admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-11-14 23:00:32 +00:00
parent daabf94c24
commit 9d7fbbcabd
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
12 changed files with 747 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
2022/33xxx/CVE-2022-33907.json
View File

@ -1,18 +1,70 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-33907",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-33907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.insyde.com/security-pledge",
"refsource": "MISC",
"name": "https://www.insyde.com/security-pledge"
},
{
"refsource": "MISC",
"name": "https://www.insyde.com/security-pledge/SA-2022049",
"url": "https://www.insyde.com/security-pledge/SA-2022049"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

64
2022/33xxx/CVE-2022-33982.json
View File

@ -1,18 +1,70 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-33982",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-33982",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA attacks on the parameter buffer used by the software SMI handler used by the driver Int15ServiceSmm could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23 CWE-367"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.insyde.com/security-pledge",
"refsource": "MISC",
"name": "https://www.insyde.com/security-pledge"
},
{
"refsource": "MISC",
"name": "https://www.insyde.com/security-pledge/SA-2022052",
"url": "https://www.insyde.com/security-pledge/SA-2022052"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

61
2022/34xxx/CVE-2022-34325.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34325",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-34325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.insyde.com/security-pledge",
"refsource": "MISC",
"name": "https://www.insyde.com/security-pledge"
},
{
"refsource": "MISC",
"name": "https://www.insyde.com/security-pledge/SA-2022057",
"url": "https://www.insyde.com/security-pledge/SA-2022057"
}
]
}

76
2022/40xxx/CVE-2022-40735.json
View File

@ -1,17 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40735",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-40735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Using long exponents in the Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. An attacker may cause asymmetric resource consumption with any common client application which uses a DHE implementation that applies short exponents. The attack may be more disruptive in cases where a client sends arbitrary numbers that are actually not DH public keys (aka the D(HE)ater attack) or can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE. This can affect TLS, SSH, and IKE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/mozilla/ssl-config-generator/issues/162",
"refsource": "MISC",
"name": "https://github.com/mozilla/ssl-config-generator/issues/162"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/c0r0n3r/9455ddcab985c50fd1912eabf26e058b",
"url": "https://gist.github.com/c0r0n3r/9455ddcab985c50fd1912eabf26e058b"
},
{
"refsource": "MISC",
"name": "https://link.springer.com/content/pdf/10.1007/3-540-68339-9_29.pdf",
"url": "https://link.springer.com/content/pdf/10.1007/3-540-68339-9_29.pdf"
},
{
"refsource": "MISC",
"name": "https://www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745_Security_Issues_in_the_Diffie-Hellman_Key_Agreement_Protocol/links/546c144f0cf20dedafd53e7e/Security-Issues-in-the-Diffie-Hellman-Key-Agreement-Protocol.pdf",
"url": "https://www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745_Security_Issues_in_the_Diffie-Hellman_Key_Agreement_Protocol/links/546c144f0cf20dedafd53e7e/Security-Issues-in-the-Diffie-Hellman-Key-Agreement-Protocol.pdf"
},
{
"refsource": "MISC",
"name": "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf",
"url": "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf"
}
]
}

61
2022/40xxx/CVE-2022-40903.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40903",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-40903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 does not mitigate against repeated failed access attempts, which allows an attacker to gain administrative privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN75437943/index.html",
"url": "https://jvn.jp/en/jp/JVN75437943/index.html"
},
{
"refsource": "MISC",
"name": "https://www.aiphone.net/",
"url": "https://www.aiphone.net/"
}
]
}

61
2022/43xxx/CVE-2022-43030.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-43030",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-43030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command execution vulnerability, which can be used by attackers to gain server privileges"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/cai-niao98/siyu",
"url": "https://github.com/cai-niao98/siyu"
},
{
"refsource": "MISC",
"name": "https://github.com/cai-niao98/siyu/blob/main/README.md",
"url": "https://github.com/cai-niao98/siyu/blob/main/README.md"
}
]
}

68
2022/43xxx/CVE-2022-43687.json
View File

@ -5,13 +5,77 @@
"CVE_data_meta": {
"ID": "CVE-2022-43687",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/concretecms/concretecms/releases/9.1.3",
"url": "https://github.com/concretecms/concretecms/releases/9.1.3"
},
{
"refsource": "MISC",
"name": "https://github.com/concretecms/concretecms/releases/8.5.10",
"url": "https://github.com/concretecms/concretecms/releases/8.5.10"
},
{
"refsource": "MISC",
"name": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes",
"url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"
},
{
"refsource": "MISC",
"name": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes",
"url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"
},
{
"refsource": "MISC",
"name": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31",
"url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+."
}
]
}

