From bb112414abd60268a2c1885b7d30f07b24263669 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 10 Apr 2023 14:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/39xxx/CVE-2022-39048.json | 61 ++++++++++++++++++++++--- 2022/4xxx/CVE-2022-4827.json | 81 +++++++++++++++++++++++++++++++--- 2023/0xxx/CVE-2023-0156.json | 72 +++++++++++++++++++++++++++--- 2023/0xxx/CVE-2023-0157.json | 72 +++++++++++++++++++++++++++--- 2023/0xxx/CVE-2023-0363.json | 72 +++++++++++++++++++++++++++--- 2023/0xxx/CVE-2023-0422.json | 81 +++++++++++++++++++++++++++++++--- 2023/0xxx/CVE-2023-0423.json | 72 +++++++++++++++++++++++++++--- 2023/0xxx/CVE-2023-0546.json | 72 +++++++++++++++++++++++++++--- 2023/0xxx/CVE-2023-0605.json | 72 +++++++++++++++++++++++++++--- 2023/0xxx/CVE-2023-0874.json | 72 +++++++++++++++++++++++++++--- 2023/0xxx/CVE-2023-0893.json | 72 +++++++++++++++++++++++++++--- 2023/0xxx/CVE-2023-0983.json | 72 +++++++++++++++++++++++++++--- 2023/1xxx/CVE-2023-1120.json | 72 +++++++++++++++++++++++++++--- 2023/1xxx/CVE-2023-1121.json | 72 +++++++++++++++++++++++++++--- 2023/1xxx/CVE-2023-1122.json | 72 +++++++++++++++++++++++++++--- 2023/1xxx/CVE-2023-1406.json | 72 +++++++++++++++++++++++++++--- 2023/1xxx/CVE-2023-1425.json | 72 +++++++++++++++++++++++++++--- 2023/1xxx/CVE-2023-1426.json | 81 +++++++++++++++++++++++++++++++--- 2023/1xxx/CVE-2023-1478.json | 72 +++++++++++++++++++++++++++--- 2023/24xxx/CVE-2023-24181.json | 66 ++++++++++++++++++++++++--- 2023/25xxx/CVE-2023-25392.json | 61 ++++++++++++++++++++++--- 21 files changed, 1403 insertions(+), 108 deletions(-) diff --git a/2022/39xxx/CVE-2022-39048.json b/2022/39xxx/CVE-2022-39048.json index cfc09d2451c..150ed951345 100644 --- a/2022/39xxx/CVE-2022-39048.json +++ b/2022/39xxx/CVE-2022-39048.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-39048", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-39048", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ServiceNow Tokyo allows XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.servicenow.com", + "refsource": "MISC", + "name": "https://support.servicenow.com" + }, + { + "refsource": "MISC", + "name": "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1221892", + "url": "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1221892" } ] } diff --git a/2022/4xxx/CVE-2022-4827.json b/2022/4xxx/CVE-2022-4827.json index b2a2722ce03..a7578147b60 100644 --- a/2022/4xxx/CVE-2022-4827.json +++ b/2022/4xxx/CVE-2022-4827.json @@ -1,18 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4827", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Tiles WordPress plugin through 1.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Tiles", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "versionType": "custom", + "version": "0", + "lessThanOrEqual": "1.1.2" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/f2a922ac-6bc9-4caa-b1cc-9ca9cff4bd51", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/f2a922ac-6bc9-4caa-b1cc-9ca9cff4bd51" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0156.json b/2023/0xxx/CVE-2023-0156.json index 009b3f370e2..299f9424a69 100644 --- a/2023/0xxx/CVE-2023-0156.json +++ b/2023/0xxx/CVE-2023-0156.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0156", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user (admin+) to view the contents of arbitrary files and list directories anywhere on the server (to which the web server has access). The plugin only displays the last 50 lines of the file." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "All-In-One Security (AIOS)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "5.1.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/caf1dbb5-197e-41e9-8f48-ba1f2360a759", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/caf1dbb5-197e-41e9-8f48-ba1f2360a759" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Bart\u0142omiej Marek" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0157.json b/2023/0xxx/CVE-2023-0157.json index 74d150d3437..72703e148bc 100644 --- a/2023/0xxx/CVE-2023-0157.json +++ b/2023/0xxx/CVE-2023-0157.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0157", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user (admin+) to plant bogus log files containing malicious JavaScript code that will be executed in the context of any administrator visiting this page." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "All-In-One Security (AIOS)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "5.1.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/8248b550-6485-4108-a701-8446ffa35f06", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/8248b550-6485-4108-a701-8446ffa35f06" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Bart\u0142omiej Marek" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0363.json b/2023/0xxx/CVE-2023-0363.json index d74c60c7de0..87c4ef6e383 100644 --- a/2023/0xxx/CVE-2023-0363.json +++ b/2023/0xxx/CVE-2023-0363.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0363", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Scheduled Announcements Widget WordPress plugin before 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Scheduled Announcements Widget", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/6d332a47-e96c-455b-9e8f-db6dbb59b518", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/6d332a47-e96c-455b-9e8f-db6dbb59b518" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0422.json b/2023/0xxx/CVE-2023-0422.json index ee7635f6c47..ed638b4546a 100644 --- a/2023/0xxx/CVE-2023-0422.json +++ b/2023/0xxx/CVE-2023-0422.json @@ -1,18 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0422", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Article Directory WordPress plugin through 1.3 does not properly sanitize the `publish_terms_text` setting before displaying it in the administration panel, which may enable administrators to conduct Stored XSS attacks in multisite contexts." