From a6679c373bb78538cba04c311d97c6411a82404a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 5 Apr 2021 19:00:43 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/26xxx/CVE-2020-26820.json | 5 + 2020/27xxx/CVE-2020-27216.json | 5 + 2020/6xxx/CVE-2020-6207.json | 5 + 2020/6xxx/CVE-2020-6234.json | 5 + 2020/6xxx/CVE-2020-6287.json | 5 + 2021/23xxx/CVE-2021-23336.json | 5 + 2021/24xxx/CVE-2021-24158.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24161.json | 168 ++++++++++++++++----------------- 2021/24xxx/CVE-2021-24162.json | 168 ++++++++++++++++----------------- 2021/24xxx/CVE-2021-24164.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24165.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24166.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24177.json | 154 +++++++++++++++--------------- 2021/24xxx/CVE-2021-24182.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24183.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24184.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24185.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24186.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24202.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24203.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24204.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24205.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24206.json | 144 ++++++++++++++-------------- 2021/24xxx/CVE-2021-24208.json | 144 ++++++++++++++-------------- 2021/27xxx/CVE-2021-27807.json | 5 + 2021/27xxx/CVE-2021-27906.json | 5 + 2021/3xxx/CVE-2021-3177.json | 5 + 27 files changed, 1370 insertions(+), 1325 deletions(-) diff --git a/2020/26xxx/CVE-2020-26820.json b/2020/26xxx/CVE-2020-26820.json index 1a12e73d8f9..bf34cd937ab 100644 --- a/2020/26xxx/CVE-2020-26820.json +++ b/2020/26xxx/CVE-2020-26820.json @@ -85,6 +85,11 @@ "url": "https://launchpad.support.sap.com/#/notes/2979062", "refsource": "MISC", "name": "https://launchpad.support.sap.com/#/notes/2979062" + }, + { + "refsource": "FULLDISC", + "name": "20210405 Onapsis Security Advisory 2021-0004: [CVE-2020-26820] - SAP Java OS Remote Code Execution", + "url": "http://seclists.org/fulldisclosure/2021/Apr/7" } ] } diff --git a/2020/27xxx/CVE-2020-27216.json b/2020/27xxx/CVE-2020-27216.json index 2cbadc6aca0..53b9d1f70d1 100644 --- a/2020/27xxx/CVE-2020-27216.json +++ b/2020/27xxx/CVE-2020-27216.json @@ -580,6 +580,11 @@ "refsource": "MLIST", "name": "[beam-issues] 20210402 [jira] [Updated] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216", "url": "https://lists.apache.org/thread.html/rd7e62e2972a41c2658f41a824b8bdd15644d80fcadc51fe7b7c855de@%3Cissues.beam.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[beam-issues] 20210405 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216", + "url": "https://lists.apache.org/thread.html/r87b0c69fef09277333a7e1716926d1f237d462e143a335854ddd922f@%3Cissues.beam.apache.org%3E" } ] } diff --git a/2020/6xxx/CVE-2020-6207.json b/2020/6xxx/CVE-2020-6207.json index 415f5184e20..7cd5a6dfdfc 100644 --- a/2020/6xxx/CVE-2020-6207.json +++ b/2020/6xxx/CVE-2020-6207.json @@ -74,6 +74,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/161993/SAP-Solution-Manager-7.2-Remote-Command-Execution.html", "url": "http://packetstormsecurity.com/files/161993/SAP-Solution-Manager-7.2-Remote-Command-Execution.html" + }, + { + "refsource": "FULLDISC", + "name": "20210405 Onapsis Security Advisory 2021-0001: [CVE-2020-6207] - Unauthenticated RCE in SAP all SMD Agents connected to SAP SolMan", + "url": "http://seclists.org/fulldisclosure/2021/Apr/4" } ] } diff --git a/2020/6xxx/CVE-2020-6234.json b/2020/6xxx/CVE-2020-6234.json index 31753feba8d..4a45e2be6da 100644 --- a/2020/6xxx/CVE-2020-6234.json +++ b/2020/6xxx/CVE-2020-6234.json @@ -69,6 +69,11 @@ "url": "https://launchpad.support.sap.com/#/notes/2902645", "refsource": "MISC", "name": "https://launchpad.support.sap.com/#/notes/2902645" + }, + { + "refsource": "FULLDISC", + "name": "20210405 Onapsis Security Advisory 2021-0002: [CVE-2020-6234] - SAP Multiple root LPE through SAP Host Control", + "url": "http://seclists.org/fulldisclosure/2021/Apr/5" } ] } diff --git a/2020/6xxx/CVE-2020-6287.json b/2020/6xxx/CVE-2020-6287.json index a030023d9e0..cb18a1c9241 100644 --- a/2020/6xxx/CVE-2020-6287.json +++ b/2020/6xxx/CVE-2020-6287.json @@ -86,6 +86,11 @@ "refsource": "MISC", "name": "https://www.onapsis.com/recon-sap-cyber-security-vulnerability", "url": "https://www.onapsis.com/recon-sap-cyber-security-vulnerability" + }, + { + "refsource": "FULLDISC", + "name": "20210405 Onapsis Security Advisory 2021-0003: [CVE-2020-6287] - [SAP RECON] SAP JAVA: Unauthenticated execution of configuration tasks", + "url": "http://seclists.org/fulldisclosure/2021/Apr/6" } ] } diff --git a/2021/23xxx/CVE-2021-23336.json b/2021/23xxx/CVE-2021-23336.json index 0a14c103e8e..bfe75b72e05 100644 --- a/2021/23xxx/CVE-2021-23336.json +++ b/2021/23xxx/CVE-2021-23336.json @@ -189,6 +189,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210326-0004/", "url": "https://security.netapp.com/advisory/ntap-20210326-0004/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210405 [SECURITY] [DLA 2619-1] python3.5 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html" } ] }, diff --git a/2021/24xxx/CVE-2021-24158.json b/2021/24xxx/CVE-2021-24158.json index 9fb07b101fe..957297bbe7c 100644 --- a/2021/24xxx/CVE-2021-24158.json +++ b/2021/24xxx/CVE-2021-24158.