diff --git a/2022/1xxx/CVE-2022-1816.json b/2022/1xxx/CVE-2022-1816.json
index 56c154eac72..f61c073a0dd 100644
--- a/2022/1xxx/CVE-2022-1816.json
+++ b/2022/1xxx/CVE-2022-1816.json
@@ -1,73 +1,77 @@
-{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
- "CVE_data_meta": {
- "ID": "CVE-2022-1816",
- "TITLE": "Zoo Management System Content Module cross site scripting",
- "REQUESTER": "cna@vuldb.com",
- "ASSIGNER": "cna@vuldb.com",
- "STATE": "PUBLIC"
- },
- "generator": "vuldb.com",
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "vendor_name": "",
- "product": {
- "product_data": [
- {
- "product_name": "Zoo Management System",
- "version": {
- "version_data": [
- {
- "version_value": "1.0"
- }
- ]
- }
- }
- ]
- }
- }
- ]
- }
- },
- "problemtype": {
- "problemtype_data": [
- {
- "description": [
- {
- "lang": "eng",
- "value": "CWE-79 Cross Site Scripting"
- }
- ]
- }
- ]
- },
- "description": {
- "description_data": [
- {
- "lang": "eng",
- "value": "A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is \/zoo\/admin\/public_html\/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input leads to an authenticated cross site scripting. Exploit details have been disclosed to the public."
+ }
+ ]
+ },
+ "impact": {
+ "cvss": {
+ "version": "3.1",
+ "baseScore": "3.5",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Zoo-Management-System/Zoo-Management-System(XSS).md",
+ "refsource": "MISC",
+ "name": "https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Zoo-Management-System/Zoo-Management-System(XSS).md"
+ },
+ {
+ "url": "https://vuldb.com/?id.200558",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.200558"
+ }
+ ]
+ }
}
\ No newline at end of file
diff --git a/2022/1xxx/CVE-2022-1817.json b/2022/1xxx/CVE-2022-1817.json
index 21f69959ec8..9b3ae178311 100644
--- a/2022/1xxx/CVE-2022-1817.json
+++ b/2022/1xxx/CVE-2022-1817.json
@@ -1,73 +1,77 @@
-{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
- "CVE_data_meta": {
- "ID": "CVE-2022-1817",
- "TITLE": "Badminton Center Management System Userlist Module cross site scripting",
- "REQUESTER": "cna@vuldb.com",
- "ASSIGNER": "cna@vuldb.com",
- "STATE": "PUBLIC"
- },
- "generator": "vuldb.com",
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "vendor_name": "",
- "product": {
- "product_data": [
- {
- "product_name": "Badminton Center Management System",
- "version": {
- "version_data": [
- {
- "version_value": "n\/a"
- }
- ]
- }
- }
- ]
- }
- }
- ]
- }
- },
- "problemtype": {
- "problemtype_data": [
- {
- "description": [
- {
- "lang": "eng",
- "value": "CWE-79 Cross Site Scripting"
- }
- ]
- }
- ]
- },
- "description": {
- "description_data": [
- {
- "lang": "eng",
- "value": "A vulnerability, which was classified as problematic, was found in Badminton Center Management System. This affects the userlist module at \/bcms\/admin\/?page=user\/list. The manipulation of the argument username with the input <\/td>![](\"\")
1 leads to an authenticated cross site scripting. Exploit details have been disclosed to the public."
- }
- ]
- },
- "impact": {
- "cvss": {
- "version": "3.1",
- "baseScore": "3.5",
- "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N"
- }
- },
- "references": {
- "reference_data": [
- {
- "url": "https:\/\/github.com\/ch0ing\/vul\/blob\/main\/WebRay.com.cn\/Badminton%20Center%20Management%20System(XSS).md"
- },
- {
- "url": "https:\/\/vuldb.com\/?id.200559"
- }
- ]
- }
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2022-1817",
+ "TITLE": "Badminton Center Management System Userlist Module cross site scripting",
+ "REQUESTER": "cna@vuldb.com",
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
+ },
+ "generator": "vuldb.com",
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Badminton Center Management System",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Cross Site Scripting"
+ }
+ ]
+ }
+ ]
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A vulnerability, which was classified as problematic, was found in Badminton Center Management System. This affects the userlist module at /bcms/admin/?page=user/list. The manipulation of the argument username with the input | 1 leads to an authenticated cross site scripting. Exploit details have been disclosed to the public."
+ }
+ ]
+ },
+ "impact": {
+ "cvss": {
+ "version": "3.1",
+ "baseScore": "3.5",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Badminton%20Center%20Management%20System(XSS).md",
+ "refsource": "MISC",
+ "name": "https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Badminton%20Center%20Management%20System(XSS).md"
+ },
+ {
+ "url": "https://vuldb.com/?id.200559",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.200559"
+ }
+ ]
+ }
}
\ No newline at end of file
diff --git a/2022/29xxx/CVE-2022-29599.json b/2022/29xxx/CVE-2022-29599.json
index 6b4f527d144..00a539cb9b7 100644
--- a/2022/29xxx/CVE-2022-29599.json
+++ b/2022/29xxx/CVE-2022-29599.json
@@ -70,6 +70,11 @@
"refsource": "MISC",
"url": "https://github.com/apache/maven-shared-utils/pull/40",
"name": "https://github.com/apache/maven-shared-utils/pull/40"
+ },
+ {
+ "refsource": "MLIST",
+ "name": "[oss-security] 20220523 CVE-2022-29599: Apache Maven: Commandline class shell injection vulnerabilities",
+ "url": "http://www.openwall.com/lists/oss-security/2022/05/23/3"
}
]
},
|