From d0ccaa92eca981b9b4d7666e088d913e16611d25 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 20 Jan 2025 04:01:02 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/0xxx/CVE-2025-0581.json | 114 +++++++++++++++++++++++++++++++++-- 2025/0xxx/CVE-2025-0582.json | 114 +++++++++++++++++++++++++++++++++-- 2 files changed, 220 insertions(+), 8 deletions(-) diff --git a/2025/0xxx/CVE-2025-0581.json b/2025/0xxx/CVE-2025-0581.json index 0c30bd2b727..7ed51485b74 100644 --- a/2025/0xxx/CVE-2025-0581.json +++ b/2025/0xxx/CVE-2025-0581.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0581", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic has been found in CampCodes School Management Software 1.0. This affects an unknown part of the file /chat/group/send of the component Chat History. The manipulation of the argument message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in CampCodes School Management Software 1.0 entdeckt. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /chat/group/send der Komponente Chat History. Durch Beeinflussen des Arguments message mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting", + "cweId": "CWE-79" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Code Injection", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CampCodes", + "product": { + "product_data": [ + { + "product_name": "School Management Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.292599", + "refsource": "MISC", + "name": "https://vuldb.com/?id.292599" + }, + { + "url": "https://vuldb.com/?ctiid.292599", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.292599" + }, + { + "url": "https://vuldb.com/?submit.484895", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.484895" + }, + { + "url": "https://github.com/KhukuriRimal/Vulnerabilities/blob/main/CampCodes%20-%20Stored%20Cross%20Site%20Scripting-%20Account%20Takeover%20Possibility.pdf", + "refsource": "MISC", + "name": "https://github.com/KhukuriRimal/Vulnerabilities/blob/main/CampCodes%20-%20Stored%20Cross%20Site%20Scripting-%20Account%20Takeover%20Possibility.pdf" + }, + { + "url": "https://www.campcodes.com/", + "refsource": "MISC", + "name": "https://www.campcodes.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "khukuririmal (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } diff --git a/2025/0xxx/CVE-2025-0582.json b/2025/0xxx/CVE-2025-0582.json index 90fd15271d4..8e9e572ae22 100644 --- a/2025/0xxx/CVE-2025-0582.json +++ b/2025/0xxx/CVE-2025-0582.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0582", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical was found in itsourcecode Farm Management System up to 1.0. This vulnerability affects unknown code of the file /add-pig.php. The manipulation of the argument pigphoto leads to unrestricted upload. The attack can be initiated remotely." + }, + { + "lang": "deu", + "value": "In itsourcecode Farm Management System bis 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /add-pig.php. Dank der Manipulation des Arguments pigphoto mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unrestricted Upload", + "cweId": "CWE-434" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Controls", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "itsourcecode", + "product": { + "product_data": [ + { + "product_name": "Farm Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.292600", + "refsource": "MISC", + "name": "https://vuldb.com/?id.292600" + }, + { + "url": "https://vuldb.com/?ctiid.292600", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.292600" + }, + { + "url": "https://vuldb.com/?submit.484909", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.484909" + }, + { + "url": "https://github.com/yunhai666/cve/issues/2", + "refsource": "MISC", + "name": "https://github.com/yunhai666/cve/issues/2" + }, + { + "url": "https://itsourcecode.com/", + "refsource": "MISC", + "name": "https://itsourcecode.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "weiwei-abc (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.7, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.7, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.8, + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P" } ] }