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24158", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Privilege Escalation" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Orbit Fox by ThemeIsle", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "2.10.3", - "version_value": "2.10.3" + "CVE_data_meta": { + "ID": "CVE-2021-24158", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Privilege Escalation" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Orbit Fox by ThemeIsle", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.10.3", + "version_value": "2.10.3" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for lower-level users, however, they can still supply the user_role parameter to update the default role for registration." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/d81d0e72-9bb5-47ef-a796-3b305a4b604f", - "name": "https://wpscan.com/vulnerability/d81d0e72-9bb5-47ef-a796-3b305a4b604f" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/01/multiple-vulnerabilities-patched-in-orbit-fox-by-themeisle-plugin/", - "name": "https://www.wordfence.com/blog/2021/01/multiple-vulnerabilities-patched-in-orbit-fox-by-themeisle-plugin/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-269 Improper Privilege Management", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for lower-level users, however, they can still supply the user_role parameter to update the default role for registration." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Chloe Chamberland" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/01/multiple-vulnerabilities-patched-in-orbit-fox-by-themeisle-plugin/", + "name": "https://www.wordfence.com/blog/2021/01/multiple-vulnerabilities-patched-in-orbit-fox-by-themeisle-plugin/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/d81d0e72-9bb5-47ef-a796-3b305a4b604f", + "name": "https://wpscan.com/vulnerability/d81d0e72-9bb5-47ef-a796-3b305a4b604f" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-269 Improper Privilege Management", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Chloe Chamberland" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24161.json b/2021/24xxx/CVE-2021-24161.json index 438923aa3cd..fd43a8f20ac 100644 --- a/2021/24xxx/CVE-2021-24161.json +++ b/2021/24xxx/CVE-2021-24161.json @@ -1,92 +1,92 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24161", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Responsive Menu < 4.0.4 - CSRF to Arbitrary File Upload " - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "ExpressTech", - "product": { - "product_data": [ - { - "product_name": "Responsive Menu – Create Mobile-Friendly Menu", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "4.0.4", - "version_value": "4.0.4" + "CVE_data_meta": { + "ID": "CVE-2021-24161", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Responsive Menu < 4.0.4 - CSRF to Arbitrary File Upload " + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ExpressTech", + "product": { + "product_data": [ + { + "product_name": "Responsive Menu \u2013 Create Mobile-Friendly Menu", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.0.4", + "version_value": "4.0.4" + } + ] + } + }, + { + "product_name": "Responsive Menu Pro", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.0.4", + "version_value": "4.0.4" + } + ] + } + } + ] } - ] } - }, - { - "product_name": "Responsive Menu Pro", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "4.0.4", - "version_value": "4.0.4" - } - ] - } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacker could then access those files to achieve remote code execution and further infect the targeted site." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/efca27e0-bdb6-4497-8330-081f909d6933", - "name": "https://wpscan.com/vulnerability/efca27e0-bdb6-4497-8330-081f909d6933" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-responsive-menu-plugin/", - "name": "https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-responsive-menu-plugin/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacker could then access those files to achieve remote code execution and further infect the targeted site." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Chloe Chamberland" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-responsive-menu-plugin/", + "name": "https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-responsive-menu-plugin/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/efca27e0-bdb6-4497-8330-081f909d6933", + "name": "https://wpscan.com/vulnerability/efca27e0-bdb6-4497-8330-081f909d6933" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Chloe Chamberland" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24162.json b/2021/24xxx/CVE-2021-24162.json index cfef0513616..a769983d753 100644 --- a/2021/24xxx/CVE-2021-24162.json +++ b/2021/24xxx/CVE-2021-24162.json @@ -1,92 +1,92 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24162", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Responsive Menu < 4.0.4 - CSRF to Settings