Update Mattermost Server to versions 9.8.0, 9.5.10 or higher.
" + } + ], + "value": "Update Mattermost Server to versions 9.8.0, 9.5.10 or higher." + } + ], + "credits": [ + { + "lang": "en", + "value": "Juho Nurminen" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/45xxx/CVE-2024-45477.json b/2024/45xxx/CVE-2024-45477.json index 9483b99e1e1..f5e153033d8 100644 --- a/2024/45xxx/CVE-2024-45477.json +++ b/2024/45xxx/CVE-2024-45477.json @@ -1,17 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45477", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apache NiFi 1.10.0 through 1.27.0 and 2.0.0-M1 through 2.0.0-M3 support a description field for Parameters in a Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, which the client browser will execute within the session context of the authenticated user. Upgrading to Apache NiFi 1.28.0 or 2.0.0-M4 is the recommended mitigation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache NiFi", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.10.0", + "version_value": "1.27.0" + }, + { + "version_affected": "<=", + "version_name": "2.0.0-M1", + "version_value": "2.0.0-M3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/shdv0tw9hggj7tx9pl7g93mgok2lwbj9", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/shdv0tw9hggj7tx9pl7g93mgok2lwbj9" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "defect": [ + "NIFI-13675" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Muhammad Hazim Bin Nor Aizi" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/46xxx/CVE-2024-46872.json b/2024/46xxx/CVE-2024-46872.json index 7126c0fa073..af06f98498b 100644 --- a/2024/46xxx/CVE-2024-46872.json +++ b/2024/46xxx/CVE-2024-46872.json @@ -1,17 +1,148 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-46872", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "responsibledisclosure@mattermost.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mattermost", + "product": { + "product_data": [ + { + "product_name": "Mattermost", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "9.10.2", + "status": "affected", + "version": "9.10.0", + "versionType": "semver" + }, + { + "lessThanOrEqual": "9.11.1", + "status": "affected", + "version": "9.11.0", + "versionType": "semver" + }, + { + "lessThanOrEqual": "9.5.9", + "status": "affected", + "version": "9.5.0", + "versionType": "semver" + }, + { + "status": "unaffected", + "version": "10.0.0" + }, + { + "status": "unaffected", + "version": "9.10.3" + }, + { + "status": "unaffected", + "version": "9.11.2" + }, + { + "status": "unaffected", + "version": "9.5.10" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://mattermost.com/security-updates", + "refsource": "MISC", + "name": "https://mattermost.com/security-updates" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "MMSA-2024-00366", + "defect": [ + "https://mattermost.atlassian.net/browse/MM-58842" + ], + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update Mattermost to versions 10.0.0, 9.10.3, 9.11.2, 9.5.10 or higher.
" + } + ], + "value": "Update Mattermost to versions 10.0.0, 9.10.3, 9.11.2, 9.5.10 or higher." + } + ], + "credits": [ + { + "lang": "en", + "value": "DoyenSec" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/47xxx/CVE-2024-47401.json b/2024/47xxx/CVE-2024-47401.json index 52e31653048..15fc55a0aaa 100644 --- a/2024/47xxx/CVE-2024-47401.json +++ b/2024/47xxx/CVE-2024-47401.json @@ -1,17 +1,148 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47401", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "responsibledisclosure@mattermost.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1 and 9.5.x <= 9.5.9 fail to\u00a0prevent detailed error messages from being displayed\u00a0in Playbooks which allows an attacker to generate a large response and cause an amplified GraphQL response which in turn could cause the application to crash by sending a specially crafted request to Playbooks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770: Allocation of Resources Without Limits or Throttling", + "cweId": "CWE-770" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mattermost", + "product": { + "product_data": [ + { + "product_name": "Mattermost", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "9.10.2", + "status": "affected", + "version": "9.10.0", + "versionType": "semver" + }, + { + "lessThanOrEqual": "9.11.1", + "status": "affected", + "version": "9.11.0", + "versionType": "semver" + }, + { + "lessThanOrEqual": "9.5.9", + "status": "affected", + "version": "9.5.0", + "versionType": "semver" + }, + { + "status": "unaffected", + "version": "10.0.0" + }, + { + "status": "unaffected", + "version": "9.10.3" + }, + { + "status": "unaffected", + "version": "9.11.2" + }, + { + "status": "unaffected", + "version": "9.5.10" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://mattermost.com/security-updates", + "refsource": "MISC", + "name": "https://mattermost.com/security-updates" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "MMSA-2024-00360", + "defect": [ + "https://mattermost.atlassian.net/browse/MM-58790" + ], + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update Mattermost to versions 10.0.0, 9.10.3, 9.11.2, 9.5.10 or higher.
