + "version_value": "R124-V3" + }, + { + "version_affected": "<", + "version_name": "R125-V0", + "version_value": "R125-V3" + }, + { + "version_affected": "<", + "version_name": "R126-V0", + "version_value": "R126-V4" + }, + { + "version_affected": "<", + "version_name": "R127-V0", + "version_value": "R127-V2" + }, + { + "version_affected": "<", + "version_name": "R128-V0", + "version_value": "R128-V1" + }, + { + "version_affected": "<", + "version_name": "R129-V0", + "version_value": "R129-V1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Sushant Mane, Parul Sindhwad, Imran Jamadar & Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/2xxx/CVE-2023-2267.json b/2023/2xxx/CVE-2023-2267.json index 42fa4f1b0c4..dc10084d465 100644 --- a/2023/2xxx/CVE-2023-2267.json +++ b/2023/2xxx/CVE-2023-2267.json @@ -1,17 +1,149 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2267", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-411L", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R118-V0", + "version_value": "R118-V4" + }, + { + "version_affected": "<", + "version_name": "R119-V0", + "version_value": "R119-V5" + }, + { + "version_affected": "<", + "version_name": "R120-V0", + "version_value": "R120-V6" + }, + { + "version_affected": "<", + "version_name": "R121-V0", + "version_value": "R121-V3" + }, + { + "version_affected": "<", + "version_name": "R122-V0", + "version_value": "R122-V3" + }, + { + "version_affected": "<", + "version_name": "R123-V0", + "version_value": "R123-V3" + }, + { + "version_affected": "<", + "version_name": "R124-V0", + "version_value": "R124-V3" + }, + { + "version_affected": "<", + "version_name": "R125-V0", + "version_value": "R125-V3" + }, + { + "version_affected": "<", + "version_name": "R126-V0", + "version_value": "R126-V4" + }, + { + "version_affected": "<", + "version_name": "R127-V0", + "version_value": "R127-V2" + }, + { + "version_affected": "<", + "version_name": "R128-V0", + "version_value": "R128-V1" + }, + { + "version_affected": "<", + "version_name": "R129-V0", + "version_value": "R129-V1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Sushant Mane, Parul Sindhwad, Imran Jamadar & Dr. Faruk Kazi from CoE-CNDS Lab, VJTI, Mumbai, India." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/31xxx/CVE-2023-31176.json b/2023/31xxx/CVE-2023-31176.json index 3c68e96c677..01d2351d433 100644 --- a/2023/31xxx/CVE-2023-31176.json +++ b/2023/31xxx/CVE-2023-31176.json @@ -1,17 +1,154 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31176", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication.\u00a0\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-331 Insufficient Entropy", + "cweId": "CWE-331" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-451", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R315-V0", + "version_value": "R315-V4" + }, + { + "version_affected": "<", + "version_name": "R316-V0", + "version_value": "R316-V4" + }, + { + "version_affected": "<", + "version_name": "R317-V0", + "version_value": "R317-V4" + }, + { + "version_affected": "<", + "version_name": "R318-V0", + "version_value": "R318-V5" + }, + { + "version_affected": "<", + "version_name": "R320-V0", + "version_value": "R320-V3" + }, + { + "version_affected": "<", + "version_name": "R321-V0", + "version_value": "R321-V3" + }, + { + "version_affected": "<", + "version_name": "R322-V0", + "version_value": "R322-V3" + }, + { + "version_affected": "<", + "version_name": "R323-V0", + "version_value": "R323-V5" + }, + { + "version_affected": "<", + "version_name": "R324-V0", + "version_value": "R324-V4" + }, + { + "version_affected": "<", + "version_name": "R325-V0", + "version_value": "R325-V3" + }, + { + "version_affected": "<", + "version_name": "R326-V0", + "version_value": "R326-V1" + }, + { + "version_affected": "<", + "version_name": "R327-V0", + "version_value": "R327-V1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/blog/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/31xxx/CVE-2023-31177.json b/2023/31xxx/CVE-2023-31177.json index d8bc562d5ef..04fdc083774 100644 --- a/2023/31xxx/CVE-2023-31177.json +++ b/2023/31xxx/CVE-2023-31177.json @@ -1,17 +1,154 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31177", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Improper Neutralization of Input During Web Page Generation\u00a0 ('Cross-site Scripting') in the Schweitzer Engineering Laboratories SEL-451 could allow an attacker to craft a link that could execute arbitrary code on a victim's system.