Update" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "ExpressTech", - "product": { - "product_data": [ - { - "product_name": "Responsive Menu – Create Mobile-Friendly Menu", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "4.0.4", - "version_value": "4.0.4" + "CVE_data_meta": { + "ID": "CVE-2021-24162", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Responsive Menu < 4.0.4 - CSRF to Settings Update" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ExpressTech", + "product": { + "product_data": [ + { + "product_name": "Responsive Menu \u2013 Create Mobile-Friendly Menu", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.0.4", + "version_value": "4.0.4" + } + ] + } + }, + { + "product_name": "Responsive Menu Pro", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.0.4", + "version_value": "4.0.4" + } + ] + } + } + ] } - ] } - }, - { - "product_name": "Responsive Menu Pro", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "4.0.4", - "version_value": "4.0.4" - } - ] - } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in further infection of the site." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/923fc3a3-4bcc-4b48-870a-6150e14509b5", - "name": "https://wpscan.com/vulnerability/923fc3a3-4bcc-4b48-870a-6150e14509b5" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-responsive-menu-plugin/", - "name": "https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-responsive-menu-plugin/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in further infection of the site." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Chloe Chamberland" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-responsive-menu-plugin/", + "name": "https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-responsive-menu-plugin/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/923fc3a3-4bcc-4b48-870a-6150e14509b5", + "name": "https://wpscan.com/vulnerability/923fc3a3-4bcc-4b48-870a-6150e14509b5" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Chloe Chamberland" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24164.json b/2021/24xxx/CVE-2021-24164.json index 17b975e5e20..fd5482bff1d 100644 --- a/2021/24xxx/CVE-2021-24164.json +++ b/2021/24xxx/CVE-2021-24164.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24164", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Ninja Forms < 3.4.34.1 - Authenticated OAuth Connection Key Disclosure" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "3.4.34.1", - "version_value": "3.4.34.1" + "CVE_data_meta": { + "ID": "CVE-2021-24164", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Ninja Forms < 3.4.34.1 - Authenticated OAuth Connection Key Disclosure" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.4.34.1", + "version_value": "3.4.34.1" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already established OAuth connection." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/dfa32afa-c6de-4237-a9f2-709843dcda89", - "name": "https://wpscan.com/vulnerability/dfa32afa-c6de-4237-a9f2-709843dcda89" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/", - "name": "https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already established OAuth connection." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Chloe Chamberland" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/", + "name": "https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/dfa32afa-c6de-4237-a9f2-709843dcda89", + "name": "https://wpscan.com/vulnerability/dfa32afa-c6de-4237-a9f2-709843dcda89" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Chloe Chamberland" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24165.json b/2021/24xxx/CVE-2021-24165.json index f7e5992b8e3..afe93277e33 100644 --- a/2021/24xxx/CVE-2021-24165.json +++ b/2021/24xxx/CVE-2021-24165.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24165", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Ninja Forms < 3.4.34 - Administrator Open Redirect" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "3.4.34", - "version_value": "3.4.34" + "CVE_data_meta": { + "ID": "CVE-2021-24165", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Ninja Forms < 3.4.34 - Administrator Open Redirect" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.4.34", + "version_value": "3.4.34" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/6147acf5-e43f-47e6-ab56-c9c8be584818", - "name": "https://wpscan.com/vulnerability/6147acf5-e43f-47e6-ab56-c9c8be584818" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/", - "name": "https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Chloe Chamberland" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/", + "name": "https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/6147acf5-e43f-47e6-ab56-c9c8be584818", + "name": "https://wpscan.com/vulnerability/6147acf5-e43f-47e6-ab56-c9c8be584818" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Chloe Chamberland" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24166.json b/2021/24xxx/CVE-2021-24166.json index c9808b1e8f8..ca91cc0a711 100644 --- a/2021/24xxx/CVE-2021-24166.json +++ b/2021/24xxx/CVE-2021-24166.