" + } + ], + "value": "Update Mattermost to versions 10.0.0, 9.10.3, 9.11.2, 9.5.10 or higher." + } + ], + "credits": [ + { + "lang": "en", + "value": "DoyenSec" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2024/49xxx/CVE-2024-49642.json b/2024/49xxx/CVE-2024-49642.json index e6a09af0c60..ae2a0732281 100644 --- a/2024/49xxx/CVE-2024-49642.json +++ b/2024/49xxx/CVE-2024-49642.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49642", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rafasashi Todo Custom Field allows Reflected XSS.This issue affects Todo Custom Field: from n/a through 3.0.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rafasashi", + "product": { + "product_data": [ + { + "product_name": "Todo Custom Field", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "3.0.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/todo-custom-field/wordpress-todo-custom-field-plugin-3-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/todo-custom-field/wordpress-todo-custom-field-plugin-3-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Mika (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/50xxx/CVE-2024-50052.json b/2024/50xxx/CVE-2024-50052.json index bc0b199f1fa..4ec252226b5 100644 --- a/2024/50xxx/CVE-2024-50052.json +++ b/2024/50xxx/CVE-2024-50052.json @@ -1,17 +1,148 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50052", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "responsibledisclosure@mattermost.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to\u00a0check that the origin of the message in an integration action matches with the original post metadata\u00a0which allows an authenticated user to delete an arbitrary post." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862: Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mattermost", + "product": { + "product_data": [ + { + "product_name": "Mattermost", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "9.10.2", + "status": "affected", + "version": "9.10.0", + "versionType": "semver" + }, + { + "lessThanOrEqual": "9.11.1", + "status": "affected", + "version": "9.11.0", + "versionType": "semver" + }, + { + "lessThanOrEqual": "9.5.9", + "status": "affected", + "version": "9.5.0", + "versionType": "semver" + }, + { + "status": "unaffected", + "version": "10.0.0" + }, + { + "status": "unaffected", + "version": "9.10.3" + }, + { + "status": "unaffected", + "version": "9.11.2" + }, + { + "status": "unaffected", + "version": "9.5.10" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://mattermost.com/security-updates", + "refsource": "MISC", + "name": "https://mattermost.com/security-updates" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "MMSA-2024-00350", + "defect": [ + "https://mattermost.atlassian.net/browse/MM-58431" + ], + "discovery": "INTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update Mattermost to versions 10.0.0, 9.10.3, 9.11.2, 9.5.10 or higher.