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-451", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R315-V0", + "version_value": "R315-V4" + }, + { + "version_affected": "<", + "version_name": "R316-V0", + "version_value": "R316-V4" + }, + { + "version_affected": "<", + "version_name": "R317-V0", + "version_value": "R317-V4" + }, + { + "version_affected": "<", + "version_name": "R318-V0", + "version_value": "R318-V5" + }, + { + "version_affected": "<", + "version_name": "R320-V0", + "version_value": "R320-V3" + }, + { + "version_affected": "<", + "version_name": "R321-V0", + "version_value": "R321-V3" + }, + { + "version_affected": "<", + "version_name": "R322-V0", + "version_value": "R322-V3" + }, + { + "version_affected": "<", + "version_name": "R323-V0", + "version_value": "R323-V5" + }, + { + "version_affected": "<", + "version_name": "R324-V0", + "version_value": "R324-V4" + }, + { + "version_affected": "<", + "version_name": "R325-V0", + "version_value": "R325-V3" + }, + { + "version_affected": "<", + "version_name": "R326-V0", + "version_value": "R326-V1" + }, + { + "version_affected": "<", + "version_name": "R327-V0", + "version_value": "R327-V1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/blog/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/34xxx/CVE-2023-34388.json b/2023/34xxx/CVE-2023-34388.json index f5d06f46c0c..d4b44f9bfcc 100644 --- a/2023/34xxx/CVE-2023-34388.json +++ b/2023/34xxx/CVE-2023-34388.json @@ -1,17 +1,154 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34388", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An\u00a0Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-451", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R315-V0", + "version_value": "R315-V4" + }, + { + "version_affected": "<", + "version_name": "R316-V0", + "version_value": "R316-V4" + }, + { + "version_affected": "<", + "version_name": "R317-V0", + "version_value": "R317-V4" + }, + { + "version_affected": "<", + "version_name": "R318-V0", + "version_value": "R318-V5" + }, + { + "version_affected": "<", + "version_name": "R320-V0", + "version_value": "R320-V3" + }, + { + "version_affected": "<", + "version_name": "R321-V0", + "version_value": "R321-V3" + }, + { + "version_affected": "<", + "version_name": "R322-V0", + "version_value": "R322-V3" + }, + { + "version_affected": "<", + "version_name": "R323-V0", + "version_value": "R323-V5" + }, + { + "version_affected": "<", + "version_name": "R324-V0", + "version_value": "R324-V4" + }, + { + "version_affected": "<", + "version_name": "R325-V0", + "version_value": "R325-V3" + }, + { + "version_affected": "<", + "version_name": "R326-V0", + "version_value": "R326-V1" + }, + { + "version_affected": "<", + "version_name": "R327-V0", + "version_value": "R327-V1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/blog/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/34xxx/CVE-2023-34389.json b/2023/34xxx/CVE-2023-34389.json index 8101ddab231..910fe546700 100644 --- a/2023/34xxx/CVE-2023-34389.json +++ b/2023/34xxx/CVE-2023-34389.json @@ -1,17 +1,154 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34389", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for an indefinite amount of time.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770 Allocation of Resources Without Limits or Throttling", + "cweId": "CWE-770" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-451", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R315-V0", + "version_value": "R315-V4" + }, + { + "version_affected": "<", + "version_name": "R316-V0", + "version_value": "R316-V4" + }, + { + "version_affected": "<", + "version_name": "R317-V0", + "version_value": "R317-V4" + }, + { + "version_affected": "<", + "version_name": "R318-V0", + "version_value": "R318-V5" + }, + { + "version_affected": "<", + "version_name": "R320-V0", + "version_value": "R320-V3" + }, + { + "version_affected": "<", + "version_name": "R321-V0", + "version_value": "R321-V3" + }, + { + "version_affected": "<", + "version_name": "R322-V0", + "version_value": "R322-V3" + }, + { + "version_affected": "<", + "version_name": "R323-V0", + "version_value": "R323-V5" + }, + { + "version_affected": "<", + "version_name": "R324-V0", + "version_value": "R324-V4" + }, + { + "version_affected": "<", + "version_name": "R325-V0", + "version_value": "R325-V3" + }, + { + "version_affected": "<", + "version_name": "R326-V0", + "version_value": "R326-V1" + }, + { + "version_affected": "<", + "version_name": "R327-V0", + "version_value": "R327-V1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/blog/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 4.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/34xxx/CVE-2023-34390.json b/2023/34xxx/CVE-2023-34390.json index 2dcf231c985..9c0ed3c877b 100644 --- a/2023/34xxx/CVE-2023-34390.json +++ b/2023/34xxx/CVE-2023-34390.json @@ -1,17 +1,154 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34390", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to create a denial of service against the system and locking out services.\n\n\n\nSee product Instruction Manual Appendix A dated 20230830 for more details.