admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adds CVE

Browse Source
This commit is contained in:
erwanlr 2022-09-16 10:38:16 +02:00
parent a604d65735
commit c5d581c00d
15 changed files with 1228 additions and 229 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
2022/1xxx/CVE-2022-1194.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1194",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-1194",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Mobile Events Manager < 1.4.8 - Admin+ CSV Injection"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Mobile Events Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.4.8",
"version_value": "1.4.8"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/62be0991-f095-43cf-a167-3daaed254594",
"name": "https://wpscan.com/vulnerability/62be0991-f095-43cf-a167-3daaed254594"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Varun thorat"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/2xxx/CVE-2022-2351.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2351",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2351",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Post SMTP < 2.1.4 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Post SMTP Mailer/Email Log",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.1.4",
"version_value": "2.1.4"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability is disallowed."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/f3fda033-58f5-446d-ade4-2336a39bfb87",
"name": "https://wpscan.com/vulnerability/f3fda033-58f5-446d-ade4-2336a39bfb87"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad of Cloudyrion GmbH"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/2xxx/CVE-2022-2575.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2575",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2575",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WBW Currency Switcher for WooCommerce < 1.6.6 - Admin+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WBW Currency Switcher for WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.6.6",
"version_value": "1.6.6"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WBW Currency Switcher for WooCommerce WordPress plugin before 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/e934af78-9dfd-4e14-853d-dc453de6e365",
"name": "https://wpscan.com/vulnerability/e934af78-9dfd-4e14-853d-dc453de6e365"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Asif Nawaz Minhas"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/2xxx/CVE-2022-2635.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2635",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2635",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Autoptimize < 3.1.1 - Admin+ Stored Cross Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Autoptimize",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.1.1",
"version_value": "3.1.1"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Autoptimize WordPress plugin before 3.1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/219767a8-2427-42d5-8734-bd197d9ab46b",
"name": "https://wpscan.com/vulnerability/219767a8-2427-42d5-8734-bd197d9ab46b"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad of Cloudyrion GmbH"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

185
2022/2xxx/CVE-2022-2654.json
View File

@ -1,18 +1,171 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2654",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2654",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Classima < 2.1.11 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Classified Listing Classified ads & Business Directory Plugin",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.2.14",
"version_value": "2.2.14"
}
]
}
},
{
"product_name": "Classified Listing Pro - Classified ads & Business Directory Plugin",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.20",
"version_value": "2.0.20"
}
]
}
},
{
"product_name": "Classified Listing Store & Membership Addon",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.4.20",
"version_value": "1.4.20"
}
]
}
},
{
"product_name": "Classima Core",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.10",
"version_value": "1.10"
}
]
}
},
{
"product_name": "Classima",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.1.11",
"version_value": "2.1.11"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/845f44ca-f572-48d7-a19a-89cace0b8993",
"name": "https://wpscan.com/vulnerability/845f44ca-f572-48d7-a19a-89cace0b8993"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Team ISH Tecnologia (Thiago Martins"
},
{
"lang": "eng",
"value": "Jorge Buzeti"
},
{
"lang": "eng",
"value": "Leandro Inacio"
},
{
"lang": "eng",
"value": "Lucas de Souza"
},
{
"lang": "eng",
"value": "Matheus Oliveira"
},
{
"lang": "eng",
"value": "Filipe Baptistella"
},
{
"lang": "eng",
"value": "Leonardo Paiva"
},
{
"lang": "eng",
"value": "Jose Thomaz"
},
{
"lang": "eng",
"value": "Joao Maciel"
},
{
"lang": "eng",
"value": "Vinicius Pereira"
},
{
"lang": "eng",
"value": "Geovanni Campos"
},
{
"lang": "eng",
"value": "Hudson Nowak"
},
{
"lang": "eng",
"value": "Guilherme Acerbi) and Islan Ferreira."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

