From b27f97647d0417a50fc1d4b30515d7edf6489ba8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 2 Dec 2022 20:00:37 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/36xxx/CVE-2020-36388.json | 5 + 2020/36xxx/CVE-2020-36389.json | 5 + 2022/2xxx/CVE-2022-2640.json | 87 ++++++++++++++- 2022/2xxx/CVE-2022-2641.json | 87 ++++++++++++++- 2022/2xxx/CVE-2022-2642.json | 87 ++++++++++++++- 2022/3xxx/CVE-2022-3086.json | 195 ++++++++++++++++++++++++++++++++- 2022/44xxx/CVE-2022-44290.json | 61 ++++++++++- 2022/44xxx/CVE-2022-44291.json | 61 ++++++++++- 2022/44xxx/CVE-2022-44944.json | 61 ++++++++++- 2022/44xxx/CVE-2022-44945.json | 61 ++++++++++- 2022/44xxx/CVE-2022-44946.json | 61 ++++++++++- 2022/44xxx/CVE-2022-44947.json | 61 ++++++++++- 2022/44xxx/CVE-2022-44948.json | 61 ++++++++++- 2022/44xxx/CVE-2022-44949.json | 61 ++++++++++- 2022/44xxx/CVE-2022-44950.json | 61 ++++++++++- 2022/44xxx/CVE-2022-44951.json | 61 ++++++++++- 2022/44xxx/CVE-2022-44952.json | 61 ++++++++++- 2022/44xxx/CVE-2022-44953.json | 61 ++++++++++- 2022/44xxx/CVE-2022-44954.json | 61 ++++++++++- 2022/44xxx/CVE-2022-44955.json | 61 ++++++++++- 2022/44xxx/CVE-2022-44956.json | 61 ++++++++++- 2022/44xxx/CVE-2022-44957.json | 61 ++++++++++- 2022/44xxx/CVE-2022-44959.json | 61 ++++++++++- 2022/44xxx/CVE-2022-44960.json | 61 ++++++++++- 2022/44xxx/CVE-2022-44961.json | 61 ++++++++++- 2022/44xxx/CVE-2022-44962.json | 61 ++++++++++- 26 files changed, 1542 insertions(+), 144 deletions(-) diff --git a/2020/36xxx/CVE-2020-36388.json b/2020/36xxx/CVE-2020-36388.json index 544f9c15d40..c111042a665 100644 --- a/2020/36xxx/CVE-2020-36388.json +++ b/2020/36xxx/CVE-2020-36388.json @@ -56,6 +56,11 @@ "url": "https://civicrm.org/advisory/civi-sa-2020-03", "refsource": "MISC", "name": "https://civicrm.org/advisory/civi-sa-2020-03" + }, + { + "refsource": "MISC", + "name": "https://blog.sonarsource.com/civicrm-code-execution-vulnerability-chain-explained/", + "url": "https://blog.sonarsource.com/civicrm-code-execution-vulnerability-chain-explained/" } ] } diff --git a/2020/36xxx/CVE-2020-36389.json b/2020/36xxx/CVE-2020-36389.json index b43e570b9bf..314dd07877d 100644 --- a/2020/36xxx/CVE-2020-36389.json +++ b/2020/36xxx/CVE-2020-36389.json @@ -56,6 +56,11 @@ "url": "https://civicrm.org/advisory/civi-sa-2020-11-csrf-ckeditor-configuration-form", "refsource": "MISC", "name": "https://civicrm.org/advisory/civi-sa-2020-11-csrf-ckeditor-configuration-form" + }, + { + "refsource": "MISC", + "name": "https://blog.sonarsource.com/civicrm-code-execution-vulnerability-chain-explained/", + "url": "https://blog.sonarsource.com/civicrm-code-execution-vulnerability-chain-explained/" } ] } diff --git a/2022/2xxx/CVE-2022-2640.json b/2022/2xxx/CVE-2022-2640.json index 4976462525e..e10bdc5c83c 100644 --- a/2022/2xxx/CVE-2022-2640.json +++ b/2022/2xxx/CVE-2022-2640.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2022-12-01T19:25:00.000Z", "ID": "CVE-2022-2640", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Remote Compact Controller (RCC) 972", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_name": "Firmware Version", + "version_value": "15.40" + } + ] + } + } + ] + }, + "vendor_name": "Horner Automation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "m1etz reported these vulnerabilities through the Computer Emergency Response Team, CERT-Bund, to CISA" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Config-files of Horner Automation\u2019s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP)." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-326 Inadequate Encryption Strength" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-335-02", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-335-02" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2641.json b/2022/2xxx/CVE-2022-2641.json index 5f1b7334526..234fa09b6e2 100644 --- a/2022/2xxx/CVE-2022-2641.json +++ b/2022/2xxx/CVE-2022-2641.