admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-04-24 17:00:47 +00:00
parent 9a543075d6
commit b5a4216edb
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
16 changed files with 1196 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
2023/37xxx/CVE-2023-37534.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37534",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@hcl.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient URI protocol whitelist in HCL Leap\nallows script injection through query parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HCL Software",
"product": {
"product_data": [
{
"product_name": "HCL Leap",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 9.3.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900",
"refsource": "MISC",
"name": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
}
]
}

78
2023/45xxx/CVE-2023-45720.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45720",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@hcl.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient default configuration in HCL Leap\nallows anonymous access to directory information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor",
"cweId": "CWE-359"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HCL Software",
"product": {
"product_data": [
{
"product_name": "HCL Leap",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 9.3.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900",
"refsource": "MISC",
"name": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

78
2024/30xxx/CVE-2024-30113.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-30113",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@hcl.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient sanitization policy in HCL Leap\nallows client-side script injection in the deployed application through the\nHTML widget."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HCL Software",
"product": {
"product_data": [
{
"product_name": "HCL Leap",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 9.3.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900",
"refsource": "MISC",
"name": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
]
}

78
2024/30xxx/CVE-2024-30114.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-30114",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@hcl.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient sanitization in HCL Leap allows\nclient-side script injection in the authoring environment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HCL Software",
"product": {
"product_data": [
{
"product_name": "HCL Leap",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 9.3.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900",
"refsource": "MISC",
"name": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

78
2024/30xxx/CVE-2024-30147.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-30147",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@hcl.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple vectors in HCL Leap allow client-side\nscript injection in the authoring environment and deployed applications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HCL Software",
"product": {
"product_data": [
{
"product_name": "HCL Leap",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 9.3.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900",
"refsource": "MISC",
"name": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

83
2025/31xxx/CVE-2025-31324.json
View File

@ -1,17 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-31324",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP_SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver (Visual Composer development server)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "VCFRAMEWORK 7.50"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://me.sap.com/notes/3594142",
"refsource": "MISC",
"name": "https://me.sap.com/notes/3594142"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"refsource": "MISC",
"name": "https://url.sap/sapsecuritypatchday"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2025/3xxx/CVE-2025-3923.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3923",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

85
2025/46xxx/CVE-2025-46531.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-46531",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Server-Side Request Forgery (SSRF) vulnerability in Ankur Vishwakarma WP AVCL Automation Helper (formerly WPFlyLeads) allows Server Side Request Forgery. This issue affects WP AVCL Automation Helper (formerly WPFlyLeads): from n/a through 3.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ankur Vishwakarma",
"product": {
"product_data": [
{
"product_name": "WP AVCL Automation Helper (formerly WPFlyLeads)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "3.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/woozap/vulnerability/wordpress-wp-avcl-automation-helper-formerly-wpflyleads-3-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/woozap/vulnerability/wordpress-wp-avcl-automation-helper-formerly-wpflyleads-3-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "ch4r0n (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 4.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseSeverity": "MEDIUM",
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"version": "3.1"
}
]
}

85
2025/46xxx/CVE-2025-46532.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-46532",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Haris Zulfiqar Tooltip allows DOM-Based XSS. This issue affects Tooltip: from n/a through 1.0.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Haris Zulfiqar",
"product": {
"product_data": [
{
"product_name": "Tooltip",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/wp-tooltip/vulnerability/wordpress-tooltip-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/wp-tooltip/vulnerability/wordpress-tooltip-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "johska (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1"
}
]
}

85
2025/46xxx/CVE-2025-46533.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-46533",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdrift.no Landing pages and Domain aliases for WordPress allows Stored XSS. This issue affects Landing pages and Domain aliases for WordPress: from n/a through 0.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wpdrift.no",
"product": {
"product_data": [
{
"product_name": "Landing pages and Domain aliases for WordPress",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "0.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/landing-pages-and-domain-aliases/vulnerability/wordpress-landing-pages-and-domain-aliases-for-wordpress-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/landing-pages-and-domain-aliases/vulnerability/wordpress-landing-pages-and-domain-aliases-for-wordpress-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Nabil Irawan (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1"
}
]
}

85
2025/46xxx/CVE-2025-46534.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-46534",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DanielRiera Image Style Hover allows DOM-Based XSS. This issue affects Image Style Hover: from n/a through 1.0.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "DanielRiera",
"product": {
"product_data": [
{
"product_name": "Image Style Hover",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.0.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/image-content-show-hover/vulnerability/wordpress-image-style-hover-1-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/image-content-show-hover/vulnerability/wordpress-image-style-hover-1-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "johska (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1"
}
]
}

85
2025/46xxx/CVE-2025-46536.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-46536",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RichardHarrison Carousel-of-post-images allows DOM-Based XSS. This issue affects Carousel-of-post-images: from n/a through 1.07."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "RichardHarrison",
"product": {
"product_data": [
{
"product_name": "Carousel-of-post-images",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.07"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/carousel-of-post-images/vulnerability/wordpress-carousel-of-post-images-1-07-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/carousel-of-post-images/vulnerability/wordpress-carousel-of-post-images-1-07-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "johska (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1"
}
]
}

85
2025/46xxx/CVE-2025-46538.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-46538",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webplanetsoft Inline Text Popup allows DOM-Based XSS. This issue affects Inline Text Popup: from n/a through 1.0.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "webplanetsoft",
"product": {
"product_data": [
{
"product_name": "Inline Text Popup",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.0.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/inline-text-popup/vulnerability/wordpress-inline-text-popup-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/inline-text-popup/vulnerability/wordpress-inline-text-popup-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "johska (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1"
}
]
}

85
2025/46xxx/CVE-2025-46540.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-46540",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Mok GNA Search Shortcode allows Stored XSS. This issue affects GNA Search Shortcode: from n/a through 0.9.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Chris Mok",
"product": {
"product_data": [
{
"product_name": "GNA Search Shortcode",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "0.9.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/gna-search-shortcode/vulnerability/wordpress-gna-search-shortcode-0-9-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/gna-search-shortcode/vulnerability/wordpress-gna-search-shortcode-0-9-5-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "johska (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1"
}
]
}

85
2025/46xxx/CVE-2025-46541.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-46541",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in elrata_ WP-reCAPTCHA-bp allows Stored XSS. This issue affects WP-reCAPTCHA-bp: from n/a through 4.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "elrata_",
"product": {
"product_data": [
{
"product_name": "WP-reCAPTCHA-bp",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "4.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/wp-recaptcha-bp/vulnerability/wordpress-wp-recaptcha-bp-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/wp-recaptcha-bp/vulnerability/wordpress-wp-recaptcha-bp-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Nabil Irawan (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1"
}
]
}

85
2025/46xxx/CVE-2025-46542.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-46542",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeXpert Xpert Tab allows Stored XSS. This issue affects Xpert Tab: from n/a through 1.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ThemeXpert",
"product": {
"product_data": [
{
"product_name": "Xpert Tab",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/xpert-tab/vulnerability/wordpress-xpert-tab-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/xpert-tab/vulnerability/wordpress-xpert-tab-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "johska (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseSeverity": "MEDIUM",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"version": "3.1"
}
]
}