" + } + ], + "value": "Update Mattermost to versions 10.0.0, 9.10.3, 9.11.2, 9.5.10 or higher." + } + ], + "credits": [ + { + "lang": "en", + "value": "Jesse Hallam" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/50xxx/CVE-2024-50411.json b/2024/50xxx/CVE-2024-50411.json index 037a1674d76..7f40e1da046 100644 --- a/2024/50xxx/CVE-2024-50411.json +++ b/2024/50xxx/CVE-2024-50411.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50411", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kevon Adonis WP Abstracts allows Stored XSS.This issue affects WP Abstracts: from n/a through 2.7.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kevon Adonis", + "product": { + "product_data": [ + { + "product_name": "WP Abstracts", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.7.2", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.7.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-abstracts-manuscripts-manager/wordpress-wp-abstracts-plugin-2-7-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/wp-abstracts-manuscripts-manager/wordpress-wp-abstracts-plugin-2-7-1-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.7.2 or a higher version." + } + ], + "value": "Update to 2.7.2 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "UKO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/50xxx/CVE-2024-50412.json b/2024/50xxx/CVE-2024-50412.json index 323ab8dc938..3b321004d94 100644 --- a/2024/50xxx/CVE-2024-50412.json +++ b/2024/50xxx/CVE-2024-50412.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50412", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jules Colle Conditional Fields for Contact Form 7 allows Stored XSS.This issue affects Conditional Fields for Contact Form 7: from n/a through 2.4.15." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jules Colle", + "product": { + "product_data": [ + { + "product_name": "Conditional Fields for Contact Form 7", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.5", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.4.15", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/cf7-conditional-fields/wordpress-conditional-fields-for-contact-form-7-plugin-2-4-15-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/cf7-conditional-fields/wordpress-conditional-fields-for-contact-form-7-plugin-2-4-15-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.5 or a higher version." + } + ], + "value": "Update to 2.5 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "UKO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/50xxx/CVE-2024-50413.json b/2024/50xxx/CVE-2024-50413.json index 96c235d4fa1..ce416bab8c8 100644 --- a/2024/50xxx/CVE-2024-50413.json +++ b/2024/50xxx/CVE-2024-50413.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50413", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in codection Import and export users and customers allows Stored XSS.This issue affects Import and export users and customers: from n/a through 1.27.5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "codection", + "product": { + "product_data": [ + { + "product_name": "Import and export users and customers", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.27.6", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.27.5", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/import-users-from-csv-with-meta/wordpress-import-and-export-users-and-customers-plugin-1-27-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/import-users-from-csv-with-meta/wordpress-import-and-export-users-and-customers-plugin-1-27-5-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.27.6 or a higher version." + } + ], + "value": "Update to 1.27.6 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "UKO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/50xxx/CVE-2024-50414.json b/2024/50xxx/CVE-2024-50414.json index 563151d1bf0..6ffe09bd670 100644 --- a/2024/50xxx/CVE-2024-50414.json +++ b/2024/50xxx/CVE-2024-50414.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50414", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VirusTran Button contact VR allows Stored XSS.This issue affects Button contact VR: from n/a through 4.7.9.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "VirusTran", + "product": { + "product_data": [ + { + "product_name": "Button contact VR", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "4.7.10", + "status": "unaffected" + } + ], + "lessThanOrEqual": "4.7.9.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/button-contact-vr/wordpress-button-contact-vr-plugin-4-7-9-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/button-contact-vr/wordpress-button-contact-vr-plugin-4-7-9-1-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 4.7.10 or a higher version." + } + ], + "value": "Update to 4.7.10 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "UKO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/50xxx/CVE-2024-50415.json b/2024/50xxx/CVE-2024-50415.json index 59603c58979..261116fbdc7 100644 --- a/2024/50xxx/CVE-2024-50415.json +++ b/2024/50xxx/CVE-2024-50415.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50415", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pagup Ads.Txt & App-ads.Txt Manager for WordPress allows Stored XSS.This issue affects Ads.Txt & App-ads.Txt Manager for WordPress: from n/a through 1.1.7.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Pagup", + "product": { + "product_data": [ + { + "product_name": "Ads.txt & App-ads.txt Manager for WordPress", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.1.8", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.1.7.