From ed73c892e2d1db60e9efdf34b7d9666155ee14c2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 22 Feb 2024 14:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/1xxx/CVE-2024-1743.json | 18 ++++++++++ 2024/23xxx/CVE-2024-23094.json | 56 +++++++++++++++++++++++++++---- 2024/25xxx/CVE-2024-25873.json | 61 ++++++++++++++++++++++++++++++---- 2024/25xxx/CVE-2024-25874.json | 61 ++++++++++++++++++++++++++++++---- 2024/25xxx/CVE-2024-25875.json | 61 ++++++++++++++++++++++++++++++---- 2024/25xxx/CVE-2024-25876.json | 61 ++++++++++++++++++++++++++++++---- 2024/26xxx/CVE-2024-26349.json | 56 +++++++++++++++++++++++++++---- 2024/26xxx/CVE-2024-26350.json | 56 +++++++++++++++++++++++++++---- 2024/26xxx/CVE-2024-26351.json | 56 +++++++++++++++++++++++++++---- 2024/26xxx/CVE-2024-26352.json | 56 +++++++++++++++++++++++++++---- 2024/26xxx/CVE-2024-26445.json | 56 +++++++++++++++++++++++++++---- 11 files changed, 538 insertions(+), 60 deletions(-) create mode 100644 2024/1xxx/CVE-2024-1743.json diff --git a/2024/1xxx/CVE-2024-1743.json b/2024/1xxx/CVE-2024-1743.json new file mode 100644 index 00000000000..d4563449c18 --- /dev/null +++ b/2024/1xxx/CVE-2024-1743.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-1743", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/23xxx/CVE-2024-23094.json b/2024/23xxx/CVE-2024-23094.json index 01884f90fce..8fa373743a6 100644 --- a/2024/23xxx/CVE-2024-23094.json +++ b/2024/23xxx/CVE-2024-23094.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-23094", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-23094", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /cover/addons/info_media_gallery/action/edit_addon_post.php" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/TinkAnet/cve/blob/main/csrf3.md", + "refsource": "MISC", + "name": "https://github.com/TinkAnet/cve/blob/main/csrf3.md" } ] } diff --git a/2024/25xxx/CVE-2024-25873.json b/2024/25xxx/CVE-2024-25873.json index d2c07c357d1..e50bc0d7ccc 100644 --- a/2024/25xxx/CVE-2024-25873.json +++ b/2024/25xxx/CVE-2024-25873.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-25873", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-25873", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/dd3x3r/enhavo/blob/main/html-injection-page-content-blockquote-author-v0.13.1.md", + "refsource": "MISC", + "name": "https://github.com/dd3x3r/enhavo/blob/main/html-injection-page-content-blockquote-author-v0.13.1.md" + }, + { + "url": "https://www.enhavo.com/", + "refsource": "MISC", + "name": "https://www.enhavo.com/" } ] } diff --git a/2024/25xxx/CVE-2024-25874.json b/2024/25xxx/CVE-2024-25874.json index 3a4b222f771..bf4515ee7c6 100644 --- a/2024/25xxx/CVE-2024-25874.json +++ b/2024/25xxx/CVE-2024-25874.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-25874", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-25874", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.enhavo.com/", + "refsource": "MISC", + "name": "https://www.enhavo.com/" + }, + { + "url": "https://github.com/dd3x3r/enhavo/blob/main/xss-create-tag-v0.13.1.md", + "refsource": "MISC", + "name": "https://github.com/dd3x3r/enhavo/blob/main/xss-create-tag-v0.13.1.md" } ] } diff --git a/2024/25xxx/CVE-2024-25875.json b/2024/25xxx/CVE-2024-25875.json index ed8a4cb4597..e7472acc6eb 100644 --- a/2024/25xxx/CVE-2024-25875.json +++ b/2024/25xxx/CVE-2024-25875.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-25875", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-25875", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.enhavo.com/", + "refsource": "MISC", + "name": "https://www.enhavo.com/" + }, + { + "url": "https://github.com/dd3x3r/enhavo/blob/main/xss-page-content-header-undertitel-v0.13.1.md", + "refsource": "MISC", + "name": "https://github.com/dd3x3r/enhavo/blob/main/xss-page-content-header-undertitel-v0.13.1.md" } ] } diff --git a/2024/25xxx/CVE-2024-25876.json b/2024/25xxx/CVE-2024-25876.json index 2cd98911241..b9165d1ed50 100644 --- a/2024/25xxx/CVE-2024-25876.json +++ b/2024/25xxx/CVE-2024-25876.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-25876", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-25876", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.enhavo.com/", + "refsource": "MISC", + "name": "https://www.enhavo.com/" + }, + { + "url": "https://github.com/dd3x3r/enhavo/blob/main/xss-page-content-header-titel-v0.13.1.md", + "refsource": "MISC", + "name": "https://github.com/dd3x3r/enhavo/blob/main/xss-page-content-header-titel-v0.13.1.md" } ] } diff --git a/2024/26xxx/CVE-2024-26349.json b/2024/26xxx/CVE-2024-26349.json index eba751bf5ef..428537c100c 100644 --- a/2024/26xxx/CVE-2024-26349.json +++ b/2024/26xxx/CVE-2024-26349.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-26349", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-26349", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_translation.php" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Icycu123/cms/blob/main/1.md", + "refsource": "MISC", + "name": "https://github.com/Icycu123/cms/blob/main/1.md" } ] } diff --git a/2024/26xxx/CVE-2024-26350.json b/2024/26xxx/CVE-2024-26350.json index 298b04b1096..14cdc68296a 100644 --- a/2024/26xxx/CVE-2024-26350.json +++ b/2024/26xxx/CVE-2024-26350.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-26350", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-26350", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_contact_form_settings.php" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Icycu123/cms/blob/main/2.md", + "refsource": "MISC", + "name": "https://github.com/Icycu123/cms/blob/main/2.md" } ] } diff --git a/2024/26xxx/CVE-2024-26351.json b/2024/26xxx/CVE-2024-26351.json index 12f2ed9eec4..4f27ae93987 100644 --- a/2024/26xxx/CVE-2024-26351.json +++ b/2024/26xxx/CVE-2024-26351.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-26351", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-26351", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_place.php" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Icycu123/cms/blob/main/4.md", + "refsource": "MISC", + "name": "https://github.com/Icycu123/cms/blob/main/4.md" } ] } diff --git a/2024/26xxx/CVE-2024-26352.json b/2024/26xxx/CVE-2024-26352.json index c641ddb5d46..68375b0af23 100644 --- a/2024/26xxx/CVE-2024-26352.json +++ b/2024/26xxx/CVE-2024-26352.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-26352", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-26352", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_places.php" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Icycu123/cms/blob/main/3.md", + "refsource": "MISC", + "name": "https://github.com/Icycu123/cms/blob/main/3.md" } ] } diff --git a/2024/26xxx/CVE-2024-26445.json b/2024/26xxx/CVE-2024-26445.json index 21142ecb33f..54729168515 100644 --- a/2024/26xxx/CVE-2024-26445.json +++ b/2024/26xxx/CVE-2024-26445.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-26445", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-26445", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xiaolanjing0/cms/blob/main/1.md", + "refsource": "MISC", + "name": "https://github.com/xiaolanjing0/cms/blob/main/1.md" } ] }