admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-04-05 17:00:35 +00:00
parent d66c9d9a75
commit ee77cdf797
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
26 changed files with 1309 additions and 1002 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

166
2023/1xxx/CVE-2023-1876.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1876",
"STATE": "PUBLIC",
"TITLE": "Deserialization of Untrusted Data in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.3.3"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1876",
"STATE": "PUBLIC",
"TITLE": "Deserialization of Untrusted Data in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.3.3"
}
]
}
}
]
},
"vendor_name": "microweber"
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data in GitHub repository microweber/microweber prior to 1.3.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data in GitHub repository microweber/microweber prior to 1.3.3."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/15b06488-5849-47ce-aaf4-81d4c3c202e2",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/15b06488-5849-47ce-aaf4-81d4c3c202e2"
},
{
"name": "https://github.com/microweber/microweber/commit/039e33b446a5bc0dc028c5bc6e0a1c4056046b03",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/039e33b446a5bc0dc028c5bc6e0a1c4056046b03"
}
]
},
"source": {
"advisory": "15b06488-5849-47ce-aaf4-81d4c3c202e2",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/15b06488-5849-47ce-aaf4-81d4c3c202e2",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/15b06488-5849-47ce-aaf4-81d4c3c202e2"
},
{
"name": "https://github.com/microweber/microweber/commit/039e33b446a5bc0dc028c5bc6e0a1c4056046b03",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/039e33b446a5bc0dc028c5bc6e0a1c4056046b03"
}
]
},
"source": {
"advisory": "15b06488-5849-47ce-aaf4-81d4c3c202e2",
"discovery": "EXTERNAL"
}
}

166
2023/1xxx/CVE-2023-1877.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1877",
"STATE": "PUBLIC",
"TITLE": "Command Injection in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.3.3"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1877",
"STATE": "PUBLIC",
"TITLE": "Command Injection in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.3.3"
}
]
}
}
]
},
"vendor_name": "microweber"
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Command Injection in GitHub repository microweber/microweber prior to 1.3.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Command Injection in GitHub repository microweber/microweber prior to 1.3.3."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/71fe4b3b-20ac-448c-8191-7b99d7ffaf55",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/71fe4b3b-20ac-448c-8191-7b99d7ffaf55"
},
{
"name": "https://github.com/microweber/microweber/commit/93a906d0bf096c3ab1674012a90c88d101e76c8d",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/93a906d0bf096c3ab1674012a90c88d101e76c8d"
}
]
},
"source": {
"advisory": "71fe4b3b-20ac-448c-8191-7b99d7ffaf55",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/71fe4b3b-20ac-448c-8191-7b99d7ffaf55",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/71fe4b3b-20ac-448c-8191-7b99d7ffaf55"
},
{
"name": "https://github.com/microweber/microweber/commit/93a906d0bf096c3ab1674012a90c88d101e76c8d",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/93a906d0bf096c3ab1674012a90c88d101e76c8d"
}
]
},
"source": {
"advisory": "71fe4b3b-20ac-448c-8191-7b99d7ffaf55",
"discovery": "EXTERNAL"
}
}

166
2023/1xxx/CVE-2023-1878.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1878",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "thorsten/phpmyfaq",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.1.12"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1878",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "thorsten/phpmyfaq",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.1.12"
}
]
}
}
]
},
"vendor_name": "thorsten"
}
}
]
},
"vendor_name": "thorsten"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/93f981a3-231d-460d-a239-bb960e8c2fdc",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/93f981a3-231d-460d-a239-bb960e8c2fdc"
},
{
"name": "https://github.com/thorsten/phpmyfaq/commit/e018823f8e3bca103c11e5a98b0dd469e41ed417",
"refsource": "MISC",
"url": "https://github.com/thorsten/phpmyfaq/commit/e018823f8e3bca103c11e5a98b0dd469e41ed417"
}
]
},
"source": {
"advisory": "93f981a3-231d-460d-a239-bb960e8c2fdc",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/93f981a3-231d-460d-a239-bb960e8c2fdc",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/93f981a3-231d-460d-a239-bb960e8c2fdc"
},
{
"name": "https://github.com/thorsten/phpmyfaq/commit/e018823f8e3bca103c11e5a98b0dd469e41ed417",
"refsource": "MISC",
"url": "https://github.com/thorsten/phpmyfaq/commit/e018823f8e3bca103c11e5a98b0dd469e41ed417"
}
]
},
"source": {
"advisory": "93f981a3-231d-460d-a239-bb960e8c2fdc",
"discovery": "EXTERNAL"
}
}