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/app-ads-txt/wordpress-ads-txt-app-ads-txt-manager-for-wordpress-plugin-1-1-7-1-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/app-ads-txt/wordpress-ads-txt-app-ads-txt-manager-for-wordpress-plugin-1-1-7-1-stored-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.1.8 or a higher version." + } + ], + "value": "Update to 1.1.8 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "UKO (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/50xxx/CVE-2024-50418.json b/2024/50xxx/CVE-2024-50418.json index 7697edfa4a8..e0de337f7a3 100644 --- a/2024/50xxx/CVE-2024-50418.json +++ b/2024/50xxx/CVE-2024-50418.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50418", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Time Slot Booking Time Slot allows Stored XSS.This issue affects Time Slot: from n/a through 1.3.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Time Slot Booking", + "product": { + "product_data": [ + { + "product_name": "Time Slot", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.3.7", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.3.6", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/timeslot/wordpress-time-slot-plugin-1-3-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/timeslot/wordpress-time-slot-plugin-1-3-6-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.3.7 or a higher version." + } + ], + "value": "Update to 1.3.7 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Khalid Yusuf (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/50xxx/CVE-2024-50420.json b/2024/50xxx/CVE-2024-50420.json index c0b4b45e1f1..9ff27082fa1 100644 --- a/2024/50xxx/CVE-2024-50420.json +++ b/2024/50xxx/CVE-2024-50420.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50420", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in adirectory aDirectory allows Upload a Web Shell to a Web Server.This issue affects aDirectory: from n/a through 1.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "adirectory", + "product": { + "product_data": [ + { + "product_name": "aDirectory", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.3.1", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.3", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/adirectory/wordpress-adirectory-plugin-1-3-arbitrary-file-upload-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/adirectory/wordpress-adirectory-plugin-1-3-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.3.1 or a higher version." + } + ], + "value": "Update to 1.3.1 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "stealthcopter (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/50xxx/CVE-2024-50426.json b/2024/50xxx/CVE-2024-50426.json index 0034996a0e2..e390b727bef 100644 --- a/2024/50xxx/CVE-2024-50426.json +++ b/2024/50xxx/CVE-2024-50426.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50426", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS.This issue affects Survey Maker: from n/a through 5.0.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Survey Maker team", + "product": { + "product_data": [ + { + "product_name": "Survey Maker", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "5.0.3", + "status": "unaffected" + } + ], + "lessThanOrEqual": "5.0.2", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/survey-maker/wordpress-survey-maker-plugin-5-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/survey-maker/wordpress-survey-maker-plugin-5-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 5.0.3 or a higher version." + } + ], + "value": "Update to 5.0.3 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Marek Mikita (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/50xxx/CVE-2024-50427.json b/2024/50xxx/CVE-2024-50427.json index 8e31aad8b2f..08a61929a62 100644 --- a/2024/50xxx/CVE-2024-50427.json +++ b/2024/50xxx/CVE-2024-50427.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50427", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Devsoft Baltic O\u00dc SurveyJS: Drag & Drop WordPress Form Builder.This issue affects SurveyJS: Drag & Drop WordPress Form Builder: from n/a through 1.9.136." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Devsoft Baltic O\u00dc", + "product": { + "product_data": [ + { + "product_name": "SurveyJS: Drag & Drop WordPress Form Builder", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.12.4", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.9.136", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/surveyjs/wordpress-surveyjs-plugin-1-9-136-arbitrary-file-upload-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/surveyjs/wordpress-surveyjs-plugin-1-9-136-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.12.4 or a higher version." + } + ], + "value": "Update to 1.12.4 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "stealthcopter (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/50xxx/CVE-2024-50473.json b/2024/50xxx/CVE-2024-50473.json index 35003eca3d0..bd335155812 100644 --- a/2024/50xxx/CVE-2024-50473.json +++ b/2024/50xxx/CVE-2024-50473.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50473", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through 3.1.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Ajar Productions", + "product": { + "product_data": [ + { + "product_name": "Ajar in5 Embed", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "3.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/ajar-productions-in5-embed/wordpress-ajar-in5-embed-plugin-3-1-3-arbitrary-file-upload-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/ajar-productions-in5-embed/wordpress-ajar-in5-embed-plugin-3-1-3-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "C_T_R_L - Chance (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/50xxx/CVE-2024-50475.json b/2024/50xxx/CVE-2024-50475.json index 2fe22c2550e..50a44547ade 100644 --- a/2024/50xxx/CVE-2024-50475.json +++ b/2024/50xxx/CVE-2024-50475.