diff --git a/2020/14xxx/CVE-2020-14988.json b/2020/14xxx/CVE-2020-14988.json index 32056545ad5..74552630352 100644 --- a/2020/14xxx/CVE-2020-14988.json +++ b/2020/14xxx/CVE-2020-14988.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14988", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14988", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the upload image functionality via an SVG document containing JavaScript." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://tvrbk.github.io/cve/2021/03/09/brXM.html", + "url": "https://tvrbk.github.io/cve/2021/03/09/brXM.html" } ] } diff --git a/2020/14xxx/CVE-2020-14989.json b/2020/14xxx/CVE-2020-14989.json index 53d919aa5a9..2b8d566f167 100644 --- a/2020/14xxx/CVE-2020-14989.json +++ b/2020/14xxx/CVE-2020-14989.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-14989", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-14989", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://tvrbk.github.io/cve/2021/03/09/brXM.html", + "url": "https://tvrbk.github.io/cve/2021/03/09/brXM.html" } ] } diff --git a/2020/27xxx/CVE-2020-27216.json b/2020/27xxx/CVE-2020-27216.json index 7388f9c8dff..efedbe9cd4e 100644 --- a/2020/27xxx/CVE-2020-27216.json +++ b/2020/27xxx/CVE-2020-27216.json @@ -455,6 +455,11 @@ "refsource": "MLIST", "name": "[beam-issues] 20210311 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216", "url": "https://lists.apache.org/thread.html/r9cd444f944241dc26d9b8b007fe8971ed7f005b56befef7a4f4fb827@%3Cissues.beam.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[beam-issues] 20210311 [jira] [Comment Edited] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216", + "url": "https://lists.apache.org/thread.html/r556787f1ab14da034d79dfff0c123c05877bbe89ef163fd359b4564c@%3Cissues.beam.apache.org%3E" } ] }