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24166", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Ninja Forms < 3.4.34 - CSRF to OAuth Service Disconnection" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "3.4.34", - "version_value": "3.4.34" + "CVE_data_meta": { + "ID": "CVE-2021-24166", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Ninja Forms < 3.4.34 - CSRF to OAuth Service Disconnection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.4.34", + "version_value": "3.4.34" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/b531fb65-a8ff-4150-a9a1-2a62a3c00bd6", - "name": "https://wpscan.com/vulnerability/b531fb65-a8ff-4150-a9a1-2a62a3c00bd6" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/", - "name": "https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-352 Cross-Site Request Forgery (CSRF)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Chloe Chamberland" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/", + "name": "https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/b531fb65-a8ff-4150-a9a1-2a62a3c00bd6", + "name": "https://wpscan.com/vulnerability/b531fb65-a8ff-4150-a9a1-2a62a3c00bd6" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Chloe Chamberland" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24177.json b/2021/24xxx/CVE-2021-24177.json index cb1a4be905f..69b6b2b71b2 100644 --- a/2021/24xxx/CVE-2021-24177.json +++ b/2021/24xxx/CVE-2021-24177.json @@ -1,85 +1,85 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24177", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "WP File Manager < 7.1 - Reflected Cross-Site Scripting (XSS)" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "File Manager", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "7.1", - "version_value": "7.1" + "CVE_data_meta": { + "ID": "CVE-2021-24177", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP File Manager < 7.1 - Reflected Cross-Site Scripting (XSS)" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "File Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "7.1", + "version_value": "7.1" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/1cf3d256-cf4b-4d1f-9ed8-e2cc6392d8d8", - "name": "https://wpscan.com/vulnerability/1cf3d256-cf4b-4d1f-9ed8-e2cc6392d8d8" - }, - { - "refsource": "MISC", - "url": "https://n4nj0.github.io/advisories/wordpress-plugin-wp-file-manager-i/", - "name": "https://n4nj0.github.io/advisories/wordpress-plugin-wp-file-manager-i/" - }, - { - "refsource": "MISC", - "url": "https://plugins.trac.wordpress.org/changeset/2476829/", - "name": "https://plugins.trac.wordpress.org/changeset/2476829/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Veno Eivazian" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://n4nj0.github.io/advisories/wordpress-plugin-wp-file-manager-i/", + "name": "https://n4nj0.github.io/advisories/wordpress-plugin-wp-file-manager-i/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/1cf3d256-cf4b-4d1f-9ed8-e2cc6392d8d8", + "name": "https://wpscan.com/vulnerability/1cf3d256-cf4b-4d1f-9ed8-e2cc6392d8d8" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/changeset/2476829/", + "name": "https://plugins.trac.wordpress.org/changeset/2476829/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Veno Eivazian" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24182.json b/2021/24xxx/CVE-2021-24182.json index 0ab1dbaf1f1..6be3ac3675c 100644 --- a/2021/24xxx/CVE-2021-24182.json +++ b/2021/24xxx/CVE-2021-24182.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24182", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_answers_by_question" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Tutor LMS – eLearning and online course solution", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "1.8.3", - "version_value": "1.8.3" + "CVE_data_meta": { + "ID": "CVE-2021-24182", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_answers_by_question" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Tutor LMS \u2013 eLearning and online course solution", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.8.3", + "version_value": "1.8.3" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The tutor_quiz_builder_get_answers_by_question AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/f74dfc52-46ba-41e3-994b-23115a22984f", - "name": "https://wpscan.com/vulnerability/f74dfc52-46ba-41e3-994b-23115a22984f" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/", - "name": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-89 SQL Injection", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The tutor_quiz_builder_get_answers_by_question AJAX action from the Tutor LMS \u2013 eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Chloe Chamberland" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/", + "name": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/f74dfc52-46ba-41e3-994b-23115a22984f", + "name": "https://wpscan.com/vulnerability/f74dfc52-46ba-41e3-994b-23115a22984f" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Chloe Chamberland" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24183.json b/2021/24xxx/CVE-2021-24183.json index 2581f8ed077..4ffb8293da8 100644 --- a/2021/24xxx/CVE-2021-24183.json +++ b/2021/24xxx/CVE-2021-24183.