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2022-12-01T19:25:00.000Z", "ID": "CVE-2022-2641", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Remote Compact Controller (RCC) 972", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_name": "Firmware Version", + "version_value": "15.40" + } + ] + } + } + ] + }, + "vendor_name": "Horner Automation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "m1etz reported these vulnerabilities through the Computer Emergency Response Team, CERT-Bund, to CISA" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Horner Automation\u2019s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-321 Use of Hard-coded Cryptographic Key" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-335-02", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-335-02" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2642.json b/2022/2xxx/CVE-2022-2642.json index 6e8fa0121e3..00d208c5d6d 100644 --- a/2022/2xxx/CVE-2022-2642.json +++ b/2022/2xxx/CVE-2022-2642.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2022-12-01T19:25:00.000Z", "ID": "CVE-2022-2642", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Remote Compact Controller (RCC) 972", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_name": "Firmware Version", + "version_value": "15.40" + } + ] + } + } + ] + }, + "vendor_name": "Horner Automation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "m1etz reported these vulnerabilities through the Computer Emergency Response Team, CERT-Bund, to CISA" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Horner Automation\u2019s RCC 972 firmware version 15.40 contains global variables. This could allow an attacker to read out sensitive values and variable keys from the device." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1108 EXCESSIVE RELIANCE ON GLOBAL VARIABLES" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-335-02", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-335-02" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/3xxx/CVE-2022-3086.json b/2022/3xxx/CVE-2022-3086.json index 29ee0bb1afb..58ec3f5fdbc 100644 --- a/2022/3xxx/CVE-2022-3086.json +++ b/2022/3xxx/CVE-2022-3086.json @@ -1,18 +1,201 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2022-11-29T16:59:00.000Z", "ID": "CVE-2022-3086", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "UC-8580 Series", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_name": "Version", + "version_value": "V1.1" + } + ] + } + }, + { + "product_name": "UC-8540 Series", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_name": "Versions", + "version_value": "V1.0 to V1.2" + } + ] + } + }, + { + "product_name": "UC-8410A Series", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_name": "Version", + "version_value": "V2.2" + } + ] + } + }, + { + "product_name": "UC-8200 Series", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_name": "Versions", + "version_value": "V1.0 to V2.4" + } + ] + } + }, + { + "product_name": "UC-8100A-ME-T Series", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_name": "Versions", + "version_value": "V1.0 to V1.1 " + } + ] + } + }, + { + "product_name": "UC-8100 Series", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_name": "Versions", + "version_value": "V1.2 to V1.3" + } + ] + } + }, + { + "product_name": "UC-5100 Series", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_name": "Version", + "version_value": "V1.2 " + } + ] + } + }, + { + "product_name": "UC-3100 Series", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_name": "Versions", + "version_value": "V1.2 to V2.0" + } + ] + } + }, + { + "product_name": "UC-2100 Series", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_name": "Versions", + "version_value": "V1.3 to V1.5" + } + ] + } + }, + { + "product_name": "UC-2100-W Series", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_name": "Versions", + "version_value": "V1.3 to V1.5" + } + ] + } + } + ] + }, + "vendor_name": "Moxa" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Casper Bladt of ICSrange.com research team reported this vulnerability to CISA" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker with physical access to Moxa's bootloader versions of UC-8580 Series V1.1, UC-8540 Series V1.0 to V1.2, UC-8410A Series V2.2, UC-8200 Series V1.0 to V2.4, UC-8100A-ME-T Series V1.0 to V1.1, UC-8100 Series V1.2 to V1.3, UC-5100 Series V1.2, UC-3100 Series V1.2 to V2.0, UC-2100 Series V1.3 to V1.5, and UC-2100-W Series V1.3 to V1.5 can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device\u2019s authentication files to create a new user and gain full access to the system." