"-Synchronized-Data."

2025-05-06 18:53:08 +00:00 · 2025-04-08 00:00:35 +00:00 · 2025-04-08 00:00:35 +00:00 · cdfe8a8ba5
commit cdfe8a8ba5
parent 8c3bf4e096
2 changed files with 200 additions and 8 deletions
--- a/2025/3xxx/CVE-2025-3388.json
+++ b/2025/3xxx/CVE-2025-3388.json
@ -1,17 +1,113 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2025-3388",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "cna@vuldb.com",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability classified as problematic was found in hailey888 oa_system up to 2025.01.01. This vulnerability affects the function loginCheck of the file cn/gson/oasys/controller/login/LoginsController.java of the component Frontend. The manipulation of the argument Username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available."
+            },
+            {
+                "lang": "deu",
+                "value": "In hailey888 oa_system bis 2025.01.01 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Hierbei betrifft es die Funktion loginCheck der Datei cn/gson/oasys/controller/login/LoginsController.java der Komponente Frontend. Dank Manipulation des Arguments Username mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Cross Site Scripting",
+                        "cweId": "CWE-79"
+                    }
+                ]
+            },
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Code Injection",
+                        "cweId": "CWE-94"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "hailey888",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "oa_system",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "=",
+                                            "version_value": "2025.01.01"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://vuldb.com/?id.303634",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?id.303634"
+            },
+            {
+                "url": "https://vuldb.com/?ctiid.303634",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?ctiid.303634"
+            },
+            {
+                "url": "https://gitee.com/hailey888/oa_system/issues/IBRQYI",
+                "refsource": "MISC",
+                "name": "https://gitee.com/hailey888/oa_system/issues/IBRQYI"
+            }
+        ]
+    },
+    "credits": [
+        {
+            "lang": "en",
+            "value": "VulDB Gitee Analyzer"
+        }
+    ],
+    "impact": {
+        "cvss": [
+            {
+                "version": "3.1",
+                "baseScore": 4.3,
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+                "baseSeverity": "MEDIUM"
+            },
+            {
+                "version": "3.0",
+                "baseScore": 4.3,
+                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+                "baseSeverity": "MEDIUM"
+            },
+            {
+                "version": "2.0",
+                "baseScore": 5,
+                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"
            }
        ]
    }
--- a/2025/3xxx/CVE-2025-3389.json
+++ b/2025/3xxx/CVE-2025-3389.json
@ -1,17 +1,113 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2025-3389",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "cna@vuldb.com",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability, which was classified as problematic, has been found in hailey888 oa_system up to 2025.01.01. This issue affects the function testMess of the file cn/gson/oasys/controller/inform/InformManageController.java of the component Backend. The manipulation of the argument menu leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable."
+            },
+            {
+                "lang": "deu",
+                "value": "Eine Schwachstelle wurde in hailey888 oa_system bis 2025.01.01 entdeckt. Sie wurde als problematisch eingestuft. Davon betroffen ist die Funktion testMess der Datei cn/gson/oasys/controller/inform/InformManageController.java der Komponente Backend. Mit der Manipulation des Arguments menu mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verf\u00fcgbar."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Cross Site Scripting",
+                        "cweId": "CWE-79"
+                    }
+                ]
+            },
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Code Injection",
+                        "cweId": "CWE-94"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "hailey888",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "oa_system",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "=",
+                                            "version_value": "2025.01.01"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://vuldb.com/?id.303635",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?id.303635"
+            },
+            {
+                "url": "https://vuldb.com/?ctiid.303635",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?ctiid.303635"
+            },
+            {
+                "url": "https://gitee.com/hailey888/oa_system/issues/IBRQXH",
+                "refsource": "MISC",
+                "name": "https://gitee.com/hailey888/oa_system/issues/IBRQXH"
+            }
+        ]
+    },
+    "credits": [
+        {
+            "lang": "en",
+            "value": "VulDB Gitee Analyzer"
+        }
+    ],
+    "impact": {
+        "cvss": [
+            {
+                "version": "3.1",
+                "baseScore": 3.5,
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+                "baseSeverity": "LOW"
+            },
+            {
+                "version": "3.0",
+                "baseScore": 3.5,
+                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+                "baseSeverity": "LOW"
+            },
+            {
+                "version": "2.0",
+                "baseScore": 4,
+                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
            }
        ]
    }