admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adds CVEs

Browse Source
This commit is contained in:
erwanlr 2022-05-23 09:13:24 +02:00
parent f8fa73a38d
commit c1553e380b
12 changed files with 869 additions and 180 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
2022/0xxx/CVE-2022-0346.json
View File

@ -1,18 +1,75 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2022-0346",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2022-0346", "TITLE": "Google XML Sitemap Generator < 2.0.4 - Reflected Cross-Site Scripting"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "XML Sitemap Generator for Google",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.4",
"version_value": "2.0.4"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/4b339390-d71a-44e0-8682-51a12bd2bfe6",
"name": "https://wpscan.com/vulnerability/4b339390-d71a-44e0-8682-51a12bd2bfe6"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zając"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

87
2022/0xxx/CVE-2022-0781.json
View File

@ -1,18 +1,75 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2022-0781",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2022-0781", "TITLE": "Nirweb support < 2.8.2 - Unauthenticated SQLi"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Nirweb support",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.8.2",
"version_value": "2.8.2"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL injection"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/1a8f9c7b-a422-4f45-a516-c3c14eb05161",
"name": "https://wpscan.com/vulnerability/1a8f9c7b-a422-4f45-a516-c3c14eb05161"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "cydave"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

87
2022/1xxx/CVE-2022-1014.json
View File

@ -1,18 +1,75 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2022-1014",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2022-1014", "TITLE": "WP Contacts Manager <= 2.2.4 - Unauthenticated SQLi"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WP Contacts Manager",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.2.4",
"version_value": "2.2.4"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/eb9e202d-04aa-4343-86a2-4aa2edaa7f6b",
"name": "https://wpscan.com/vulnerability/eb9e202d-04aa-4343-86a2-4aa2edaa7f6b"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "cydave"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

87
2022/1xxx/CVE-2022-1093.json
View File

@ -1,18 +1,75 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2022-1093",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2022-1093", "TITLE": "WP Meta SEO < 4.4.7 - Admin+ Stored Cross-Site Scripting via breadcrumbs"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WP Meta SEO",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.4.7",
"version_value": "4.4.7"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/57017050-811e-474d-8256-33d19d4c0553",
"name": "https://wpscan.com/vulnerability/57017050-811e-474d-8256-33d19d4c0553"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Victor Pasman"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

87
2022/1xxx/CVE-2022-1192.json
View File

@ -1,18 +1,75 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2022-1192",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2022-1192", "TITLE": "Turn off all comments <= 1.0 - Reflected Cross-Site Scripting"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Turn off all comments",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "1.0"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Turn off all comments WordPress plugin through 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/18660c71-5a89-4ef6-b0dd-7a166e3449d6",
"name": "https://wpscan.com/vulnerability/18660c71-5a89-4ef6-b0dd-7a166e3449d6"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "p7e4"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

87
2022/1xxx/CVE-2022-1218.json
View File

@ -1,18 +1,75 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2022-1218",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2022-1218", "TITLE": "Domain Replace <= 1.3.8 - Reflected Cross-Site Scripting"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Domain Replace",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.3.8",
"version_value": "1.3.8"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Domain Replace WordPress plugin through 1.3.8 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/fc1e8681-9229-4645-bc22-4897522d0c65",
"name": "https://wpscan.com/vulnerability/fc1e8681-9229-4645-bc22-4897522d0c65"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "p7e4"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

87
2022/1xxx/CVE-2022-1221.json
View File

@ -1,18 +1,75 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2022-1221",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2022-1221", "TITLE": "Gwyn's Imagemap Selector <= 0.3.3 - Reflected Cross-Site Scripting"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Gwyn's Imagemap Selector",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.3.3",
"version_value": "0.3.3"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/641be9f6-2f74-4386-b16e-4b9488f0d2a9",
"name": "https://wpscan.com/vulnerability/641be9f6-2f74-4386-b16e-4b9488f0d2a9"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "p7e4"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

87
2022/1xxx/CVE-2022-1268.json
View File

@ -1,18 +1,75 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2022-1268",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2022-1268", "TITLE": "Donate Extra <= 2.02 - Reflected Cross-Site Scripting"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Donate Extra",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.02",
"version_value": "2.02"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Donate Extra WordPress plugin through 2.02 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/6d596afb-cac3-4ef2-9742-235c068d1006",
"name": "https://wpscan.com/vulnerability/6d596afb-cac3-4ef2-9742-235c068d1006"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "p7e4"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

87
2022/1xxx/CVE-2022-1298.json
View File

@ -1,18 +1,75 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2022-1298",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2022-1298", "TITLE": "Tabs Responsive < 2.2.8 - Editor+ Stored Cross-Site Scripting"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Tabs",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.2.8",
"version_value": "2.2.8"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/e124d1ab-3e02-4ca5-8218-ce635e8bf074",
"name": "https://wpscan.com/vulnerability/e124d1ab-3e02-4ca5-8218-ce635e8bf074"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Fayçal CHENA"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

87
2022/1xxx/CVE-2022-1320.json
View File

@ -1,18 +1,75 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2022-1320",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2022-1320", "TITLE": "Sliderby10Web < 1.2.52 - Admin+ Stored Cross-Site Scripting"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Sliderby10Web",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.2.52",
"version_value": "1.2.52"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/43581d6b-333a-48d9-a1ae-b9479da8ff87",
"name": "https://wpscan.com/vulnerability/43581d6b-333a-48d9-a1ae-b9479da8ff87"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Fayçal CHENA"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

87
2022/1xxx/CVE-2022-1547.json
View File

@ -1,18 +1,75 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2022-1547",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2022-1547", "TITLE": "Check & Log email < 1.0.6 - Reflected Cross-Site Scripting"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Check & Log Email",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.6",
"version_value": "1.0.6"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/83eca346-7045-414e-81fc-e0d9b735f0bd",
"name": "https://wpscan.com/vulnerability/83eca346-7045-414e-81fc-e0d9b735f0bd"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "7coo and JrXnm"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

92
2022/1xxx/CVE-2022-1558.json
View File

@ -1,18 +1,80 @@
{ {
"data_type": "CVE", "CVE_data_meta": {
"data_format": "MITRE", "ID": "CVE-2022-1558",
"data_version": "4.0", "ASSIGNER": "contact@wpscan.com",
"CVE_data_meta": { "STATE": "PUBLIC",
"ID": "CVE-2022-1558", "TITLE": "Curtain <= 1.0.2 - Admin+ Stored Cross-Site Scripting"
"ASSIGNER": "cve@mitre.org", },
"STATE": "RESERVED" "data_format": "MITRE",
}, "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "generator": "WPScan CVE Generator",
{ "affects": {
"lang": "eng", "vendor": {
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "vendor_data": [
} {
] "vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Curtain",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0.2",
"version_value": "1.0.2"
}
]
}
}
]
}
}
]
} }
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Curtain WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/0414dad4-e90b-4122-8b77-a8a958ab824d",
"name": "https://wpscan.com/vulnerability/0414dad4-e90b-4122-8b77-a8a958ab824d"
},
{
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/166839/",
"name": "https://packetstormsecurity.com/files/166839/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Hassan Khan Yusufzai"
}
],
"source": {
"discovery": "EXTERNAL"
}
} }