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Article Directory", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "versionType": "custom", + "version": "0", + "lessThanOrEqual": "1.3" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/d57f2fb2-5251-4069-8c9a-a4af269c5e62", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/d57f2fb2-5251-4069-8c9a-a4af269c5e62" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Shreya Pohekar" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0423.json b/2023/0xxx/CVE-2023-0423.json index 990f1d0bc12..9d311a92745 100644 --- a/2023/0xxx/CVE-2023-0423.json +++ b/2023/0xxx/CVE-2023-0423.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0423", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WordPress Amazon S3 Plugin WordPress plugin before 1.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WordPress Amazon S3 Plugin", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/73d588d7-26ae-42e2-8282-aa02bcb109b6", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/73d588d7-26ae-42e2-8282-aa02bcb109b6" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Shreya Pohekar" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0546.json b/2023/0xxx/CVE-2023-0546.json index 0a1058efa12..b4210019214 100644 --- a/2023/0xxx/CVE-2023-0546.json +++ b/2023/0xxx/CVE-2023-0546.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0546", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger for any visitor to the form or admins previewing or editing the form." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Contact Form Plugin", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.3.25" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/078f33cd-0f5c-46fe-b858-2107a09c6b69", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/078f33cd-0f5c-46fe-b858-2107a09c6b69" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Vaibhav Rajput" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0605.json b/2023/0xxx/CVE-2023-0605.json index b3d2bd418e0..2826d046a4b 100644 --- a/2023/0xxx/CVE-2023-0605.json +++ b/2023/0xxx/CVE-2023-0605.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0605", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Auto Rename Media On Upload WordPress plugin before 1.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Auto Rename Media On Upload", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/57267c3c-d55e-4b37-a6d0-c5cd8569625c", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/57267c3c-d55e-4b37-a6d0-c5cd8569625c" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "caoyebo" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0874.json b/2023/0xxx/CVE-2023-0874.json index 890e902dc33..a0cd985aa60 100644 --- a/2023/0xxx/CVE-2023-0874.json +++ b/2023/0xxx/CVE-2023-0874.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0874", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Klaviyo WordPress plugin before 3.0.10 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Klaviyo", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "3.0.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/495e39db-793d-454b-9ef1-dd91cae2c49b", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/495e39db-793d-454b-9ef1-dd91cae2c49b" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Rafshanzani Suhada" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0893.json b/2023/0xxx/CVE-2023-0893.json index 4864ce5634b..65b89ce3f4a 100644 --- a/2023/0xxx/CVE-2023-0893.json +++ b/2023/0xxx/CVE-2023-0893.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0893", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Time Sheets WordPress plugin before 1.29.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Time Sheets", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.29.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/fd6ef6ee-15e9-44ac-a2db-976393a3b71a", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/fd6ef6ee-15e9-44ac-a2db-976393a3b71a" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Shreya Pohekar" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0983.json b/2023/0xxx/CVE-2023-0983.json index ac58dfef795..f3a369c3d5f 100644 --- a/2023/0xxx/CVE-2023-0983.json +++ b/2023/0xxx/CVE-2023-0983.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0983", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The stylish-cost-calculator-premium WordPress plugin before 7.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Stored Cross-Site Scripting which could be used against admins when viewing submissions submitted through the Email Quote Form." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Stylish Cost Calculator Premium", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "7.9.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/73353221-3e6d-44e8-bf41-55a0fe57d81f", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/73353221-3e6d-44e8-bf41-55a0fe57d81f" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Flaviu Popescu" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1120.json b/2023/1xxx/CVE-2023-1120.json index 4376bc562fa..203b13d2d06 100644 --- a/2023/1xxx/CVE-2023-1120.json +++ b/2023/1xxx/CVE-2023-1120.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-1120", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Simple Giveaways", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2.45.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/c2defd30-7e4c-4a28-8a68-282429061f3f", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/c2defd30-7e4c-4a28-8a68-282429061f3f" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "ipatelsumit" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1121.json b/2023/1xxx/CVE-2023-1121.json index af7ae9888d9..1cca319d5b3 100644 --- a/2023/1xxx/CVE-2023-1121.json +++ b/2023/1xxx/CVE-2023-1121.