From bb8a67d0ccd2b52c24358bdd95a4272a7dc4d39c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 20 Feb 2025 05:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/13xxx/CVE-2024-13445.json | 76 ++++++++++++++++++++++++++++++++-- 2025/27xxx/CVE-2025-27218.json | 62 +++++++++++++++++++++++++++ 2025/27xxx/CVE-2025-27219.json | 18 ++++++++ 2025/27xxx/CVE-2025-27220.json | 18 ++++++++ 2025/27xxx/CVE-2025-27221.json | 18 ++++++++ 2025/27xxx/CVE-2025-27222.json | 18 ++++++++ 2025/27xxx/CVE-2025-27223.json | 18 ++++++++ 2025/27xxx/CVE-2025-27224.json | 18 ++++++++ 2025/27xxx/CVE-2025-27225.json | 18 ++++++++ 9 files changed, 260 insertions(+), 4 deletions(-) create mode 100644 2025/27xxx/CVE-2025-27218.json create mode 100644 2025/27xxx/CVE-2025-27219.json create mode 100644 2025/27xxx/CVE-2025-27220.json create mode 100644 2025/27xxx/CVE-2025-27221.json create mode 100644 2025/27xxx/CVE-2025-27222.json create mode 100644 2025/27xxx/CVE-2025-27223.json create mode 100644 2025/27xxx/CVE-2025-27224.json create mode 100644 2025/27xxx/CVE-2025-27225.json diff --git a/2024/13xxx/CVE-2024-13445.json b/2024/13xxx/CVE-2024-13445.json index 6ad2e8fc438..e24542f71d6 100644 --- a/2024/13xxx/CVE-2024-13445.json +++ b/2024/13xxx/CVE-2024-13445.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13445", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Elementor Website Builder \u2013 More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the border, margin and gap parameters in all versions up to, and including, 3.27.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "elemntor", + "product": { + "product_data": [ + { + "product_name": "Elementor Website Builder \u2013 More Than Just a Page Builder", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.27.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8a11e702-34d2-49ee-8762-cc3614a7950a?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8a11e702-34d2-49ee-8762-cc3614a7950a?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3241278%40elementor%2Ftrunk&old=3239949%40elementor%2Ftrunk&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3241278%40elementor%2Ftrunk&old=3239949%40elementor%2Ftrunk&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "D.Sim" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2025/27xxx/CVE-2025-27218.json b/2025/27xxx/CVE-2025-27218.json new file mode 100644 index 00000000000..b210d280ca9 --- /dev/null +++ b/2025/27xxx/CVE-2025-27218.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2025-27218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through insecure deserialization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003535", + "refsource": "MISC", + "name": "https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003535" + } + ] + } +} \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27219.json b/2025/27xxx/CVE-2025-27219.json new file mode 100644 index 00000000000..14965e2ca75 --- /dev/null +++ b/2025/27xxx/CVE-2025-27219.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-27219", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27220.json b/2025/27xxx/CVE-2025-27220.json new file mode 100644 index 00000000000..cb09b14fc3e --- /dev/null +++ b/2025/27xxx/CVE-2025-27220.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-27220", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27221.json b/2025/27xxx/CVE-2025-27221.json new file mode 100644 index 00000000000..856172b0978 --- /dev/null +++ b/2025/27xxx/CVE-2025-27221.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-27221", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27222.json b/2025/27xxx/CVE-2025-27222.json new file mode 100644 index 00000000000..1f351fb3afa --- /dev/null +++ b/2025/27xxx/CVE-2025-27222.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-27222", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27223.json b/2025/27xxx/CVE-2025-27223.json new file mode 100644 index 00000000000..3f8e5f89f4c --- /dev/null +++ b/2025/27xxx/CVE-2025-27223.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-27223", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27224.json b/2025/27xxx/CVE-2025-27224.json new file mode 100644 index 00000000000..c2f743a877e --- /dev/null +++ b/2025/27xxx/CVE-2025-27224.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-27224", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/27xxx/CVE-2025-27225.json b/2025/27xxx/CVE-2025-27225.json new file mode 100644 index 00000000000..660b5dfaed5 --- /dev/null +++ b/2025/27xxx/CVE-2025-27225.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-27225", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file