admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-05-24 07:00:33 +00:00
parent 4d7881e5d6
commit e43fa29672
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
9 changed files with 707 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

141
2023/1xxx/CVE-2023-1001.json
View File

@ -1,17 +1,150 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1001",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as problematic, has been found in xuliangzhan vxe-table up to 3.7.9. This issue affects the function export of the file packages/textarea/src/textarea.js of the component vxe-textarea. The manipulation of the argument inputValue leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.7.10 is able to address this issue. The patch is named d70b0e089740b65a22c89c106ebc4627ac48a22d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-266123."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in xuliangzhan vxe-table bis 3.7.9 entdeckt. Sie wurde als problematisch eingestuft. Betroffen davon ist die Funktion export der Datei packages/textarea/src/textarea.js der Komponente vxe-textarea. Dank der Manipulation des Arguments inputValue mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 3.7.10 vermag dieses Problem zu l\u00f6sen. Der Patch wird als d70b0e089740b65a22c89c106ebc4627ac48a22d bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "xuliangzhan",
"product": {
"product_data": [
{
"product_name": "vxe-table",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.7.0"
},
{
"version_affected": "=",
"version_value": "3.7.1"
},
{
"version_affected": "=",
"version_value": "3.7.2"
},
{
"version_affected": "=",
"version_value": "3.7.3"
},
{
"version_affected": "=",
"version_value": "3.7.4"
},
{
"version_affected": "=",
"version_value": "3.7.5"
},
{
"version_affected": "=",
"version_value": "3.7.6"
},
{
"version_affected": "=",
"version_value": "3.7.7"
},
{
"version_affected": "=",
"version_value": "3.7.8"
},
{
"version_affected": "=",
"version_value": "3.7.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.266123",
"refsource": "MISC",
"name": "https://vuldb.com/?id.266123"
},
{
"url": "https://vuldb.com/?ctiid.266123",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.266123"
},
{
"url": "https://gitee.com/xuliangzhan_admin/vxe-table/issues/I8O21R",
"refsource": "MISC",
"name": "https://gitee.com/xuliangzhan_admin/vxe-table/issues/I8O21R"
},
{
"url": "https://gitee.com/xuliangzhan_admin/vxe-table/commit/d70b0e089740b65a22c89c106ebc4627ac48a22d",
"refsource": "MISC",
"name": "https://gitee.com/xuliangzhan_admin/vxe-table/commit/d70b0e089740b65a22c89c106ebc4627ac48a22d"
},
{
"url": "https://gitee.com/xuliangzhan_admin/vxe-table/tree/3.7.10",
"refsource": "MISC",
"name": "https://gitee.com/xuliangzhan_admin/vxe-table/tree/3.7.10"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB Gitee Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
}
]
}

115
2023/1xxx/CVE-2023-1111.json
View File

@ -1,17 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1111",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in FastCMS up to 0.1.5 and classified as problematic. Affected by this issue is some unknown functionality of the component New Article Tab. The manipulation of the argument Title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-266126 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in FastCMS bis 0.1.5 gefunden. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Komponente New Article Tab. Durch die Manipulation des Arguments Title mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "FastCMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.1.0"
},
{
"version_affected": "=",
"version_value": "0.1.1"
},
{
"version_affected": "=",
"version_value": "0.1.2"
},
{
"version_affected": "=",
"version_value": "0.1.3"
},
{
"version_affected": "=",
"version_value": "0.1.4"
},
{
"version_affected": "=",
"version_value": "0.1.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.266126",
"refsource": "MISC",
"name": "https://vuldb.com/?id.266126"
},
{
"url": "https://vuldb.com/?ctiid.266126",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.266126"
},
{
"url": "https://gitee.com/dianbuapp_admin/fastcms/issues/I8ERNV",
"refsource": "MISC",
"name": "https://gitee.com/dianbuapp_admin/fastcms/issues/I8ERNV"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB Gitee Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 2.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 2.4,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N"
}
]
}

75
2024/0xxx/CVE-2024-0893.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0893",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update or delete post metadata."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "vberkel",
"product": {
"product_data": [
{
"product_name": "Schema App Structured Data",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1089ab17-b780-4840-8dcd-c50258513634?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1089ab17-b780-4840-8dcd-c50258513634?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/schema-app-structured-data-for-schemaorg/trunk/lib/SchemaEditor.php#L327",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/schema-app-structured-data-for-schemaorg/trunk/lib/SchemaEditor.php#L327"
}
]
},
"credits": [
{
"lang": "en",
"value": "Francesco Carlucci"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}