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "HIGH", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1263 IMPROPER PHYSICAL ACCESS CONTROL" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-04", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-04" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/44xxx/CVE-2022-44290.json b/2022/44xxx/CVE-2022-44290.json index 41cbef2348e..1802c386c2c 100644 --- a/2022/44xxx/CVE-2022-44290.json +++ b/2022/44xxx/CVE-2022-44290.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44290", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44290", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://webtareas.com", + "refsource": "MISC", + "name": "http://webtareas.com" + }, + { + "url": "https://github.com/anhdq201/webtareas/issues/2", + "refsource": "MISC", + "name": "https://github.com/anhdq201/webtareas/issues/2" } ] } diff --git a/2022/44xxx/CVE-2022-44291.json b/2022/44xxx/CVE-2022-44291.json index 6978ab75083..f16cb9742fe 100644 --- a/2022/44xxx/CVE-2022-44291.json +++ b/2022/44xxx/CVE-2022-44291.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44291", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44291", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://webtareas.com", + "refsource": "MISC", + "name": "http://webtareas.com" + }, + { + "url": "https://github.com/anhdq201/webtareas/issues/1", + "refsource": "MISC", + "name": "https://github.com/anhdq201/webtareas/issues/1" } ] } diff --git a/2022/44xxx/CVE-2022-44944.json b/2022/44xxx/CVE-2022-44944.json index 87b3f3cbdf3..94f96d0e995 100644 --- a/2022/44xxx/CVE-2022-44944.json +++ b/2022/44xxx/CVE-2022-44944.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44944", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44944", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://rukovoditel.com", + "refsource": "MISC", + "name": "http://rukovoditel.com" + }, + { + "url": "https://github.com/anhdq201/rukovoditel/issues/14", + "refsource": "MISC", + "name": "https://github.com/anhdq201/rukovoditel/issues/14" } ] } diff --git a/2022/44xxx/CVE-2022-44945.json b/2022/44xxx/CVE-2022-44945.json index b6f2706aaa9..3ad833dfab6 100644 --- a/2022/44xxx/CVE-2022-44945.json +++ b/2022/44xxx/CVE-2022-44945.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44945", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44945", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://rukovoditel.com", + "refsource": "MISC", + "name": "http://rukovoditel.com" + }, + { + "url": "https://github.com/anhdq201/rukovoditel/issues/16", + "refsource": "MISC", + "name": "https://github.com/anhdq201/rukovoditel/issues/16" } ] } diff --git a/2022/44xxx/CVE-2022-44946.json b/2022/44xxx/CVE-2022-44946.json index ed4d8c44936..c6bf0729fab 100644 --- a/2022/44xxx/CVE-2022-44946.json +++ b/2022/44xxx/CVE-2022-44946.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44946", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44946", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://rukovoditel.com", + "refsource": "MISC", + "name": "http://rukovoditel.com" + }, + { + "url": "https://github.com/anhdq201/rukovoditel/issues/15", + "refsource": "MISC", + "name": "https://github.com/anhdq201/rukovoditel/issues/15" } ] } diff --git a/2022/44xxx/CVE-2022-44947.json b/2022/44xxx/CVE-2022-44947.json index 853e32f8470..34c7bccee66 100644 --- a/2022/44xxx/CVE-2022-44947.json +++ b/2022/44xxx/CVE-2022-44947.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44947", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44947", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking \"Add\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://rukovoditel.com", + "refsource": "MISC", + "name": "http://rukovoditel.com" + }, + { + "url": "https://github.com/anhdq201/rukovoditel/issues/13", + "refsource": "MISC", + "name": "https://github.com/anhdq201/rukovoditel/issues/13" } ] } diff --git a/2022/44xxx/CVE-2022-44948.json b/2022/44xxx/CVE-2022-44948.json index bf83e6b164c..d4ecaab27ad 100644 --- a/2022/44xxx/CVE-2022-44948.json +++ b/2022/44xxx/CVE-2022-44948.