From b27aa48dc4a20de4b79fc6c355ac901e7930087c Mon Sep 17 00:00:00 2001 From: erwanlr Date: Thu, 2 Dec 2021 18:36:37 +0100 Subject: [PATCH] Adds CVEs --- 2015/20xxx/CVE-2015-20105.json | 105 ++++++++++++++++++++++++++++----- 2015/20xxx/CVE-2015-20106.json | 87 ++++++++++++++++++++++----- 2 files changed, 162 insertions(+), 30 deletions(-) diff --git a/2015/20xxx/CVE-2015-20105.json b/2015/20xxx/CVE-2015-20105.json index e674df911f3..614cb54154c 100644 --- a/2015/20xxx/CVE-2015-20105.json +++ b/2015/20xxx/CVE-2015-20105.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2015-20105", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2015-20105", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "ClickBank Affiliate Ads <= 1.20 - CSRF to Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "ClickBank Affiliate Ads", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.20", + "version_value": "1.20" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issues" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/2bc3af7e-5542-40c4-8141-7c49e8df68f0", + "name": "https://wpscan.com/vulnerability/2bc3af7e-5542-40c4-8141-7c49e8df68f0" + }, + { + "refsource": "MISC", + "url": "https://seclists.org/bugtraq/2015/May/45", + "name": "https://seclists.org/bugtraq/2015/May/45" + }, + { + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/131814/", + "name": "https://packetstormsecurity.com/files/131814/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + }, + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Kaustubh G. Padwad" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2015/20xxx/CVE-2015-20106.json b/2015/20xxx/CVE-2015-20106.json index 39adf24c952..203ce8dcf47 100644 --- a/2015/20xxx/CVE-2015-20106.json +++ b/2015/20xxx/CVE-2015-20106.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2015-20106", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2015-20106", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "ClickBank Affiliate Ads <= 1.20 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "ClickBank Affiliate Ads", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.20", + "version_value": "1.20" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/907792c4-3384-4351-bb75-0ad10f65fbe1", + "name": "https://wpscan.com/vulnerability/907792c4-3384-4351-bb75-0ad10f65fbe1" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Kaustubh G. Padwad" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file