From a43b07bc67c2c6f5fdfb8e6f4718f5f298707a76 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 23 Feb 2025 23:00:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/1xxx/CVE-2025-1595.json | 137 ++++++++++++++++++++++++++++++++- 2025/22xxx/CVE-2025-22631.json | 113 ++++++++++++++++++++++++++- 2025/22xxx/CVE-2025-22632.json | 113 ++++++++++++++++++++++++++- 2025/22xxx/CVE-2025-22633.json | 113 ++++++++++++++++++++++++++- 2025/22xxx/CVE-2025-22635.json | 113 ++++++++++++++++++++++++++- 5 files changed, 569 insertions(+), 20 deletions(-) diff --git a/2025/1xxx/CVE-2025-1595.json b/2025/1xxx/CVE-2025-1595.json index 6f9f6894d26..e0f529050d1 100644 --- a/2025/1xxx/CVE-2025-1595.json +++ b/2025/1xxx/CVE-2025-1595.json @@ -1,17 +1,146 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1595", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in Anhui Xufan Information Technology EasyCVR up to 2.7.0 and classified as problematic. This vulnerability affects unknown code of the file /api/v1/getbaseconfig. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In Anhui Xufan Information Technology EasyCVR bis 2.7.0 wurde eine problematische Schwachstelle gefunden. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /api/v1/getbaseconfig. Durch Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure", + "cweId": "CWE-200" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Controls", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Anhui Xufan Information Technology", + "product": { + "product_data": [ + { + "product_name": "EasyCVR", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + }, + { + "version_affected": "=", + "version_value": "2.1" + }, + { + "version_affected": "=", + "version_value": "2.2" + }, + { + "version_affected": "=", + "version_value": "2.3" + }, + { + "version_affected": "=", + "version_value": "2.4" + }, + { + "version_affected": "=", + "version_value": "2.5" + }, + { + "version_affected": "=", + "version_value": "2.6" + }, + { + "version_affected": "=", + "version_value": "2.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.296590", + "refsource": "MISC", + "name": "https://vuldb.com/?id.296590" + }, + { + "url": "https://vuldb.com/?ctiid.296590", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.296590" + }, + { + "url": "https://vuldb.com/?submit.497485", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.497485" + }, + { + "url": "https://github.com/MH521/POC/blob/main/EasyCVR-%E8%A7%86%E9%A2%91%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0getbaseconfig%E6%8E%A5%E5%8F%A3%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE.md", + "refsource": "MISC", + "name": "https://github.com/MH521/POC/blob/main/EasyCVR-%E8%A7%86%E9%A2%91%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0getbaseconfig%E6%8E%A5%E5%8F%A3%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "MHKD (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N" } ] } diff --git a/2025/22xxx/CVE-2025-22631.json b/2025/22xxx/CVE-2025-22631.json index 254e56b94a7..c0d8f77ed05 100644 --- a/2025/22xxx/CVE-2025-22631.json +++ b/2025/22xxx/CVE-2025-22631.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-22631", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vbout Marketing Automation allows Reflected XSS. This issue affects Marketing Automation: from n/a through 1.2.6.8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "vbout", + "product": { + "product_data": [ + { + "product_name": "Marketing Automation", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.2.6.8", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.2.6.9", + "status": "unaffected" + } + ] + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/marketing-automation/vulnerability/wordpress-marketing-automation-plugin-1-2-6-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/marketing-automation/vulnerability/wordpress-marketing-automation-plugin-1-2-6-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Marketing Automation wordpress plugin to the latest available version (at least 1.2.6.9)." + } + ], + "value": "Update the WordPress Marketing Automation wordpress plugin to the latest available version (at least 1.2.6.9)." + } + ], + "credits": [ + { + "lang": "en", + "value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2025/22xxx/CVE-2025-22632.json b/2025/22xxx/CVE-2025-22632.json index d137617d979..065b4ef44b2 100644 --- a/2025/22xxx/CVE-2025-22632.json +++ b/2025/22xxx/CVE-2025-22632.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-22632", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in totalsoft WooCommerce Pricing \u2013 Product Pricing allows Stored XSS. This issue affects WooCommerce Pricing \u2013 Product Pricing: from n/a through 1.0.9." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "totalsoft", + "product": { + "product_data": [ + { + "product_name": "WooCommerce Pricing \u2013 Product Pricing", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.0.9", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.1.0", + "status": "unaffected" + } + ] + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/woo-pricing-table/vulnerability/wordpress-woocommerce-pricing-product-pricing-plugin-1-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/woo-pricing-table/vulnerability/wordpress-woocommerce-pricing-product-pricing-plugin-1-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress WooCommerce Pricing \u2013 Product Pricing wordpress plugin to the latest available version (at least 1.1.0)." + } + ], + "value": "Update the WordPress WooCommerce Pricing \u2013 Product Pricing wordpress plugin to the latest available version (at least 1.1.0)." + } + ], + "credits": [ + { + "lang": "en", + "value": "Mika (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2025/22xxx/CVE-2025-22633.json b/2025/22xxx/CVE-2025-22633.json index 2bfaecfcc83..5841d151049 100644 --- a/2025/22xxx/CVE-2025-22633.json +++ b/2025/22xxx/CVE-2025-22633.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-22633", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Matt Cromwell Give \u2013 Divi Donation Modules allows Retrieve Embedded Sensitive Data. This issue affects Give \u2013 Divi Donation Modules: from n/a through 2.0.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory", + "cweId": "CWE-538" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Matt Cromwell", + "product": { + "product_data": [ + { + "product_name": "Give \u2013 Divi Donation Modules", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "2.0.0", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.0.1", + "status": "unaffected" + } + ] + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/give-donation-modules-for-divi/vulnerability/wordpress-give-divi-donation-modules-plugin-2-0-0-sensitive-data-exposure-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/give-donation-modules-for-divi/vulnerability/wordpress-give-divi-donation-modules-plugin-2-0-0-sensitive-data-exposure-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Give \u2013 Divi Donation Modules plugin to the latest available version (at least 2.0.1)." + } + ], + "value": "Update the WordPress Give \u2013 Divi Donation Modules plugin to the latest available version (at least 2.0.1)." + } + ], + "credits": [ + { + "lang": "en", + "value": "Anhchangmutrang (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 5.8, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", + "baseSeverity": "MEDIUM", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "version": "3.1" } ] } diff --git a/2025/22xxx/CVE-2025-22635.json b/2025/22xxx/CVE-2025-22635.json index 591fae7b935..51e22d98c4d 100644 --- a/2025/22xxx/CVE-2025-22635.json +++ b/2025/22xxx/CVE-2025-22635.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-22635", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jyothis Joy Eventer allows Reflected XSS. This issue affects Eventer: from n/a through n/a." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jyothis Joy", + "product": { + "product_data": [ + { + "product_name": "Eventer", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThan": "3.9.9", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "3.9.9", + "status": "unaffected" + } + ] + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/eventer/vulnerability/wordpress-eventer-wordpress-event-booking-manager-plugin-plugin-3-9-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/eventer/vulnerability/wordpress-eventer-wordpress-event-booking-manager-plugin-plugin-3-9-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Eventer wordpress plugin to the latest available version (at least 3.9.9)." + } + ], + "value": "Update the WordPress Eventer wordpress plugin to the latest available version (at least 3.9.9)." + } + ], + "credits": [ + { + "lang": "en", + "value": "Anhchangmutrang (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] }