\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-451", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R315-V0", + "version_value": "R315-V4" + }, + { + "version_affected": "<", + "version_name": "R316-V0", + "version_value": "R316-V4" + }, + { + "version_affected": "<", + "version_name": "R317-V0", + "version_value": "R317-V4" + }, + { + "version_affected": "<", + "version_name": "R318-V0", + "version_value": "R318-V5" + }, + { + "version_affected": "<", + "version_name": "R320-V0", + "version_value": "R320-V3" + }, + { + "version_affected": "<", + "version_name": "R321-V0", + "version_value": "R321-V3" + }, + { + "version_affected": "<", + "version_name": "R322-V0", + "version_value": "R322-V3" + }, + { + "version_affected": "<", + "version_name": "R323-V0", + "version_value": "R323-V5" + }, + { + "version_affected": "<", + "version_name": "R324-V0", + "version_value": "R324-V4" + }, + { + "version_affected": "<", + "version_name": "R325-V0", + "version_value": "R325-V3" + }, + { + "version_affected": "<", + "version_name": "R326-V0", + "version_value": "R326-V1" + }, + { + "version_affected": "<", + "version_name": "R327-V0", + "version_value": "R327-V1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/blog/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca and Gabriele Quagliarella of Nozomi Networks" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 4.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/38xxx/CVE-2023-38400.json b/2023/38xxx/CVE-2023-38400.json index e92899d417b..d3d2d5f9095 100644 --- a/2023/38xxx/CVE-2023-38400.json +++ b/2023/38xxx/CVE-2023-38400.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-38400", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold - Responsive Multi-Purpose Theme allows Reflected XSS.This issue affects Enfold - Responsive Multi-Purpose Theme: from n/a through 5.6.4.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kriesi", + "product": { + "product_data": [ + { + "product_name": "Enfold - Responsive Multi-Purpose Theme", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "5.6.5", + "status": "unaffected" + } + ], + "lessThanOrEqual": "5.6.4", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/enfold/wordpress-enfold-theme-5-6-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/enfold/wordpress-enfold-theme-5-6-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 5.6.5 or a higher version." + } + ], + "value": "Update to\u00a05.6.5 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47521.json b/2023/47xxx/CVE-2023-47521.json index cf92aa516f1..7a1be0d567f 100644 --- a/2023/47xxx/CVE-2023-47521.json +++ b/2023/47xxx/CVE-2023-47521.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47521", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond, AndreSC Q2W3 Post Order allows Reflected XSS.This issue affects Q2W3 Post Order: from n/a through 1.2.8.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Max Bond, AndreSC", + "product": { + "product_data": [ + { + "product_name": "Q2W3 Post Order", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.2.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/q2w3-post-order/wordpress-q2w3-post-order-plugin-1-2-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/q2w3-post-order/wordpress-q2w3-post-order-plugin-1-2-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Le Ngoc Anh (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47844.json b/2023/47xxx/CVE-2023-47844.json index 22932d9186c..72f79d6ff49 100644 --- a/2023/47xxx/CVE-2023-47844.json +++ b/2023/47xxx/CVE-2023-47844.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47844", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lim Kai Yang Grab & Save allows Reflected XSS.This issue affects Grab & Save: from n/a through 1.0.4.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Lim Kai Yang", + "product": { + "product_data": [ + { + "product_name": "Grab & Save", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/save-grab/wordpress-grab-save-plugin-1-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/save-grab/wordpress-grab-save-plugin-1-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Dimas Maulana (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47848.json b/2023/47xxx/CVE-2023-47848.json index f4092e79b28..9a6435e1025 100644 --- a/2023/47xxx/CVE-2023-47848.json +++ b/2023/47xxx/CVE-2023-47848.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47848", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tainacan.Org Tainacan allows Reflected XSS.This issue affects Tainacan: from n/a through 0.20.4.