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24183", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_question_form" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Tutor LMS – eLearning and online course solution", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "1.8.3", - "version_value": "1.8.3" + "CVE_data_meta": { + "ID": "CVE-2021-24183", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_question_form" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Tutor LMS \u2013 eLearning and online course solution", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.8.3", + "version_value": "1.8.3" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The tutor_quiz_builder_get_question_form AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/9b8da6b7-f1d6-4a7d-a621-4ca01e4b7496", - "name": "https://wpscan.com/vulnerability/9b8da6b7-f1d6-4a7d-a621-4ca01e4b7496" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/", - "name": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-89 SQL Injection", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The tutor_quiz_builder_get_question_form AJAX action from the Tutor LMS \u2013 eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Chloe Chamberland" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/", + "name": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/9b8da6b7-f1d6-4a7d-a621-4ca01e4b7496", + "name": "https://wpscan.com/vulnerability/9b8da6b7-f1d6-4a7d-a621-4ca01e4b7496" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Chloe Chamberland" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24184.json b/2021/24xxx/CVE-2021-24184.json index 0a0f1128ee0..06b0f35827d 100644 --- a/2021/24xxx/CVE-2021-24184.json +++ b/2021/24xxx/CVE-2021-24184.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24184", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Tutor LMS < 1.7.7 - Unprotected AJAX including Privilege Escalation" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Tutor LMS – eLearning and online course solution", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "1.7.7", - "version_value": "1.7.7" + "CVE_data_meta": { + "ID": "CVE-2021-24184", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Tutor LMS < 1.7.7 - Unprotected AJAX including Privilege Escalation" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Tutor LMS \u2013 eLearning and online course solution", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.7.7", + "version_value": "1.7.7" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/5e85917c-7a58-49cb-b8b3-05aa18ffff3e", - "name": "https://wpscan.com/vulnerability/5e85917c-7a58-49cb-b8b3-05aa18ffff3e" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/", - "name": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-269 Improper Privilege Management", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Several AJAX endpoints in the Tutor LMS \u2013 eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Chloe Chamberland" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/", + "name": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/5e85917c-7a58-49cb-b8b3-05aa18ffff3e", + "name": "https://wpscan.com/vulnerability/5e85917c-7a58-49cb-b8b3-05aa18ffff3e" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-269 Improper Privilege Management", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Chloe Chamberland" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24185.json b/2021/24xxx/CVE-2021-24185.json index eafc9957847..ef9a5727497 100644 --- a/2021/24xxx/CVE-2021-24185.json +++ b/2021/24xxx/CVE-2021-24185.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24185", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Tutor LMS < 1.7.7 - SQL Injection via tutor_place_rating" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Tutor LMS – eLearning and online course solution", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "1.7.7", - "version_value": "1.7.7" + "CVE_data_meta": { + "ID": "CVE-2021-24185", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Tutor LMS < 1.7.7 - SQL Injection via tutor_place_rating" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Tutor LMS \u2013 eLearning and online course solution", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.7.7", + "version_value": "1.7.7" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The tutor_place_rating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/0cba5349-e916-43f0-a1fe-62cf73e352a2", - "name": "https://wpscan.com/vulnerability/0cba5349-e916-43f0-a1fe-62cf73e352a2" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/", - "name": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-89 SQL Injection", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The tutor_place_rating AJAX action from the Tutor LMS \u2013 eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Chloe Chamberland" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/", + "name": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/0cba5349-e916-43f0-a1fe-62cf73e352a2", + "name": "https://wpscan.com/vulnerability/0cba5349-e916-43f0-a1fe-62cf73e352a2" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Chloe Chamberland" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24186.json b/2021/24xxx/CVE-2021-24186.json index 734c8d500ca..309aa70a525 100644 --- a/2021/24xxx/CVE-2021-24186.json +++ b/2021/24xxx/CVE-2021-24186.