75
2024/1xxx/CVE-2024-1332.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1332",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Custom Fonts \u2013 Host Your Fonts Locally plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author level or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "brainstormforce",
"product": {
"product_data": [
{
"product_name": "Custom Fonts \u2013 Host Your Fonts Locally",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.1.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/98536242-64c7-4e02-aa00-a3efbf5c90d8?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/98536242-64c7-4e02-aa00-a3efbf5c90d8?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3074871%40custom-fonts%2Ftrunk&old=3062686%40custom-fonts%2Ftrunk&sfp_email=&sfph_mail=#file4",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3074871%40custom-fonts%2Ftrunk&old=3062686%40custom-fonts%2Ftrunk&sfp_email=&sfph_mail=#file4"
}
]
},
"credits": [
{
"lang": "en",
"value": "James Myers"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

75
2024/1xxx/CVE-2024-1376.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1376",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing capability check on the save_bulkdatas function in all versions up to, and including, 5.9.4. This makes it possible for authenticated attackers, with subscriber access or higher, to update post_meta_data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "bastho",
"product": {
"product_data": [
{
"product_name": "Event post",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "5.9.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/926c09d5-3824-4745-99f6-50d9c945d252?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/926c09d5-3824-4745-99f6-50d9c945d252?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3086840/event-post/trunk/eventpost.php?old=3060317&old_path=event-post%2Ftrunk%2Feventpost.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3086840/event-post/trunk/eventpost.php?old=3060317&old_path=event-post%2Ftrunk%2Feventpost.php"
}
]
},
"credits": [
{
"lang": "en",
"value": "Francesco Carlucci"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}

18
2024/36xxx/CVE-2024-36361.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36361",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

80
2024/4xxx/CVE-2024-4484.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4484",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018xai_username\u2019 parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "posimyththemes",
"product": {
"product_data": [
{
"product_name": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "5.5.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f36c785f-9b8c-43c4-b12f-6fb4c0c67eff?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f36c785f-9b8c-43c4-b12f-6fb4c0c67eff?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.5.2/modules/widgets/tp_meeting_scheduler.php#L549",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.5.2/modules/widgets/tp_meeting_scheduler.php#L549"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3083932",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3083932"
}
]
},
"credits": [
{
"lang": "en",
"value": "Ng\u00f4 Thi\u00ean An"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

80
2024/4xxx/CVE-2024-4485.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4485",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018button_custom_attributes\u2019 parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "posimyththemes",
"product": {
"product_data": [
{
"product_name": "The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "5.5.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4890cd48-a448-4af1-ae1e-6456300434e5?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4890cd48-a448-4af1-ae1e-6456300434e5?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.5.2/modules/widgets/tp_button.php#L1538",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/the-plus-addons-for-elementor-page-builder/tags/5.5.2/modules/widgets/tp_button.php#L1538"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3083932",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3083932"
}
]
},
"credits": [
{
"lang": "en",
"value": "Ng\u00f4 Thi\u00ean An"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

80
2024/5xxx/CVE-2024-5060.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5060",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The LottieFiles \u2013 JSON Based Animation Lottie & Bodymovin for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.10.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "kapasias",
"product": {
"product_data": [
{
"product_name": "LottieFiles \u2013 JSON Based Animation Lottie & Bodymovin for Elementor",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.10.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/74f59ee0-19dd-4cc9-ab24-22f26d71d248?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/74f59ee0-19dd-4cc9-ab24-22f26d71d248?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/include-lottie-animation-for-elementor/tags/1.10.9/include/jbafe-json-anim-widget.php#L1180",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/include-lottie-animation-for-elementor/tags/1.10.9/include/jbafe-json-anim-widget.php#L1180"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3089058%40include-lottie-animation-for-elementor%2Ftags%2F1.10.9&new=3089058%40include-lottie-animation-for-elementor%2Ftags%2F1.10.10",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3089058%40include-lottie-animation-for-elementor%2Ftags%2F1.10.9&new=3089058%40include-lottie-animation-for-elementor%2Ftags%2F1.10.10"
}
]
},
"credits": [
{
"lang": "en",
"value": "Matthew Rollings"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}