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tainacan.org", + "product": { + "product_data": [ + { + "product_name": "Tainacan", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "0.20.5", + "status": "unaffected" + } + ], + "lessThanOrEqual": "0.20.4", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/tainacan/wordpress-tainacan-plugin-0-20-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/tainacan/wordpress-tainacan-plugin-0-20-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 0.20.5 or a higher version." + } + ], + "value": "Update to\u00a00.20.5 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Dimas Maulana (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47853.json b/2023/47xxx/CVE-2023-47853.json index c1e17b06a76..a35a3f913f9 100644 --- a/2023/47xxx/CVE-2023-47853.json +++ b/2023/47xxx/CVE-2023-47853.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47853", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred myCred \u2013 Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin allows Stored XSS.This issue affects myCred \u2013 Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin: from n/a through 2.6.1.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "myCred", + "product": { + "product_data": [ + { + "product_name": "myCred \u2013 Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "2.6.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/mycred/wordpress-mycred-plugin-2-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/mycred/wordpress-mycred-plugin-2-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Abu Hurayra (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47872.json b/2023/47xxx/CVE-2023-47872.json index e9c48a37c47..222cbcc22a8 100644 --- a/2023/47xxx/CVE-2023-47872.json +++ b/2023/47xxx/CVE-2023-47872.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47872", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team wpForo Forum allows Stored XSS.This issue affects wpForo Forum: from n/a through 2.2.3.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "gVectors Team", + "product": { + "product_data": [ + { + "product_name": "wpForo Forum", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.2.4", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.2.3", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-plugin-2-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-plugin-2-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.2.4 or a higher version." + } + ], + "value": "Update to\u00a02.2.4 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Jesse McNeil (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47875.json b/2023/47xxx/CVE-2023-47875.json index dc49c904f95..9fc2009e133 100644 --- a/2023/47xxx/CVE-2023-47875.json +++ b/2023/47xxx/CVE-2023-47875.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47875", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Perfmatters allows Cross Site Request Forgery.This issue affects Perfmatters: from n/a through 2.1.6.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Perfmatters", + "product": { + "product_data": [ + { + "product_name": "Perfmatters", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.1.7", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.1.6", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/perfmatters/wordpress-perfmatters-plugin-2-1-6-multiple-cross-site-request-forgery-csrf-vulnerabilities?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/perfmatters/wordpress-perfmatters-plugin-2-1-6-multiple-cross-site-request-forgery-csrf-vulnerabilities?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.1.7 or a higher version." + } + ], + "value": "Update to\u00a02.1.7 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Dave Jong (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47876.json b/2023/47xxx/CVE-2023-47876.json index aa7a405c1d6..840f21a7e24 100644 --- a/2023/47xxx/CVE-2023-47876.json +++ b/2023/47xxx/CVE-2023-47876.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47876", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Perfmatters allows Reflected XSS.This issue affects Perfmatters: from n/a through 2.1.6.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Perfmatters", + "product": { + "product_data": [ + { + "product_name": "Perfmatters", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.1.7", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.1.6", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/perfmatters/wordpress-perfmatters-plugin-2-1-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/perfmatters/wordpress-perfmatters-plugin-2-1-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.1.7 or a higher version." + } + ], + "value": "Update to\u00a02.1.7 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Dave Jong (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/47xxx/CVE-2023-47877.json b/2023/47xxx/CVE-2023-47877.json index 1a462144118..c3a68a2ac5e 100644 --- a/2023/47xxx/CVE-2023-47877.json +++ b/2023/47xxx/CVE-2023-47877.