admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adds CVEs

Browse Source
This commit is contained in:
erwanlr 2021-07-12 17:18:45 +02:00
parent 7cc9647afc
commit c764b026e6
18 changed files with 1376 additions and 279 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
2021/24xxx/CVE-2021-24365.json
View File

@ -1,18 +1,96 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24365",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24365",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Admin Columns Free (< 4.3.2) & Pro (< 5.5.2) - Authenticated Stored Cross-Site Scripting (XSS) in Custom Field"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AdminColumns",
"product": {
"product_data": [
{
"product_name": "Admin Columns",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.3.2",
"version_value": "4.3.2"
}
]
}
},
{
"product_name": "Admin Columns Pro",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.5.2",
"version_value": "5.5.2"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type \"Custom Field\" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of \"Custom Field\" columns."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/fdbeb137-b404-46c7-85fb-394a3bdac388",
"name": "https://wpscan.com/vulnerability/fdbeb137-b404-46c7-85fb-394a3bdac388"
},
{
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-032.txt",
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-032.txt"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Johannes Lauinger"
},
{
"lang": "eng",
"value": "SySS GmbH"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

99
2021/24xxx/CVE-2021-24385.json
View File

@ -1,18 +1,85 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24385",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24385",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Filebird 4.7.3 - Unauthenticated SQL Injection "
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ninja Team",
"product": {
"product_data": [
{
"product_name": "FileBird WordPress Media Library Folders & File Manager",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "4.7.3",
"version_value": "4.7.3"
},
{
"version_affected": "<",
"version_name": "4.7.4",
"version_value": "4.7.4"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the get_col function and it allows SQL injection. The Rest API endpoint which invokes this function also does not have any required permissions/authentication and can be accessed by an anonymous user."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/754ac750-0262-4f65-b23e-d5523995fbfa",
"name": "https://wpscan.com/vulnerability/754ac750-0262-4f65-b23e-d5523995fbfa"
},
{
"refsource": "MISC",
"url": "https://10up.com/blog/2021/security-vulnerability-filebird-wordpress-plugin/",
"name": "https://10up.com/blog/2021/security-vulnerability-filebird-wordpress-plugin/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ravi Chandra (10up)"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

89
2021/24xxx/CVE-2021-24408.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24408",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24408",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Prismatic < 2.8 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jeff Starr",
"product": {
"product_data": [
{
"product_name": "Prismatic",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.8",
"version_value": "2.8"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS trigger able in the frontend, however, higher privilege users, such as editor could exploit this without the need of approval, and even when the blog disallows the unfiltered_html capability."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/51855853-e7bd-425f-802c-824209f4f84d",
"name": "https://wpscan.com/vulnerability/51855853-e7bd-425f-802c-824209f4f84d"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

89
2021/24xxx/CVE-2021-24409.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24409",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24409",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Prismatic < 2.8 - Reflected Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jeff Starr",
"product": {
"product_data": [
{
"product_name": "Prismatic",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.8",
"version_value": "2.8"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/ae3cd3ed-aecd-4d8c-8a2b-2936aaaef0cf",
"name": "https://wpscan.com/vulnerability/ae3cd3ed-aecd-4d8c-8a2b-2936aaaef0cf"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

94
2021/24xxx/CVE-2021-24418.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24418",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24418",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Smooth Scroll Page Up/Down Buttons <= 1.4 - Authenticated Stored XSS via psb_positioning"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mark Senff",
"product": {
"product_data": [
{
"product_name": "Smooth Scroll Page Up/Down Buttons",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.4",
"version_value": "1.4"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 does not properly sanitise and validate its psb_positioning settings, allowing high privilege users such as admin to set an XSS payload in it, which will be executed in all pages of the blog"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/1512bba9-89e2-493d-b85d-10c7acb903db",
"name": "https://wpscan.com/vulnerability/1512bba9-89e2-493d-b85d-10c7acb903db"
},
{
"refsource": "MISC",
"url": "https://m0ze.ru/vulnerability/[2021-04-29]-[WordPress]-[CWE-79]-Smooth-Scroll-Page-UpDown-Buttons-WordPress-Plugin-v1.4.txt",
"name": "https://m0ze.ru/vulnerability/[2021-04-29]-[WordPress]-[CWE-79]-Smooth-Scroll-Page-UpDown-Buttons-WordPress-Plugin-v1.4.txt"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