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44948", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44948", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking \"Add\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://rukovoditel.com", + "refsource": "MISC", + "name": "http://rukovoditel.com" + }, + { + "url": "https://github.com/anhdq201/rukovoditel/issues/8", + "refsource": "MISC", + "name": "https://github.com/anhdq201/rukovoditel/issues/8" } ] } diff --git a/2022/44xxx/CVE-2022-44949.json b/2022/44xxx/CVE-2022-44949.json index da0fd2f0fc0..f8bdc186b5d 100644 --- a/2022/44xxx/CVE-2022-44949.json +++ b/2022/44xxx/CVE-2022-44949.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44949", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44949", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://rukovoditel.com", + "refsource": "MISC", + "name": "http://rukovoditel.com" + }, + { + "url": "https://github.com/anhdq201/rukovoditel/issues/12", + "refsource": "MISC", + "name": "https://github.com/anhdq201/rukovoditel/issues/12" } ] } diff --git a/2022/44xxx/CVE-2022-44950.json b/2022/44xxx/CVE-2022-44950.json index 311aa26f54c..fa961e2f416 100644 --- a/2022/44xxx/CVE-2022-44950.json +++ b/2022/44xxx/CVE-2022-44950.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44950", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44950", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://rukovoditel.com", + "refsource": "MISC", + "name": "http://rukovoditel.com" + }, + { + "url": "https://github.com/anhdq201/rukovoditel/issues/10", + "refsource": "MISC", + "name": "https://github.com/anhdq201/rukovoditel/issues/10" } ] } diff --git a/2022/44xxx/CVE-2022-44951.json b/2022/44xxx/CVE-2022-44951.json index bff75202460..5d74a5dbd28 100644 --- a/2022/44xxx/CVE-2022-44951.json +++ b/2022/44xxx/CVE-2022-44951.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44951", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44951", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://rukovoditel.com", + "refsource": "MISC", + "name": "http://rukovoditel.com" + }, + { + "url": "https://github.com/anhdq201/rukovoditel/issues/11", + "refsource": "MISC", + "name": "https://github.com/anhdq201/rukovoditel/issues/11" } ] } diff --git a/2022/44xxx/CVE-2022-44952.json b/2022/44xxx/CVE-2022-44952.json index 0987e11d8a0..f6eef3fe934 100644 --- a/2022/44xxx/CVE-2022-44952.json +++ b/2022/44xxx/CVE-2022-44952.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44952", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44952", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking \"Add\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://rukovoditel.com", + "refsource": "MISC", + "name": "http://rukovoditel.com" + }, + { + "url": "https://github.com/anhdq201/rukovoditel/issues/9", + "refsource": "MISC", + "name": "https://github.com/anhdq201/rukovoditel/issues/9" } ] } diff --git a/2022/44xxx/CVE-2022-44953.json b/2022/44xxx/CVE-2022-44953.json index 8a6eb1f239f..eac5419dbb8 100644 --- a/2022/44xxx/CVE-2022-44953.json +++ b/2022/44xxx/CVE-2022-44953.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44953", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44953", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking \"Add\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://webtareas.com", + "refsource": "MISC", + "name": "http://webtareas.com" + }, + { + "url": "https://github.com/anhdq201/webtareas/issues/8", + "refsource": "MISC", + "name": "https://github.com/anhdq201/webtareas/issues/8" } ] } diff --git a/2022/44xxx/CVE-2022-44954.json b/2022/44xxx/CVE-2022-44954.json index 4404947bfcc..f2e49d6d6e4 100644 --- a/2022/44xxx/CVE-2022-44954.json +++ b/2022/44xxx/CVE-2022-44954.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44954", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44954", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name field after clicking \"Add\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://webtareas.com", + "refsource": "MISC", + "name": "http://webtareas.com" + }, + { + "url": "https://github.com/anhdq201/webtareas/issues/10", + "refsource": "MISC", + "name": "https://github.com/anhdq201/webtareas/issues/10" } ] } diff --git a/2022/44xxx/CVE-2022-44955.json b/2022/44xxx/CVE-2022-44955.json index 3703c69c4d7..049b6b5a90c 100644 --- a/2022/44xxx/CVE-2022-44955.json +++ b/2022/44xxx/CVE-2022-44955.