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47877", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Perfmatters allows Stored XSS.This issue affects Perfmatters: from n/a before 2.2.0.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Perfmatters", + "product": { + "product_data": [ + { + "product_name": "Perfmatters", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.2.0", + "status": "unaffected" + } + ], + "lessThan": "2.2.0", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/perfmatters/wordpress-perfmatters-plugin-2-1-6-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/perfmatters/wordpress-perfmatters-plugin-2-1-6-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.2.0 or a higher version." + } + ], + "value": "Update to\u00a02.2.0 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Dave Jong (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48272.json b/2023/48xxx/CVE-2023-48272.json index b09935d9ce8..f8e50b476dd 100644 --- a/2023/48xxx/CVE-2023-48272.json +++ b/2023/48xxx/CVE-2023-48272.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48272", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Maspik \u2013 Spam Blacklist allows Stored XSS.This issue affects Maspik \u2013 Spam Blacklist: from n/a through 0.9.2.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "yonifre", + "product": { + "product_data": [ + { + "product_name": "Maspik \u2013 Spam Blacklist", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "0.9.3", + "status": "unaffected" + } + ], + "lessThanOrEqual": "0.9.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/contact-forms-anti-spam/wordpress-maspik-spam-blacklist-plugin-0-9-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/contact-forms-anti-spam/wordpress-maspik-spam-blacklist-plugin-0-9-2-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 0.9.3 or a higher version." + } + ], + "value": "Update to\u00a00.9.3 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Mika (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48278.json b/2023/48xxx/CVE-2023-48278.json index b3a63e6202a..98a6c067dee 100644 --- a/2023/48xxx/CVE-2023-48278.json +++ b/2023/48xxx/CVE-2023-48278.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48278", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Stored XSS.This issue affects WP Forms Puzzle Captcha: from n/a through 4.1.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Nitin Rathod", + "product": { + "product_data": [ + { + "product_name": "WP Forms Puzzle Captcha", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-forms-puzzle-captcha/wordpress-wp-forms-puzzle-captcha-plugin-4-1-csrf-to-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wp-forms-puzzle-captcha/wordpress-wp-forms-puzzle-captcha-plugin-4-1-csrf-to-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "qilin_99 (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48317.json b/2023/48xxx/CVE-2023-48317.json index 4d17cad2faa..63db849aba4 100644 --- a/2023/48xxx/CVE-2023-48317.json +++ b/2023/48xxx/CVE-2023-48317.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48317", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Vatsa Display Custom Post allows Stored XSS.This issue affects Display Custom Post: from n/a through 2.2.1.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Vikas Vatsa", + "product": { + "product_data": [ + { + "product_name": "Display Custom Post", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "2.2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/display-custom-post/wordpress-display-custom-post-plugin-2-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/display-custom-post/wordpress-display-custom-post-plugin-2-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Tien from VNPT-VCI (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48320.json b/2023/48xxx/CVE-2023-48320.json index a610d70783f..31808a2aa1a 100644 --- a/2023/48xxx/CVE-2023-48320.json +++ b/2023/48xxx/CVE-2023-48320.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48320", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebDorado SpiderVPlayer allows Stored XSS.This issue affects SpiderVPlayer: from n/a through 1.5.22.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WebDorado", + "product": { + "product_data": [ + { + "product_name": "SpiderVPlayer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.5.22" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/player/wordpress-spidervplayer-plugin-1-5-22-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/player/wordpress-spidervplayer-plugin-1-5-22-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "SeungYongLee (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48321.json b/2023/48xxx/CVE-2023-48321.json index d36787ebbe3..22c03dc04f1 100644 --- a/2023/48xxx/CVE-2023-48321.json +++ b/2023/48xxx/CVE-2023-48321.