diff --git a/2023/26xxx/CVE-2023-26048.json b/2023/26xxx/CVE-2023-26048.json index 025a356fd4f..c9c33f7b8ae 100644 --- a/2023/26xxx/CVE-2023-26048.json +++ b/2023/26xxx/CVE-2023-26048.json @@ -96,6 +96,11 @@ "url": "https://www.debian.org/security/2023/dsa-5507", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5507" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html" } ] }, diff --git a/2023/26xxx/CVE-2023-26049.json b/2023/26xxx/CVE-2023-26049.json index aaae04b2cef..730050cd920 100644 --- a/2023/26xxx/CVE-2023-26049.json +++ b/2023/26xxx/CVE-2023-26049.json @@ -100,6 +100,11 @@ "url": "https://www.debian.org/security/2023/dsa-5507", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5507" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html" } ] }, diff --git a/2023/36xxx/CVE-2023-36479.json b/2023/36xxx/CVE-2023-36479.json index 4d0b4d0c8ee..ee3675b568f 100644 --- a/2023/36xxx/CVE-2023-36479.json +++ b/2023/36xxx/CVE-2023-36479.json @@ -90,6 +90,11 @@ "url": "https://www.debian.org/security/2023/dsa-5507", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5507" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html" } ] }, diff --git a/2023/40xxx/CVE-2023-40167.json b/2023/40xxx/CVE-2023-40167.json index 0a39ac112b0..d319196254f 100644 --- a/2023/40xxx/CVE-2023-40167.json +++ b/2023/40xxx/CVE-2023-40167.json @@ -80,6 +80,11 @@ "url": "https://www.debian.org/security/2023/dsa-5507", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5507" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html", + "refsource": "MISC", + "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html" } ] }, diff --git a/2023/5xxx/CVE-2023-5304.json b/2023/5xxx/CVE-2023-5304.json index fecda8d126f..1274aab247f 100644 --- a/2023/5xxx/CVE-2023-5304.json +++ b/2023/5xxx/CVE-2023-5304.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5304", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /book-services.php of the component Service Booking. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-240943." + }, + { + "lang": "deu", + "value": "In Online Banquet Booking System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /book-services.php der Komponente Service Booking. Durch Beeinflussen des Arguments message mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Online Banquet Booking System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.240943", + "refsource": "MISC", + "name": "https://vuldb.com/?id.240943" + }, + { + "url": "https://vuldb.com/?ctiid.240943", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.240943" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/5xxx/CVE-2023-5305.json b/2023/5xxx/CVE-2023-5305.json index 57afb3430a5..fc70ae28449 100644 --- a/2023/5xxx/CVE-2023-5305.json +++ b/2023/5xxx/CVE-2023-5305.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5305", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /mail.php of the component Contact Us Page. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-240944." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Online Banquet Booking System 1.0 gefunden. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /mail.php der Komponente Contact Us Page. Dank der Manipulation des Arguments message mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Online Banquet Booking System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.240944", + "refsource": "MISC", + "name": "https://vuldb.com/?id.240944" + }, + { + "url": "https://vuldb.com/?ctiid.240944", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.240944" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "scumdestroy (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/5xxx/CVE-2023-5313.json b/2023/5xxx/CVE-2023-5313.json index 485b0d9d92b..65d279debe8 100644 --- a/2023/5xxx/CVE-2023-5313.json +++ b/2023/5xxx/CVE-2023-5313.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5313", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic was found in phpkobo Ajax Poll Script 3.18. Affected by this vulnerability is an unknown functionality of the file ajax-poll.php of the component Poll Handler. The manipulation leads to improper enforcement of a single, unique action. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240949 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In phpkobo Ajax Poll Script 3.18 wurde eine problematische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Datei ajax-poll.php der Komponente Poll Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine improper enforcement of a single, unique action-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-837 Improper Enforcement of a Single, Unique Action", + "cweId": "CWE-837" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "phpkobo", + "product": { + "product_data": [ + { + "product_name": "Ajax Poll Script", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.18" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.240949", + "refsource": "MISC", + "name": "https://vuldb.com/?id.240949" + }, + { + "url": "https://vuldb.com/?ctiid.240949", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.240949" + }, + { + "url": "https://github.com/tht1997/WhiteBox/blob/main/PHPKOBO/ajax_pool_script.md", + "refsource": "MISC", + "name": "https://github.com/tht1997/WhiteBox/blob/main/PHPKOBO/ajax_pool_script.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "huutuanbg97 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/5xxx/CVE-2023-5322.json b/2023/5xxx/CVE-2023-5322.json new file mode 100644 index 00000000000..9597f88ed23 --- /dev/null +++ b/2023/5xxx/CVE-2023-5322.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5322", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file