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24186", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Tutor LMS < 1.8.3 - SQL Injection via tutor_answering_quiz_question/get_answer_by_id" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Tutor LMS – eLearning and online course solution", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "1.8.3", - "version_value": "1.8.3" + "CVE_data_meta": { + "ID": "CVE-2021-24186", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Tutor LMS < 1.8.3 - SQL Injection via tutor_answering_quiz_question/get_answer_by_id" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Tutor LMS \u2013 eLearning and online course solution", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.8.3", + "version_value": "1.8.3" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The tutor_answering_quiz_question/get_answer_by_id function pair from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/5f5c0c6c-6f76-4366-b590-0aab557f8c60", - "name": "https://wpscan.com/vulnerability/5f5c0c6c-6f76-4366-b590-0aab557f8c60" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/", - "name": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-89 SQL Injection", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The tutor_answering_quiz_question/get_answer_by_id function pair from the Tutor LMS \u2013 eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Chloe Chamberland" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/", + "name": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/5f5c0c6c-6f76-4366-b590-0aab557f8c60", + "name": "https://wpscan.com/vulnerability/5f5c0c6c-6f76-4366-b590-0aab557f8c60" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Chloe Chamberland" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24202.json b/2021/24xxx/CVE-2021-24202.json index 7ea0d28a014..a0c5f201541 100644 --- a/2021/24xxx/CVE-2021-24202.json +++ b/2021/24xxx/CVE-2021-24202.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24202", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Heading Widget" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Elementor Website Builder", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "3.1.4", - "version_value": "3.1.4" + "CVE_data_meta": { + "ID": "CVE-2021-24202", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Heading Widget" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Elementor Website Builder", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.1.4", + "version_value": "3.1.4" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘title’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/b72bd13d-c8e2-4347-b009-542fc0fe21bb", - "name": "https://wpscan.com/vulnerability/b72bd13d-c8e2-4347-b009-542fc0fe21bb" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/", - "name": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a \u2018header_size\u2019 parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified \u2018save_builder\u2019 request with this parameter set to \u2018script\u2019 and combined with a \u2018title\u2019 parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Ramuel Gall" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/", + "name": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/b72bd13d-c8e2-4347-b009-542fc0fe21bb", + "name": "https://wpscan.com/vulnerability/b72bd13d-c8e2-4347-b009-542fc0fe21bb" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Ramuel Gall" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24203.json b/2021/24xxx/CVE-2021-24203.json index 0209d018a4c..b781011d77a 100644 --- a/2021/24xxx/CVE-2021-24203.json +++ b/2021/24xxx/CVE-2021-24203.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24203", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Divider Widget" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Elementor Website Builder", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "3.1.4", - "version_value": "3.1.4" + "CVE_data_meta": { + "ID": "CVE-2021-24203", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Divider Widget" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Elementor Website Builder", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.1.4", + "version_value": "3.1.4" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "In the Elementor Website Builder WordPress plugin before 3.1.4, the divider widget (includes/widgets/divider.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘text’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/aa152ad0-5b3d-4d1f-88f4-6899a546e72e", - "name": "https://wpscan.com/vulnerability/aa152ad0-5b3d-4d1f-88f4-6899a546e72e" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/", - "name": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Elementor Website Builder WordPress plugin before 3.1.4, the divider widget (includes/widgets/divider.php) accepts an \u2018html_tag\u2019 parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified \u2018save_builder\u2019 request with this parameter set to \u2018script\u2019 and combined with a \u2018text\u2019 parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Ramuel Gall" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/", + "name": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/aa152ad0-5b3d-4d1f-88f4-6899a546e72e", + "name": "https://wpscan.com/vulnerability/aa152ad0-5b3d-4d1f-88f4-6899a546e72e" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Ramuel Gall" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24204.json b/2021/24xxx/CVE-2021-24204.json index 1907c1ea54a..34e5490d96a 100644 --- a/2021/24xxx/CVE-2021-24204.json +++ b/2021/24xxx/CVE-2021-24204.