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48321", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP \u2013 Accelerated Mobile Pages allows Stored XSS.This issue affects AMP for WP \u2013 Accelerated Mobile Pages: from n/a through 1.0.88.1.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ahmed Kaludi, Mohammed Kaludi", + "product": { + "product_data": [ + { + "product_name": "AMP for WP \u2013 Accelerated Mobile Pages", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.0.89", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.0.88.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/accelerated-mobile-pages/wordpress-amp-for-wp-accelerated-mobile-pages-plugin-1-0-88-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/accelerated-mobile-pages/wordpress-amp-for-wp-accelerated-mobile-pages-plugin-1-0-88-1-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.0.89 or a higher version." + } + ], + "value": "Update to\u00a01.0.89 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "NG\u00d4 THI\u00caN AN / ancorn_ from VNPT-VCI (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48328.json b/2023/48xxx/CVE-2023-48328.json index 5a066d20b91..d1b606eed88 100644 --- a/2023/48xxx/CVE-2023-48328.json +++ b/2023/48xxx/CVE-2023-48328.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48328", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin \u2013 NextGEN Gallery allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin \u2013 NextGEN Gallery: from n/a through 3.37.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Imagely", + "product": { + "product_data": [ + { + "product_name": "WordPress Gallery Plugin \u2013 NextGEN Gallery", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "3.39", + "status": "unaffected" + } + ], + "lessThanOrEqual": "3.37", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/nextgen-gallery/wordpress-wordpress-gallery-plugin-nextgen-gallery-plugin-3-37-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/nextgen-gallery/wordpress-wordpress-gallery-plugin-nextgen-gallery-plugin-3-37-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 3.39 or a higher version." + } + ], + "value": "Update to\u00a03.39 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "FearZzZz (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48746.json b/2023/48xxx/CVE-2023-48746.json index bba3ed41d97..8a85260d183 100644 --- a/2023/48xxx/CVE-2023-48746.json +++ b/2023/48xxx/CVE-2023-48746.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48746", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles allows Reflected XSS.This issue affects Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles: from n/a through 6.2.6.0.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PeepSo", + "product": { + "product_data": [ + { + "product_name": "Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "6.2.7.0", + "status": "unaffected" + } + ], + "lessThanOrEqual": "6.2.6.0", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/peepso-core/wordpress-community-by-peepso-plugin-6-2-6-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/peepso-core/wordpress-community-by-peepso-plugin-6-2-6-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 6.2.7.0 or a higher version." + } + ], + "value": "Update to\u00a06.2.7.0 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Phd (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48748.json b/2023/48xxx/CVE-2023-48748.json index 8670ff0546c..e53f6e08cde 100644 --- a/2023/48xxx/CVE-2023-48748.json +++ b/2023/48xxx/CVE-2023-48748.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48748", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme nectar Salient Core allows Reflected XSS.This issue affects Salient Core: from n/a through 2.0.2.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Theme nectar", + "product": { + "product_data": [ + { + "product_name": "Salient Core", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.0.3", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.0.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/salient-core/wordpress-salient-core-plugin-2-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/salient-core/wordpress-salient-core-plugin-2-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.0.3 or a higher version." + } + ], + "value": "Update to\u00a02.0.3 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48749.json b/2023/48xxx/CVE-2023-48749.json index 2576e8f7013..cb32ff08315 100644 --- a/2023/48xxx/CVE-2023-48749.json +++ b/2023/48xxx/CVE-2023-48749.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48749", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme nectar Salient Core allows Stored XSS.This issue affects Salient Core: from n/a through 2.0.2.