From b5883f5e28e9ce75cf90927aaf12d2498530e061 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 8 Apr 2025 02:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/2xxx/CVE-2025-2519.json | 81 ++++++++++++++++++++++++-- 2025/2xxx/CVE-2025-2525.json | 81 ++++++++++++++++++++++++-- 2025/2xxx/CVE-2025-2526.json | 81 ++++++++++++++++++++++++-- 2025/3xxx/CVE-2025-3392.json | 104 +++++++++++++++++++++++++++++++-- 2025/3xxx/CVE-2025-3393.json | 104 +++++++++++++++++++++++++++++++-- 2025/3xxx/CVE-2025-3397.json | 109 +++++++++++++++++++++++++++++++++-- 2025/3xxx/CVE-2025-3398.json | 109 +++++++++++++++++++++++++++++++++-- 7 files changed, 641 insertions(+), 28 deletions(-) diff --git a/2025/2xxx/CVE-2025-2519.json b/2025/2xxx/CVE-2025-2519.json index 88f5916a27b..8db79b5659d 100644 --- a/2025/2xxx/CVE-2025-2519.json +++ b/2025/2xxx/CVE-2025-2519.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2519", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Sreamit theme for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 4.0.1. This is due to insufficient file validation in the 'st_send_download_file' function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "iqonicdesign", + "product": { + "product_data": [ + { + "product_name": "Streamit", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "4.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd28c405-ed2f-435a-806c-1fc43cac0f80?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd28c405-ed2f-435a-806c-1fc43cac0f80?source=cve" + }, + { + "url": "https://themeforest.net/item/streamit-video-streaming-wordpress-theme/29772881", + "refsource": "MISC", + "name": "https://themeforest.net/item/streamit-video-streaming-wordpress-theme/29772881" + }, + { + "url": "https://documentation.iqonic.design/streamit/change-log/streamit-v4-0/", + "refsource": "MISC", + "name": "https://documentation.iqonic.design/streamit/change-log/streamit-v4-0/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Istv\u00e1n M\u00e1rton" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2025/2xxx/CVE-2025-2525.json b/2025/2xxx/CVE-2025-2525.json index 9d37953be2b..1716b64b11f 100644 --- a/2025/2xxx/CVE-2025-2525.json +++ b/2025/2xxx/CVE-2025-2525.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2525", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Streamit theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'st_Authentication_Controller::edit_profile' function in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "iqonicdesign", + "product": { + "product_data": [ + { + "product_name": "Streamit", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "4.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/83a58119-d0ed-47fe-93d1-1aa1def2cf44?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/83a58119-d0ed-47fe-93d1-1aa1def2cf44?source=cve" + }, + { + "url": "https://themeforest.net/item/streamit-video-streaming-wordpress-theme/29772881", + "refsource": "MISC", + "name": "https://themeforest.net/item/streamit-video-streaming-wordpress-theme/29772881" + }, + { + "url": "https://documentation.iqonic.design/streamit/change-log/streamit-v4-0/", + "refsource": "MISC", + "name": "https://documentation.iqonic.design/streamit/change-log/streamit-v4-0/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Istv\u00e1n M\u00e1rton" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2025/2xxx/CVE-2025-2526.json b/2025/2xxx/CVE-2025-2526.json index 48f3a4fba06..7630948a131 100644 --- a/2025/2xxx/CVE-2025-2526.json +++ b/2025/2xxx/CVE-2025-2526.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2526", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email in the 'st_Authentication_Controller::edit_profile' function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-639 Authorization Bypass Through User-Controlled Key", + "cweId": "CWE-639" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "iqonicdesign", + "product": { + "product_data": [ + { + "product_name": "Streamit", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "4.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/057abffb-1c52-49ca-8791-ca44f0c5a011?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/057abffb-1c52-49ca-8791-ca44f0c5a011?source=cve" + }, + { + "url": "https://themeforest.net/item/streamit-video-streaming-wordpress-theme/29772881", + "refsource": "MISC", + "name": "https://themeforest.net/item/streamit-video-streaming-wordpress-theme/29772881" + }, + { + "url": "https://documentation.iqonic.design/streamit/change-log/streamit-v4-0/", + "refsource": "MISC", + "name": "https://documentation.iqonic.design/streamit/change-log/streamit-v4-0/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Istv\u00e1n M\u00e1rton" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2025/3xxx/CVE-2025-3392.json b/2025/3xxx/CVE-2025-3392.json index 6889631d292..6caf5fe39b2 100644 --- a/2025/3xxx/CVE-2025-3392.json +++ b/2025/3xxx/CVE-2025-3392.