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-1121", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Simple Giveaways", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2.45.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/7ead9fb9-d81f-47c6-a1b4-21f29183cc15", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/7ead9fb9-d81f-47c6-a1b4-21f29183cc15" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Varun" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1122.json b/2023/1xxx/CVE-2023-1122.json index e7f0dca2393..efd3368e580 100644 --- a/2023/1xxx/CVE-2023-1122.json +++ b/2023/1xxx/CVE-2023-1122.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-1122", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Simple Giveaways", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2.45.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/71f5d630-2726-48c7-b9e5-7bebc786b561", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/71f5d630-2726-48c7-b9e5-7bebc786b561" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Varun" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1406.json b/2023/1xxx/CVE-2023-1406.json index b44734b66d8..6599b22b9ac 100644 --- a/2023/1xxx/CVE-2023-1406.json +++ b/2023/1xxx/CVE-2023-1406.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-1406", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "JetEngine", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "3.1.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/2a81b6b1-2339-4889-9c28-1af133df8b65", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/2a81b6b1-2339-4889-9c28-1af133df8b65" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "R3zk0n" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1425.json b/2023/1xxx/CVE-2023-1425.json index ea8f3a77209..087ba9eb785 100644 --- a/2023/1xxx/CVE-2023-1425.json +++ b/2023/1xxx/CVE-2023-1425.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-1425", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner \u2014 Groundhogg WordPress plugin before 2.7.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WordPress CRM, Email & Marketing Automation for WordPress | Award Winner \u2014 Groundhogg", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2.7.9.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/578f4179-e7be-4963-9379-5e694911b451", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/578f4179-e7be-4963-9379-5e694911b451" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "rSolutions Security Team" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1426.json b/2023/1xxx/CVE-2023-1426.json index 79ed90cc937..2afcf4baf9f 100644 --- a/2023/1xxx/CVE-2023-1426.json +++ b/2023/1xxx/CVE-2023-1426.json @@ -1,18 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-1426", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Information Exposure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Tiles", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "versionType": "custom", + "version": "0", + "lessThanOrEqual": "1.1.2" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/fdd79bb4-d434-4635-bb2b-84d079ecc746", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/fdd79bb4-d434-4635-bb2b-84d079ecc746" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Erwan LR (WPScan)" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1478.json b/2023/1xxx/CVE-2023-1478.json index 46943146b69..404e858eee0 100644 --- a/2023/1xxx/CVE-2023-1478.json +++ b/2023/1xxx/CVE-2023-1478.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-1478", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Hummingbird WordPress plugin before 3.4.2 does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Hummingbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "3.4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/512a9ba4-01c0-4614-a991-efdc7fe51abe", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/512a9ba4-01c0-4614-a991-efdc7fe51abe" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Karol Mazurek (AFINE)" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/24xxx/CVE-2023-24181.json b/2023/24xxx/CVE-2023-24181.json index 1b489185fb7..d300feeafe1 100644 --- a/2023/24xxx/CVE-2023-24181.json +++ b/2023/24xxx/CVE-2023-24181.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-24181", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-24181", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openwrt/luci/commit/25983b9fa572a640a7ecd077378df2790266cd61", + "refsource": "MISC", + "name": "https://github.com/openwrt/luci/commit/25983b9fa572a640a7ecd077378df2790266cd61" + }, + { + "url": "https://github.com/openwrt/luci/commit/749268a2cad4a08722e30f66a578e254885f450f", + "refsource": "MISC", + "name": "https://github.com/openwrt/luci/commit/749268a2cad4a08722e30f66a578e254885f450f" + }, + { + "refsource": "MISC", + "name": "https://github.com/ABB-EL/external-vulnerability-disclosures/security/advisories/GHSA-9gqg-pp5p-q9hg", + "url": "https://github.com/ABB-EL/external-vulnerability-disclosures/security/advisories/GHSA-9gqg-pp5p-q9hg" } ] } diff --git a/2023/25xxx/CVE-2023-25392.json b/2023/25xxx/CVE-2023-25392.json index 60c3b961d3a..36daa690799 100644 --- a/2023/25xxx/CVE-2023-25392.json +++ b/2023/25xxx/CVE-2023-25392.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-25392", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-25392", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Allegro Tech BigFlow <1.6 is vulnerable to Missing SSL Certificate Validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/allegro/bigflow/pull/357", + "refsource": "MISC", + "name": "https://github.com/allegro/bigflow/pull/357" + }, + { + "refsource": "MISC", + "name": "https://lutrasecurity.com/en/articles/cve-2023-25392/", + "url": "https://lutrasecurity.com/en/articles/cve-2023-25392/" } ] }