92
2021/24xxx/CVE-2021-24419.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24419",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24419",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WP YouTube Lyte < 1.7.16 - Authenticated Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WP YouTube Lyte",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.7.16",
"version_value": "1.7.16"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP YouTube Lyte WordPress plugin before 1.7.16 did not sanitise or escape its lyte_yt_api_key and lyte_notification settings before outputting them back in the page, allowing high privilege users to set XSS payload on them and leading to stored Cross-Site Scripting issues."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/0eeff1ee-d11e-4d52-a032-5f5bd8a6a2d7",
"name": "https://wpscan.com/vulnerability/0eeff1ee-d11e-4d52-a032-5f5bd8a6a2d7"
},
{
"refsource": "MISC",
"url": "https://m0ze.ru/vulnerability/[2021-05-03]-[WordPress]-[CWE-79]-WP-YouTube-Lyte-WordPress-Plugin-v1.7.15.txt",
"name": "https://m0ze.ru/vulnerability/[2021-05-03]-[WordPress]-[CWE-79]-WP-YouTube-Lyte-WordPress-Plugin-v1.7.15.txt"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

87
2021/24xxx/CVE-2021-24420.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24420",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24420",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Request a Quote < 2.3.4 - Authenticated Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Request a Quote",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.3.4",
"version_value": "2.3.4"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Request a Quote WordPress plugin before 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the 'All Quotes\" table."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/426eafb1-0261-4e7e-8c70-75bf4c476f18",
"name": "https://wpscan.com/vulnerability/426eafb1-0261-4e7e-8c70-75bf4c476f18"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ajay Sandipan Thorbole"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

92
2021/24xxx/CVE-2021-24421.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24421",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24421",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WP JobSearch < 1.7.4 - Authenticated Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WP JobSearch",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.7.4",
"version_value": "1.7.4"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/b378d36d-66d9-4373-a628-e379e4766375",
"name": "https://wpscan.com/vulnerability/b378d36d-66d9-4373-a628-e379e4766375"
},
{
"refsource": "MISC",
"url": "https://m0ze.ru/vulnerability/[2021-05-19]-[WordPress]-[CWE-79]-WP-JobSearch-WordPress-Plugin-v1.7.3.txt",
"name": "https://m0ze.ru/vulnerability/[2021-05-19]-[WordPress]-[CWE-79]-WP-JobSearch-WordPress-Plugin-v1.7.3.txt"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

92
2021/24xxx/CVE-2021-24424.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24424",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24424",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WP Reset < 1.90 - Authenticated Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WP Reset Most Advanced WordPress Reset Tool",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.90",
"version_value": "1.90"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Reset Most Advanced WordPress Reset Tool WordPress plugin before 1.90 did not sanitise or escape its extra_data parameter when creating a snapshot via the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/90cf8f9d-4d37-405d-b161-239bdb281828",
"name": "https://wpscan.com/vulnerability/90cf8f9d-4d37-405d-b161-239bdb281828"
},
{
"refsource": "MISC",
"url": "https://m0ze.ru/vulnerability/[2021-05-26]-[WordPress]-[CWE-79]-WP-Reset-WordPress-Plugin-v1.86.txt",
"name": "https://m0ze.ru/vulnerability/[2021-05-26]-[WordPress]-[CWE-79]-WP-Reset-WordPress-Plugin-v1.86.txt"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

92
2021/24xxx/CVE-2021-24426.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24426",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24426",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Backup by 10Web <= 1.0.20 - Reflected Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Backup by 10Web Backup and Restore Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0.20",
"version_value": "1.0.20"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Backup by 10Web Backup and Restore Plugin WordPress plugin through 1.0.20 does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/48464b3f-fe57-40fe-8868-398a36099fb9",
"name": "https://wpscan.com/vulnerability/48464b3f-fe57-40fe-8868-398a36099fb9"
},
{
"refsource": "MISC",
"url": "https://m0ze.ru/vulnerability/[2021-05-23]-[WordPress]-[CWE-79]-Backup-by-10Web-WordPress-Plugin-v1.0.20.txt",
"name": "https://m0ze.ru/vulnerability/[2021-05-23]-[WordPress]-[CWE-79]-Backup-by-10Web-WordPress-Plugin-v1.0.20.txt"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

94
2021/24xxx/CVE-2021-24427.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24427",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24427",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "W3 Total Cache < 2.1.3 - Authenticated Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "BoldGrid",
"product": {
"product_data": [
{
"product_name": "W3 Total Cache",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.1.3",
"version_value": "2.1.3"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/5da5ce9a-82a6-404f-8dec-795d7905b3f9",
"name": "https://wpscan.com/vulnerability/5da5ce9a-82a6-404f-8dec-795d7905b3f9"
},
{
"refsource": "MISC",
"url": "https://m0ze.ru/vulnerability/[2021-04-25]-[WordPress]-[CWE-79]-W3-Total-Cache-WordPress-Plugin-v2.1.2.txt",
"name": "https://m0ze.ru/vulnerability/[2021-04-25]-[WordPress]-[CWE-79]-W3-Total-Cache-WordPress-Plugin-v2.1.2.txt"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

