From c98625f0c78842fd321eb5050db984fb60437c35 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 28 Jul 2019 16:00:53 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/14xxx/CVE-2019-14349.json | 62 ++++++++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14350.json | 62 ++++++++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14351.json | 62 ++++++++++++++++++++++++++++++++++ 3 files changed, 186 insertions(+) create mode 100644 2019/14xxx/CVE-2019-14349.json create mode 100644 2019/14xxx/CVE-2019-14350.json create mode 100644 2019/14xxx/CVE-2019-14351.json diff --git a/2019/14xxx/CVE-2019-14349.json b/2019/14xxx/CVE-2019-14349.json new file mode 100644 index 00000000000..8a52d402904 --- /dev/null +++ b/2019/14xxx/CVE-2019-14349.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the api/v1/Document functionality for storing documents in the account tab. An attacker can upload a crafted file that contains JavaScript code in its name. This code will be executed when a user opens a page of any profile with this." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/espocrm/espocrm/issues/1358", + "refsource": "MISC", + "name": "https://github.com/espocrm/espocrm/issues/1358" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14350.json b/2019/14xxx/CVE-2019-14350.json new file mode 100644 index 00000000000..5c0f55bcf56 --- /dev/null +++ b/2019/14xxx/CVE-2019-14350.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base. A malicious attacker can inject JavaScript code in the body parameter during api/v1/KnowledgeBaseArticle knowledge-base record creation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/espocrm/espocrm/issues/1356", + "refsource": "MISC", + "name": "https://github.com/espocrm/espocrm/issues/1356" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14351.json b/2019/14xxx/CVE-2019-14351.json new file mode 100644 index 00000000000..c031cbecdf4 --- /dev/null +++ b/2019/14xxx/CVE-2019-14351.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterList filters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/espocrm/espocrm/issues/1357", + "refsource": "MISC", + "name": "https://github.com/espocrm/espocrm/issues/1357" + } + ] + } +} \ No newline at end of file