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24204", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Accordion Widget" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Elementor Website Builder", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "3.1.4", - "version_value": "3.1.4" + "CVE_data_meta": { + "ID": "CVE-2021-24204", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Accordion Widget" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Elementor Website Builder", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.1.4", + "version_value": "3.1.4" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a ‘title_html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/772e172f-c8b4-4a6a-9eb9-9663295cfedf", - "name": "https://wpscan.com/vulnerability/772e172f-c8b4-4a6a-9eb9-9663295cfedf" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/", - "name": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a \u2018title_html_tag\u2019 parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified \u2018save_builder\u2019 request containing JavaScript in the \u2018title_html_tag\u2019 parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Ramuel Gall" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/", + "name": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/772e172f-c8b4-4a6a-9eb9-9663295cfedf", + "name": "https://wpscan.com/vulnerability/772e172f-c8b4-4a6a-9eb9-9663295cfedf" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Ramuel Gall" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24205.json b/2021/24xxx/CVE-2021-24205.json index 6a1ac981016..1b230229e14 100644 --- a/2021/24xxx/CVE-2021-24205.json +++ b/2021/24xxx/CVE-2021-24205.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24205", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Icon Box Widget" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Elementor Website Builder", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "3.1.4", - "version_value": "3.1.4" + "CVE_data_meta": { + "ID": "CVE-2021-24205", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Icon Box Widget" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Elementor Website Builder", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.1.4", + "version_value": "3.1.4" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "In the Elementor Website Builder WordPress plugin before 3.1.4, the icon box widget (includes/widgets/icon-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_size’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/ef23df6d-e265-44f6-bb94-1005b16d34d9", - "name": "https://wpscan.com/vulnerability/ef23df6d-e265-44f6-bb94-1005b16d34d9" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/", - "name": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Elementor Website Builder WordPress plugin before 3.1.4, the icon box widget (includes/widgets/icon-box.php) accepts a \u2018title_size\u2019 parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified \u2018save_builder\u2019 request containing JavaScript in the \u2018title_size\u2019 parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Ramuel Gall" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/", + "name": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/ef23df6d-e265-44f6-bb94-1005b16d34d9", + "name": "https://wpscan.com/vulnerability/ef23df6d-e265-44f6-bb94-1005b16d34d9" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Ramuel Gall" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24206.json b/2021/24xxx/CVE-2021-24206.json index 4410108293e..cf268c5a596 100644 --- a/2021/24xxx/CVE-2021-24206.json +++ b/2021/24xxx/CVE-2021-24206.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24206", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "Elementor Website Builder", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "3.1.4", - "version_value": "3.1.4" + "CVE_data_meta": { + "ID": "CVE-2021-24206", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Image Box Widget" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Elementor Website Builder", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.1.4", + "version_value": "3.1.4" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget (includes/widgets/image-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_size’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/2f66efd9-7d55-4f33-9109-3cb583a0c309", - "name": "https://wpscan.com/vulnerability/2f66efd9-7d55-4f33-9109-3cb583a0c309" - }, - { - "refsource": "MISC", - "url": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/", - "name": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget (includes/widgets/image-box.php) accepts a \u2018title_size\u2019 parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified \u2018save_builder\u2019 request containing JavaScript in the \u2018title_size\u2019 parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Ramuel