89
2021/24xxx/CVE-2021-24429.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24429",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24429",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Salon Booking System < 6.3.1 - Unauthenticated Stored Cross-Site Scripting (XSS) "
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Salon Booking System",
"product": {
"product_data": [
{
"product_name": "Salon booking system",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.3.1",
"version_value": "6.3.1"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting (XSS) vulnerability. The Payload will then be triggered when an admin visits the \"Calendar\" page and the malicious script is executed in the admin context."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/e922b788-7da5-43b4-9b05-839c8610252a",
"name": "https://wpscan.com/vulnerability/e922b788-7da5-43b4-9b05-839c8610252a"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Phu Tran from techlabcorp.com"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

87
2021/24xxx/CVE-2021-24434.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24434",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24434",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Glass <= 1.3.2 - CSRF to Stored Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Glass",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.3.2",
"version_value": "1.3.2"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Glass WordPress plugin through 1.3.2 does not sanitise or escape its \"Glass Pages\" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin did not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/dbea2dc2-83f6-4e70-b044-a68a4c9b9c39",
"name": "https://wpscan.com/vulnerability/dbea2dc2-83f6-4e70-b044-a68a4c9b9c39"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "ABISHEIK M"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

87
2021/24xxx/CVE-2021-24439.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24439",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24439",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Browser Screenshots < 1.7.6 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Browser Screenshots",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.7.6",
"version_value": "1.7.6"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Browser Screenshots WordPress plugin before 1.7.6 allowed authenticated users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks as the image_class parameter of the browser-shot shortcode was not escaped."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/9c538c51-ae58-461d-b93b-cc9dfebf2bc0",
"name": "https://wpscan.com/vulnerability/9c538c51-ae58-461d-b93b-cc9dfebf2bc0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

87
2021/24xxx/CVE-2021-24440.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24440",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24440",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Sign-up Sheets < 1.0.14 - Authenticated Stored Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Sign-up Sheets",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.14",
"version_value": "1.0.14"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Sign-up Sheets WordPress plugin before 1.0.14 did not sanitise or escape some of its fields when creating a new sheet, allowing high privilege users to add JavaScript in them, leading to a Stored Cross-Site Scripting issue. The payloads will be triggered when viewing the 'All Sheets' page in the admin dashboard"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/ba4503f7-684e-4274-bc53-3aa848712496",
"name": "https://wpscan.com/vulnerability/ba4503f7-684e-4274-bc53-3aa848712496"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ajay Sandipan Thorbole"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

89
2021/24xxx/CVE-2021-24441.json
View File

@ -1,18 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24441",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24441",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Sign-up Sheets < 1.0.14 - Authenticated CSV Injection"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Sign-up Sheets",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.14",
"version_value": "1.0.14"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/ec9292b1-5cbd-4332-bdb6-2351c94f5ac6",
"name": "https://wpscan.com/vulnerability/ec9292b1-5cbd-4332-bdb6-2351c94f5ac6"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ajay Sandipan Thorbole"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

94
2021/24xxx/CVE-2021-24442.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24442",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24442",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Poll, Survey, Questionnaire and Voting system < 1.5.3 - Unauthenticated Blind SQL Injection"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wpdevart",
"product": {
"product_data": [
{
"product_name": "Poll, Survey, Questionnaire and Voting system",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.5.3",
"version_value": "1.5.3"
}
]
}
}
]
}
}
]
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the date_answers[] POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/7376666e-9b2a-4239-b11f-8544435b444a",
"name": "https://wpscan.com/vulnerability/7376666e-9b2a-4239-b11f-8544435b444a"
},
{
"refsource": "MISC",
"url": "https://www.in-spired.xyz/wpdevart-polls-blind-sql-injection/",
"name": "https://www.in-spired.xyz/wpdevart-polls-blind-sql-injection/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Toby Jackson"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

92
2021/24xxx/CVE-2021-24454.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24454",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ID": "CVE-2021-24454",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "YOP Poll < 6.2.8 - Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "YOP Poll",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.2.8",
"version_value": "6.2.8"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the YOP Poll WordPress plugin before 6.2.8, when a pool is created with the options \"Allow other answers\", \"Display other answers in the result list\" and \"Show results\", it can lead to Stored Cross-Site Scripting issues as the 'Other' answer is not sanitised before being output in the page. The execution of the XSS payload depends on the 'Show results' option selected, which could be before or after sending the vote for example."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/48ade7a5-5abb-4267-b9b6-13e31e1b3e91",
"name": "https://wpscan.com/vulnerability/48ade7a5-5abb-4267-b9b6-13e31e1b3e91"
},
{
"refsource": "MISC",
"url": "https://www.in-spired.xyz/discovering-wordpress-plugin-yop-polls-v6-2-7-stored-xss/",
"name": "https://www.in-spired.xyz/discovering-wordpress-plugin-yop-polls-v6-2-7-stored-xss/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Toby Jackson"
}
],
"source": {
"discovery": "UNKNOWN"
}
}