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Theme nectar", + "product": { + "product_data": [ + { + "product_name": "Salient Core", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.0.3", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.0.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/salient-core/wordpress-salient-core-plugin-2-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/salient-core/wordpress-salient-core-plugin-2-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.0.3 or a higher version." + } + ], + "value": "Update to\u00a02.0.3 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48752.json b/2023/48xxx/CVE-2023-48752.json index 622fc3a6344..75a9f164b05 100644 --- a/2023/48xxx/CVE-2023-48752.json +++ b/2023/48xxx/CVE-2023-48752.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48752", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Happyforms Form builder to get in touch with visitors, grow your email list and collect payments \u2014 Happyforms allows Reflected XSS.This issue affects Form builder to get in touch with visitors, grow your email list and collect payments \u2014 Happyforms: from n/a through 1.25.9.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Happyforms", + "product": { + "product_data": [ + { + "product_name": "Form builder to get in touch with visitors, grow your email list and collect payments \u2014 Happyforms", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.25.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/happyforms/wordpress-happyforms-plugin-1-25-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/happyforms/wordpress-happyforms-plugin-1-25-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Le Ngoc Anh (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48754.json b/2023/48xxx/CVE-2023-48754.json index 8d6fe3682ed..2b0d6f4a0a2 100644 --- a/2023/48xxx/CVE-2023-48754.json +++ b/2023/48xxx/CVE-2023-48754.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48754", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Wap Nepal Delete Post Revisions In WordPress allows Cross Site Request Forgery.This issue affects Delete Post Revisions In WordPress: from n/a through 4.6.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wap Nepal", + "product": { + "product_data": [ + { + "product_name": "Delete Post Revisions In WordPress", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "4.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/delete-post-revisions-on-single-click/wordpress-delete-post-revisions-in-wordpress-plugin-4-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/delete-post-revisions-on-single-click/wordpress-delete-post-revisions-in-wordpress-plugin-4-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Skalucy (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/6xxx/CVE-2023-6204.json b/2023/6xxx/CVE-2023-6204.json index 55ee1e378f0..ca3b038346f 100644 --- a/2023/6xxx/CVE-2023-6204.json +++ b/2023/6xxx/CVE-2023-6204.json @@ -107,6 +107,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html" } ] }, diff --git a/2023/6xxx/CVE-2023-6205.json b/2023/6xxx/CVE-2023-6205.json index fed027d9844..4a5ecf00894 100644 --- a/2023/6xxx/CVE-2023-6205.json +++ b/2023/6xxx/CVE-2023-6205.json @@ -107,6 +107,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html" } ] }, diff --git a/2023/6xxx/CVE-2023-6206.json b/2023/6xxx/CVE-2023-6206.json index 45fdbf0d50d..e937855b157 100644 --- a/2023/6xxx/CVE-2023-6206.json +++ b/2023/6xxx/CVE-2023-6206.json @@ -107,6 +107,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html" } ] }, diff --git a/2023/6xxx/CVE-2023-6207.json b/2023/6xxx/CVE-2023-6207.json index 7ced21e412f..705fd7f34fa 100644 --- a/2023/6xxx/CVE-2023-6207.json +++ b/2023/6xxx/CVE-2023-6207.json @@ -107,6 +107,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html" } ] }, diff --git a/2023/6xxx/CVE-2023-6208.json b/2023/6xxx/CVE-2023-6208.json index 97c6d4ab058..1cfda368bcd 100644 --- a/2023/6xxx/CVE-2023-6208.json +++ b/2023/6xxx/CVE-2023-6208.json @@ -107,6 +107,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html" } ] }, diff --git a/2023/6xxx/CVE-2023-6209.json b/2023/6xxx/CVE-2023-6209.json index 81d3eb8872b..bffa6188d10 100644 --- a/2023/6xxx/CVE-2023-6209.json +++ b/2023/6xxx/CVE-2023-6209.json @@ -107,6 +107,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html" } ] }, diff --git a/2023/6xxx/CVE-2023-6212.json b/2023/6xxx/CVE-2023-6212.json index 3bc2a9c02fd..6c8f2d469be 100644 --- a/2023/6xxx/CVE-2023-6212.json +++ b/2023/6xxx/CVE-2023-6212.json @@ -107,6 +107,11 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html" } ] }, diff --git a/2023/6xxx/CVE-2023-6445.json b/2023/6xxx/CVE-2023-6445.json new file mode 100644 index 00000000000..038405a066b --- /dev/null +++ b/2023/6xxx/CVE-2023-6445.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6445", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file