Gall" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/", + "name": "https://www.wordfence.com/blog/2021/03/cross-site-scripting-vulnerabilities-in-elementor-impact-over-7-million-sites/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/2f66efd9-7d55-4f33-9109-3cb583a0c309", + "name": "https://wpscan.com/vulnerability/2f66efd9-7d55-4f33-9109-3cb583a0c309" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Ramuel Gall" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24208.json b/2021/24xxx/CVE-2021-24208.json index 313635e6bd2..3d3e5cd9dd2 100644 --- a/2021/24xxx/CVE-2021-24208.json +++ b/2021/24xxx/CVE-2021-24208.json @@ -1,80 +1,80 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24208", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "WP Page Builder < 1.2.4 - Multiple Stored Cross-Site scripting (XSS)" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "WP Page Builder", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "1.2.4", - "version_value": "1.2.4" + "CVE_data_meta": { + "ID": "CVE-2021-24208", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP Page Builder < 1.2.4 - Multiple Stored Cross-Site scripting (XSS)" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Page Builder", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.2.4", + "version_value": "1.2.4" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets (though the custom HTML widget requires sending a crafted request - it appears that this widget uses some form of client side validation but not server side validation), all of which are added via the “page_builder_data” parameter when performing the “wppb_page_save” AJAX action. It is also possible to insert malicious JavaScript via the “wppb_page_css” parameter (this can be done by closing out the style tag and opening a script tag) when performing the “wppb_page_save” AJAX action." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://wpscan.com/vulnerability/c20e243d-b0de-4ae5-9a0d-b9d02c9b8141", - "name": "https://wpscan.com/vulnerability/c20e243d-b0de-4ae5-9a0d-b9d02c9b8141" - }, - { - "refsource": "MISC", - "url": "https://www.themeum.com/wp-page-builder-updated-v1-2-4/", - "name": "https://www.themeum.com/wp-page-builder-updated-v1-2-4/" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the \u201cRaw HTML\u201d widget and the \u201cCustom HTML\u201d widgets (though the custom HTML widget requires sending a crafted request - it appears that this widget uses some form of client side validation but not server side validation), all of which are added via the \u201cpage_builder_data\u201d parameter when performing the \u201cwppb_page_save\u201d AJAX action. It is also possible to insert malicious JavaScript via the \u201cwppb_page_css\u201d parameter (this can be done by closing out the style tag and opening a script tag) when performing the \u201cwppb_page_save\u201d AJAX action." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Ramuel Gall" + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.themeum.com/wp-page-builder-updated-v1-2-4/", + "name": "https://www.themeum.com/wp-page-builder-updated-v1-2-4/" + }, + { + "refsource": "CONFIRM", + "url": "https://wpscan.com/vulnerability/c20e243d-b0de-4ae5-9a0d-b9d02c9b8141", + "name": "https://wpscan.com/vulnerability/c20e243d-b0de-4ae5-9a0d-b9d02c9b8141" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Ramuel Gall" + } + ], + "source": { + "discovery": "UNKNOWN" } - ], - "source": { - "discovery": "UNKNOWN" - } } \ No newline at end of file diff --git a/2021/27xxx/CVE-2021-27807.json b/2021/27xxx/CVE-2021-27807.json index 1209415de08..5400ddb004d 100644 --- a/2021/27xxx/CVE-2021-27807.json +++ b/2021/27xxx/CVE-2021-27807.json @@ -144,6 +144,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-dc83ae690a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AVLKAHFMPH72TTP25INPZPGX5FODK3H/" + }, + { + "refsource": "MLIST", + "name": "[ofbiz-notifications] 20210405 [jira] [Updated] (OFBIZ-12205) Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906", + "url": "https://lists.apache.org/thread.html/r6e067a6d83ccb6892d0ff867bd216704f21fb0b6a854dea34be04f12@%3Cnotifications.ofbiz.apache.org%3E" } ] }, diff --git a/2021/27xxx/CVE-2021-27906.json b/2021/27xxx/CVE-2021-27906.json index 2f9b9afd964..50579b1d3a1 100644 --- a/2021/27xxx/CVE-2021-27906.json +++ b/2021/27xxx/CVE-2021-27906.json @@ -144,6 +144,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-dc83ae690a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AVLKAHFMPH72TTP25INPZPGX5FODK3H/" + }, + { + "refsource": "MLIST", + "name": "[ofbiz-notifications] 20210405 [jira] [Updated] (OFBIZ-12205) Upgrade Apache PDFBox to 2.0.23 because of CVE-2021-27807 and CVE-2021-27906", + "url": "https://lists.apache.org/thread.html/r6e067a6d83ccb6892d0ff867bd216704f21fb0b6a854dea34be04f12@%3Cnotifications.ofbiz.apache.org%3E" } ] }, diff --git a/2021/3xxx/CVE-2021-3177.json b/2021/3xxx/CVE-2021-3177.json index 42f22bd6a4a..63414c039fb 100644 --- a/2021/3xxx/CVE-2021-3177.json +++ b/2021/3xxx/CVE-2021-3177.json @@ -156,6 +156,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210226-0003/", "url": "https://security.netapp.com/advisory/ntap-20210226-0003/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210405 [SECURITY] [DLA 2619-1] python3.5 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html" } ] }