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44955", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44955", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://webtareas.com", + "refsource": "MISC", + "name": "http://webtareas.com" + }, + { + "url": "https://github.com/anhdq201/webtareas/issues/5", + "refsource": "MISC", + "name": "https://github.com/anhdq201/webtareas/issues/5" } ] } diff --git a/2022/44xxx/CVE-2022-44956.json b/2022/44xxx/CVE-2022-44956.json index f87017dd8be..039e3d5d50b 100644 --- a/2022/44xxx/CVE-2022-44956.json +++ b/2022/44xxx/CVE-2022-44956.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44956", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44956", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://webtareas.com", + "refsource": "MISC", + "name": "http://webtareas.com" + }, + { + "url": "https://github.com/anhdq201/webtareas/issues/3", + "refsource": "MISC", + "name": "https://github.com/anhdq201/webtareas/issues/3" } ] } diff --git a/2022/44xxx/CVE-2022-44957.json b/2022/44xxx/CVE-2022-44957.json index b2a992d1200..b73a06927a5 100644 --- a/2022/44xxx/CVE-2022-44957.json +++ b/2022/44xxx/CVE-2022-44957.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44957", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44957", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://webtareas.com", + "refsource": "MISC", + "name": "http://webtareas.com" + }, + { + "url": "https://github.com/anhdq201/webtareas/issues/11", + "refsource": "MISC", + "name": "https://github.com/anhdq201/webtareas/issues/11" } ] } diff --git a/2022/44xxx/CVE-2022-44959.json b/2022/44xxx/CVE-2022-44959.json index 4f988e8217a..01f9e10a88b 100644 --- a/2022/44xxx/CVE-2022-44959.json +++ b/2022/44xxx/CVE-2022-44959.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44959", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44959", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://webtareas.com", + "refsource": "MISC", + "name": "http://webtareas.com" + }, + { + "url": "https://github.com/anhdq201/webtareas/issues/6", + "refsource": "MISC", + "name": "https://github.com/anhdq201/webtareas/issues/6" } ] } diff --git a/2022/44xxx/CVE-2022-44960.json b/2022/44xxx/CVE-2022-44960.json index 66b59a2527b..16c031f3f65 100644 --- a/2022/44xxx/CVE-2022-44960.json +++ b/2022/44xxx/CVE-2022-44960.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44960", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44960", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://webtareas.com", + "refsource": "MISC", + "name": "http://webtareas.com" + }, + { + "url": "https://github.com/anhdq201/webtareas/issues/4", + "refsource": "MISC", + "name": "https://github.com/anhdq201/webtareas/issues/4" } ] } diff --git a/2022/44xxx/CVE-2022-44961.json b/2022/44xxx/CVE-2022-44961.json index 87b51b0a765..a771447e05f 100644 --- a/2022/44xxx/CVE-2022-44961.json +++ b/2022/44xxx/CVE-2022-44961.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44961", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44961", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://webtareas.com", + "refsource": "MISC", + "name": "http://webtareas.com" + }, + { + "url": "https://github.com/anhdq201/webtareas/issues/7", + "refsource": "MISC", + "name": "https://github.com/anhdq201/webtareas/issues/7" } ] } diff --git a/2022/44xxx/CVE-2022-44962.json b/2022/44xxx/CVE-2022-44962.json index c511cdb7efa..9d7be83e998 100644 --- a/2022/44xxx/CVE-2022-44962.json +++ b/2022/44xxx/CVE-2022-44962.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-44962", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-44962", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://webtareas.com", + "refsource": "MISC", + "name": "http://webtareas.com" + }, + { + "url": "https://github.com/anhdq201/webtareas/issues/12", + "refsource": "MISC", + "name": "https://github.com/anhdq201/webtareas/issues/12" } ] }