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3392", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Affected by this issue is the function Save of the file cn/gson/oasys/controller/mail/MailController.java of the component Backend. The manipulation of the argument MailNumberId leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in hailey888 oa_system bis 2025.01.01 gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist die Funktion Save der Datei cn/gson/oasys/controller/mail/MailController.java der Komponente Backend. Mittels dem Manipulieren des Arguments MailNumberId mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting", + "cweId": "CWE-79" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Code Injection", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "hailey888", + "product": { + "product_data": [ + { + "product_name": "oa_system", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2025.01.01" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.303638", + "refsource": "MISC", + "name": "https://vuldb.com/?id.303638" + }, + { + "url": "https://vuldb.com/?ctiid.303638", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.303638" + }, + { + "url": "https://gitee.com/hailey888/oa_system/issues/IBRQZ9", + "refsource": "MISC", + "name": "https://gitee.com/hailey888/oa_system/issues/IBRQZ9" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB Gitee Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2025/3xxx/CVE-2025-3393.json b/2025/3xxx/CVE-2025-3393.json index 459ea9c4253..608d3c6ce68 100644 --- a/2025/3xxx/CVE-2025-3393.json +++ b/2025/3xxx/CVE-2025-3393.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3393", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in mrcen springboot-ucan-admin up to 5f35162032cbe9288a04e429ef35301545143509. It has been classified as problematic. This affects an unknown part of the file /ucan-admin/index of the component Personal Settings Interface. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in mrcen springboot-ucan-admin bis 5f35162032cbe9288a04e429ef35301545143509 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /ucan-admin/index der Komponente Personal Settings Interface. Mittels Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verf\u00fcgbar." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting", + "cweId": "CWE-79" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Code Injection", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mrcen", + "product": { + "product_data": [ + { + "product_name": "springboot-ucan-admin", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5f35162032cbe9288a04e429ef35301545143509" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.303639", + "refsource": "MISC", + "name": "https://vuldb.com/?id.303639" + }, + { + "url": "https://vuldb.com/?ctiid.303639", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.303639" + }, + { + "url": "https://gitee.com/mrcen/springboot-ucan-admin/issues/IBT2W5", + "refsource": "MISC", + "name": "https://gitee.com/mrcen/springboot-ucan-admin/issues/IBT2W5" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB Gitee Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2025/3xxx/CVE-2025-3397.json b/2025/3xxx/CVE-2025-3397.json index c5a4ae1e40c..804563bed2f 100644 --- a/2025/3xxx/CVE-2025-3397.json +++ b/2025/3xxx/CVE-2025-3397.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3397", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic has been found in YzmCMS 7.1. Affected is an unknown function of the file message.tpl. The manipulation of the argument gourl leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in YzmCMS 7.1 entdeckt. Es geht dabei um eine nicht klar definierte Funktion der Datei message.tpl. Durch das Beeinflussen des Arguments gourl mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting", + "cweId": "CWE-79" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Code Injection", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "YzmCMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.303642", + "refsource": "MISC", + "name": "https://vuldb.com/?id.303642" + }, + { + "url": "https://vuldb.com/?ctiid.303642", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.303642" + }, + { + "url": "https://vuldb.com/?submit.525203", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.525203" + }, + { + "url": "https://www.yuque.com/baimatangseng-iyusa/qwwm81/sqn7nf0irphq7f1k?singleDoc", + "refsource": "MISC", + "name": "https://www.yuque.com/baimatangseng-iyusa/qwwm81/sqn7nf0irphq7f1k?singleDoc" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "sjdalu (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ] } diff --git a/2025/3xxx/CVE-2025-3398.json b/2025/3xxx/CVE-2025-3398.json index 8edb198cf3e..c1d86d40d05 100644 --- a/2025/3xxx/CVE-2025-3398.json +++ b/2025/3xxx/CVE-2025-3398.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3398", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical was found in lenve VBlog up to 1.0.0. Affected by this vulnerability is the function configure of the file blogserver/src/main/java/org/sang/config/WebSecurityConfig.java. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "In lenve VBlog bis 1.0.0 wurde eine kritische Schwachstelle entdeckt. Dabei geht es um die Funktion configure der Datei blogserver/src/main/java/org/sang/config/WebSecurityConfig.java. Durch Beeinflussen mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Controls", + "cweId": "CWE-284" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Privilege Assignment", + "cweId": "CWE-266" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "lenve", + "product": { + "product_data": [ + { + "product_name": "VBlog", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.303643", + "refsource": "MISC", + "name": "https://vuldb.com/?id.303643" + }, + { + "url": "https://vuldb.com/?ctiid.303643", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.303643" + }, + { + "url": "https://vuldb.com/?submit.525609", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.525609" + }, + { + "url": "https://magnificent-dill-351.notion.site/Improper-Authentication-Vulnerability-in-VBlog-1-0-0-1c0c693918ed80f2ace4fff7d1d51619", + "refsource": "MISC", + "name": "https://magnificent-dill-351.notion.site/Improper-Authentication-Vulnerability-in-VBlog-1-0-0-1c0c693918ed80f2ace4fff7d1d51619" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "s0l42 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] }