From a6f75fad3b7895dea15fb91d8c4f49151778be0d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 9 Mar 2025 07:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/47xxx/CVE-2021-47661.json | 18 ++++++ 2025/1xxx/CVE-2025-1363.json | 81 ++++++++++++++++++++++++-- 2025/1xxx/CVE-2025-1382.json | 89 +++++++++++++++++++++++++++-- 2025/2xxx/CVE-2025-2116.json | 100 +++++++++++++++++++++++++++++++-- 2025/2xxx/CVE-2025-2129.json | 18 ++++++ 5 files changed, 292 insertions(+), 14 deletions(-) create mode 100644 2021/47xxx/CVE-2021-47661.json create mode 100644 2025/2xxx/CVE-2025-2129.json diff --git a/2021/47xxx/CVE-2021-47661.json b/2021/47xxx/CVE-2021-47661.json new file mode 100644 index 00000000000..8da45927b8b --- /dev/null +++ b/2021/47xxx/CVE-2021-47661.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-47661", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1363.json b/2025/1xxx/CVE-2025-1363.json index 586f3e599d1..c4e438fbb6a 100644 --- a/2025/1xxx/CVE-2025-1363.json +++ b/2025/1xxx/CVE-2025-1363.json @@ -1,18 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1363", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "URL Shortener | Conversion Tracking | AB Testing | WooCommerce", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "versionType": "semver", + "version": "0", + "lessThanOrEqual": "9.0.2" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/16b08e77-3562-4506-9b28-abd1b1128b0a/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/16b08e77-3562-4506-9b28-abd1b1128b0a/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Bob Matyas" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1382.json b/2025/1xxx/CVE-2025-1382.json index d313393d510..8b6f3fdc1ed 100644 --- a/2025/1xxx/CVE-2025-1382.json +++ b/2025/1xxx/CVE-2025-1382.json @@ -1,18 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1382", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Contact Us By Lord Linus WordPress plugin through 2.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Contact Us By Lord Linus", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "versionType": "semver", + "version": "0", + "lessThanOrEqual": "2.6" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/a3002265-ac83-4c00-8afb-cbfbb4afc1e9/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/a3002265-ac83-4c00-8afb-cbfbb4afc1e9/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Bob Matyas" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2116.json b/2025/2xxx/CVE-2025-2116.json index 365f942169c..b663b91e690 100644 --- a/2025/2xxx/CVE-2025-2116.json +++ b/2025/2xxx/CVE-2025-2116.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2116", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System 3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /newsedit/newsedit/xy/imageProxy.do of the component File Protocol Handler. The manipulation of the argument xyImgUrl leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System 3.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /newsedit/newsedit/xy/imageProxy.do der Komponente File Protocol Handler. Durch das Beeinflussen des Arguments xyImgUrl mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server-Side Request Forgery", + "cweId": "CWE-918" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Beijing Founder Electronics", + "product": { + "product_data": [ + { + "product_name": "Founder Enjoys All-Media Acquisition and Editing System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.299011", + "refsource": "MISC", + "name": "https://vuldb.com/?id.299011" + }, + { + "url": "https://vuldb.com/?ctiid.299011", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.299011" + }, + { + "url": "https://vuldb.com/?submit.503719", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.503719" + }, + { + "url": "https://flowus.cn/share/a104e4fc-a8f7-48b1-8648-1a3e5f78b9bf?code=G8A6P3", + "refsource": "MISC", + "name": "https://flowus.cn/share/a104e4fc-a8f7-48b1-8648-1a3e5f78b9bf?code=G8A6P3" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "0menc (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N" } ] } diff --git a/2025/2xxx/CVE-2025-2129.json b/2025/2xxx/CVE-2025-2129.json new file mode 100644 index 00000000000..0b4e62bd2fa --- /dev/null +++ b/2025/2xxx/CVE-2025-2129.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2129", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file