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50475", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in Scott Gamon Signup Page allows Privilege Escalation.This issue affects Signup Page: from n/a through 1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Scott Gamon", + "product": { + "product_data": [ + { + "product_name": "Signup Page", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/signup-page/wordpress-signup-page-plugin-1-0-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/signup-page/wordpress-signup-page-plugin-1-0-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Mika (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/50xxx/CVE-2024-50476.json b/2024/50xxx/CVE-2024-50476.json index 2150305a8fb..77c8fb039de 100644 --- a/2024/50xxx/CVE-2024-50476.json +++ b/2024/50xxx/CVE-2024-50476.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50476", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in GR\u00dcN Software Group GmbH GR\u00dcN spendino Spendenformular allows Privilege Escalation.This issue affects GR\u00dcN spendino Spendenformular: from n/a through 1.0.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GR\u00dcN Software Group GmbH", + "product": { + "product_data": [ + { + "product_name": "GR\u00dcN spendino Spendenformular", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/spendino/wordpress-gruen-spendino-spendenformular-plugin-1-0-1-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/spendino/wordpress-gruen-spendino-spendenformular-plugin-1-0-1-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Mika (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/50xxx/CVE-2024-50481.json b/2024/50xxx/CVE-2024-50481.json index 6ae2adc2fac..d8e96cb9c78 100644 --- a/2024/50xxx/CVE-2024-50481.json +++ b/2024/50xxx/CVE-2024-50481.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50481", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect Privilege Assignment vulnerability in Stack Themes Bstone Demo Importer allows Privilege Escalation.This issue affects Bstone Demo Importer: from n/a through 1.0.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-266: Incorrect Privilege Assignment", + "cweId": "CWE-266" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Stack Themes", + "product": { + "product_data": [ + { + "product_name": "Bstone Demo Importer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/bstone-demo-importer/wordpress-bstone-demo-importer-plugin-1-0-1-privilege-escalation-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/bstone-demo-importer/wordpress-bstone-demo-importer-plugin-1-0-1-privilege-escalation-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "stealthcopter (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/50xxx/CVE-2024-50485.json b/2024/50xxx/CVE-2024-50485.json index 94865afab9e..7322cdc618a 100644 --- a/2024/50xxx/CVE-2024-50485.json +++ b/2024/50xxx/CVE-2024-50485.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50485", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": ": Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through 1.5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-266: Incorrect Privilege Assignment", + "cweId": "CWE-266" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Udit Rawat", + "product": { + "product_data": [ + { + "product_name": "Exam Matrix", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/exam-matrix/wordpress-exam-matrix-plugin-1-5-privilege-escalation-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/exam-matrix/wordpress-exam-matrix-plugin-1-5-privilege-escalation-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "ghsinfosec (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/50xxx/CVE-2024-50490.json b/2024/50xxx/CVE-2024-50490.json index eb52243b0e4..93336bb69aa 100644 --- a/2024/50xxx/CVE-2024-50490.json +++ b/2024/50xxx/CVE-2024-50490.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-50490", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in Szabolcs Szecsenyi PegaPoll allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PegaPoll: from n/a through 1.0.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Szabolcs Szecsenyi", + "product": { + "product_data": [ + { + "product_name": "PegaPoll", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/pegapoll/wordpress-pegapoll-plugin-1-0-2-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/pegapoll/wordpress-pegapoll-plugin-1-0-2-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Mika (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/9xxx/CVE-2024-9438.json b/2024/9xxx/CVE-2024-9438.json index 181629b9ce6..9b9fa87ca50 100644 --- a/2024/9xxx/CVE-2024-9438.json +++ b/2024/9xxx/CVE-2024-9438.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9438", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The SEUR Oficial plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'change_service' parameter in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", + "cweId": "CWE-80" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "seuroficial", + "product": { + "product_data": [ + { + "product_name": "SEUR Oficial", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.2.11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/88edf229-2be2-49d0-b500-e8ff7708f806?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/88edf229-2be2-49d0-b500-e8ff7708f806?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/seur/trunk/core/pages/seur-get-labels.php#L60", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/seur/trunk/core/pages/seur-get-labels.php#L60" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3176965/seur/trunk/core/pages/seur-get-labels.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3176965/seur/trunk/core/pages/seur-get-labels.php" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Dale Mavers" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" } ] }