137
2022/2xxx/CVE-2022-2655.json
View File

@ -1,18 +1,123 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2655",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2655",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Classified Listing Pro < 2.0.20 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Classified Listing Pro - Classified ads & Business Directory Plugin",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.20",
"version_value": "2.0.20"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Classified Listing Pro WordPress plugin before 2.0.20 does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/acc9675a-56f6-411a-9594-07144c2aad1b",
"name": "https://wpscan.com/vulnerability/acc9675a-56f6-411a-9594-07144c2aad1b"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Team ISH Tecnologia (Thiago Martins"
},
{
"lang": "eng",
"value": "Jorge Buzeti"
},
{
"lang": "eng",
"value": "Leandro Inacio"
},
{
"lang": "eng",
"value": "Lucas de Souza"
},
{
"lang": "eng",
"value": "Matheus Oliveira"
},
{
"lang": "eng",
"value": "Filipe Baptistella"
},
{
"lang": "eng",
"value": "Leonardo Paiva"
},
{
"lang": "eng",
"value": "Jose Thomaz"
},
{
"lang": "eng",
"value": "Joao Maciel"
},
{
"lang": "eng",
"value": "Vinicius Pereira"
},
{
"lang": "eng",
"value": "Geovanni Campos"
},
{
"lang": "eng",
"value": "Hudson Nowak"
},
{
"lang": "eng",
"value": "Guilherme Acerbi) and Islan Ferreira."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/2xxx/CVE-2022-2669.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2669",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2669",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WP Taxonomy Import <= 1.0.4 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WP Taxonomy Import",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0.4",
"version_value": "1.0.4"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Taxonomy Import WordPress plugin through 1.0.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/792d9f22-abf6-47b2-a247-d0cdb705cd81",
"name": "https://wpscan.com/vulnerability/792d9f22-abf6-47b2-a247-d0cdb705cd81"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "kaikaix"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/2xxx/CVE-2022-2737.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2737",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2737",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WP STAGING < 2.9.18 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WP STAGING Backup Duplicator & Migration",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.9.18",
"version_value": "2.9.18"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP STAGING WordPress plugin before 2.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/91bbdeb0-f2df-4500-b856-af0ff68fbb12",
"name": "https://wpscan.com/vulnerability/91bbdeb0-f2df-4500-b856-af0ff68fbb12"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad of Cloudyrion GmbH"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/2xxx/CVE-2022-2798.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2798",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2798",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Affiliates Manager < 2.9.14 - Affiliate CSV Injection"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Affiliates Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.9.14",
"version_value": "2.9.14"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/f169567d-c682-4abe-94df-a9d00be90edd",
"name": "https://wpscan.com/vulnerability/f169567d-c682-4abe-94df-a9d00be90edd"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "nhatnam"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/2xxx/CVE-2022-2799.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2799",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2799",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Affiliates Manager < 2.9.14 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Affiliates Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.9.14",
"version_value": "2.9.14"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Affiliates Manager WordPress plugin before 2.9.14 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/4385370e-cf99-4249-b2c1-90cbfa8378a4",
"name": "https://wpscan.com/vulnerability/4385370e-cf99-4249-b2c1-90cbfa8378a4"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Mika"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/2xxx/CVE-2022-2863.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2863",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2863",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WPvivid Backup < 0.9.76 - Admin+ Arbitrary File Read"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Migration, Backup, Staging WPvivid",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0.9.76",
"version_value": "0.9.76"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/cb6a3304-2166-47a0-a011-4dcacaa133e5",
"name": "https://wpscan.com/vulnerability/cb6a3304-2166-47a0-a011-4dcacaa133e5"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Rodolfo Tavares"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

89
2022/2xxx/CVE-2022-2877.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2877",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2877",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Titan Anti-spam & Security < 7.3.1 - Protection Bypass due to IP Spoofing"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Titan Anti-spam & Security",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.3.1",
"version_value": "7.3.1"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/f1af4267-3a43-4b88-a8b9-c1d5b2aa9d68",
"name": "https://wpscan.com/vulnerability/f1af4267-3a43-4b88-a8b9-c1d5b2aa9d68"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/2xxx/CVE-2022-2887.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2887",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2887",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WP Server Health Stats < 1.7.0 - Admin+ Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WP Server Health Stats",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.7.0",
"version_value": "1.7.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Server Health Stats WordPress plugin before 1.7.0 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/237541d5-c1a5-44f2-8e5f-82457b8f9497",
"name": "https://wpscan.com/vulnerability/237541d5-c1a5-44f2-8e5f-82457b8f9497"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Mika"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

87
2022/2xxx/CVE-2022-2912.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2912",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2912",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Craw Data <= 1.0.0 - Server Side Request Forgery"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Craw Data",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0.0",
"version_value": "1.0.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Craw Data WordPress plugin through 1.0.0 does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party sites (SSRF)."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/fd9853e8-b3ae-4a10-8389-8a4a11a8297c",
"name": "https://wpscan.com/vulnerability/fd9853e8-b3ae-4a10-8389-8a4a11a8297c"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Dhanesh Sivasamy"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

89
2022/2xxx/CVE-2022-2913.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2913",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2022-2913",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Login No Captcha reCAPTCHA < 1.7 - IP Check Bypass"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Login No Captcha reCAPTCHA",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.7",
"version_value": "1.7"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/5231ac18-ea9a-4bb9-af9f-e3d95a3b54f1",
"name": "https://wpscan.com/vulnerability/5231ac18-ea9a-4bb9-af9f-e3d95a3b54f1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
}
],
"source": {
"discovery": "EXTERNAL"
}
}