68
2022/43xxx/CVE-2022-43688.json
View File

@ -5,13 +5,77 @@
"CVE_data_meta": {
"ID": "CVE-2022-43688",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/concretecms/concretecms/releases/9.1.3",
"url": "https://github.com/concretecms/concretecms/releases/9.1.3"
},
{
"refsource": "MISC",
"name": "https://github.com/concretecms/concretecms/releases/8.5.10",
"url": "https://github.com/concretecms/concretecms/releases/8.5.10"
},
{
"refsource": "MISC",
"name": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes",
"url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"
},
{
"refsource": "MISC",
"name": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes",
"url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"
},
{
"refsource": "MISC",
"name": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31",
"url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in icons since the Microsoft application tile color is not sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+."
}
]
}

68
2022/43xxx/CVE-2022-43689.json
View File

@ -5,13 +5,77 @@
"CVE_data_meta": {
"ID": "CVE-2022-43689",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/concretecms/concretecms/releases/9.1.3",
"url": "https://github.com/concretecms/concretecms/releases/9.1.3"
},
{
"refsource": "MISC",
"name": "https://github.com/concretecms/concretecms/releases/8.5.10",
"url": "https://github.com/concretecms/concretecms/releases/8.5.10"
},
{
"refsource": "MISC",
"name": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes",
"url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"
},
{
"refsource": "MISC",
"name": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes",
"url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"
},
{
"refsource": "MISC",
"name": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31",
"url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure."
}
]
}

68
2022/43xxx/CVE-2022-43690.json
View File

@ -5,13 +5,77 @@
"CVE_data_meta": {
"ID": "CVE-2022-43690",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/concretecms/concretecms/releases/9.1.3",
"url": "https://github.com/concretecms/concretecms/releases/9.1.3"
},
{
"refsource": "MISC",
"name": "https://github.com/concretecms/concretecms/releases/8.5.10",
"url": "https://github.com/concretecms/concretecms/releases/8.5.10"
},
{
"refsource": "MISC",
"name": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes",
"url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"
},
{
"refsource": "MISC",
"name": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes",
"url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"
},
{
"refsource": "MISC",
"name": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31",
"url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacy_salt so that limited authentication bypass could occur if using this functionality. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+."
}
]
}

68
2022/43xxx/CVE-2022-43691.json
View File

@ -5,13 +5,77 @@
"CVE_data_meta": {
"ID": "CVE-2022-43691",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/concretecms/concretecms/releases/9.1.3",
"url": "https://github.com/concretecms/concretecms/releases/9.1.3"
},
{
"refsource": "MISC",
"name": "https://github.com/concretecms/concretecms/releases/8.5.10",
"url": "https://github.com/concretecms/concretecms/releases/8.5.10"
},
{
"refsource": "MISC",
"name": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes",
"url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"
},
{
"refsource": "MISC",
"name": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes",
"url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"
},
{
"refsource": "MISC",
"name": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31",
"url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information (secrets in environment variables and server information) when Debug Mode is left on in production."
}
]
}

68
2022/43xxx/CVE-2022-43695.json
View File

@ -5,13 +5,77 @@
"CVE_data_meta": {
"ID": "CVE-2022-43695",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/concretecms/concretecms/releases/9.1.3",
"url": "https://github.com/concretecms/concretecms/releases/9.1.3"
},
{
"refsource": "MISC",
"name": "https://github.com/concretecms/concretecms/releases/8.5.10",
"url": "https://github.com/concretecms/concretecms/releases/8.5.10"
},
{
"refsource": "MISC",
"name": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes",
"url": "https://documentation.concretecms.org/developers/introduction/version-history/913-release-notes"
},
{
"refsource": "MISC",
"name": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes",
"url": "https://documentation.concretecms.org/developers/introduction/version-history/8510-release-notes"
},
{
"refsource": "MISC",
"name": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31",
"url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2022-10-31"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard/system/express/entities/associations because Concrete CMS allows association with an entity name that doesn\u2019t exist or, if it does exist, contains XSS since it was not properly sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+."
}
]
}