166
2023/1xxx/CVE-2023-1879.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1879",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "thorsten/phpmyfaq",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.1.12"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1879",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "thorsten/phpmyfaq",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.1.12"
}
]
}
}
]
},
"vendor_name": "thorsten"
}
}
]
},
"vendor_name": "thorsten"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/1dc7f818-c8ea-4f80-b000-31b48a426334",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/1dc7f818-c8ea-4f80-b000-31b48a426334"
},
{
"name": "https://github.com/thorsten/phpmyfaq/commit/0dc8e527c375007cd4b8dbf61f7167393a6f6e91",
"refsource": "MISC",
"url": "https://github.com/thorsten/phpmyfaq/commit/0dc8e527c375007cd4b8dbf61f7167393a6f6e91"
}
]
},
"source": {
"advisory": "1dc7f818-c8ea-4f80-b000-31b48a426334",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/1dc7f818-c8ea-4f80-b000-31b48a426334",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/1dc7f818-c8ea-4f80-b000-31b48a426334"
},
{
"name": "https://github.com/thorsten/phpmyfaq/commit/0dc8e527c375007cd4b8dbf61f7167393a6f6e91",
"refsource": "MISC",
"url": "https://github.com/thorsten/phpmyfaq/commit/0dc8e527c375007cd4b8dbf61f7167393a6f6e91"
}
]
},
"source": {
"advisory": "1dc7f818-c8ea-4f80-b000-31b48a426334",
"discovery": "EXTERNAL"
}
}

166
2023/1xxx/CVE-2023-1880.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1880",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "thorsten/phpmyfaq",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.1.12"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1880",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "thorsten/phpmyfaq",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.1.12"
}
]
}
}
]
},
"vendor_name": "thorsten"
}
}
]
},
"vendor_name": "thorsten"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e"
},
{
"name": "https://github.com/thorsten/phpmyfaq/commit/bbc5d4aa4a4375c14e34dd9fcad2042066fe476d",
"refsource": "MISC",
"url": "https://github.com/thorsten/phpmyfaq/commit/bbc5d4aa4a4375c14e34dd9fcad2042066fe476d"
}
]
},
"source": {
"advisory": "ece5f051-674e-4919-b998-594714910f9e",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e"
},
{
"name": "https://github.com/thorsten/phpmyfaq/commit/bbc5d4aa4a4375c14e34dd9fcad2042066fe476d",
"refsource": "MISC",
"url": "https://github.com/thorsten/phpmyfaq/commit/bbc5d4aa4a4375c14e34dd9fcad2042066fe476d"
}
]
},
"source": {
"advisory": "ece5f051-674e-4919-b998-594714910f9e",
"discovery": "EXTERNAL"
}
}

166
2023/1xxx/CVE-2023-1881.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1881",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.3.3"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1881",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.3.3"
}
]
}
}
]
},
"vendor_name": "microweber"
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/d5ebc2bd-8638-41c4-bf72-7c906c601344",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d5ebc2bd-8638-41c4-bf72-7c906c601344"
},
{
"name": "https://github.com/microweber/microweber/commit/8d039de2d615956f6df8df0bb1045ff3be88f183",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/8d039de2d615956f6df8df0bb1045ff3be88f183"
}
]
},
"source": {
"advisory": "d5ebc2bd-8638-41c4-bf72-7c906c601344",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/d5ebc2bd-8638-41c4-bf72-7c906c601344",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d5ebc2bd-8638-41c4-bf72-7c906c601344"
},
{
"name": "https://github.com/microweber/microweber/commit/8d039de2d615956f6df8df0bb1045ff3be88f183",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/8d039de2d615956f6df8df0bb1045ff3be88f183"
}
]
},
"source": {
"advisory": "d5ebc2bd-8638-41c4-bf72-7c906c601344",
"discovery": "EXTERNAL"
}
}

166
2023/1xxx/CVE-2023-1882.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1882",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - DOM in thorsten/phpmyfaq"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "thorsten/phpmyfaq",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.1.12"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1882",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - DOM in thorsten/phpmyfaq"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "thorsten/phpmyfaq",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.1.12"
}
]
}
}
]
},
"vendor_name": "thorsten"
}
}
]
},
"vendor_name": "thorsten"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/8ab09a1c-cfd5-4ce0-aae3-d33c93318957",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8ab09a1c-cfd5-4ce0-aae3-d33c93318957"
},
{
"name": "https://github.com/thorsten/phpmyfaq/commit/49db615c300ae0f87795f20570f6f5bdccb1d2f2",
"refsource": "MISC",
"url": "https://github.com/thorsten/phpmyfaq/commit/49db615c300ae0f87795f20570f6f5bdccb1d2f2"
}
]
},
"source": {
"advisory": "8ab09a1c-cfd5-4ce0-aae3-d33c93318957",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/8ab09a1c-cfd5-4ce0-aae3-d33c93318957",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8ab09a1c-cfd5-4ce0-aae3-d33c93318957"
},
{
"name": "https://github.com/thorsten/phpmyfaq/commit/49db615c300ae0f87795f20570f6f5bdccb1d2f2",
"refsource": "MISC",
"url": "https://github.com/thorsten/phpmyfaq/commit/49db615c300ae0f87795f20570f6f5bdccb1d2f2"
}
]
},
"source": {
"advisory": "8ab09a1c-cfd5-4ce0-aae3-d33c93318957",
"discovery": "EXTERNAL"
}
}

166
2023/1xxx/CVE-2023-1883.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1883",
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in thorsten/phpmyfaq"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "thorsten/phpmyfaq",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.1.12"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1883",
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in thorsten/phpmyfaq"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "thorsten/phpmyfaq",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.1.12"
}
]
}
}
]
},
"vendor_name": "thorsten"
}
}
]
},
"vendor_name": "thorsten"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/2f1e417d-cf64-4cfb-954b-3a9cb2f38191",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/2f1e417d-cf64-4cfb-954b-3a9cb2f38191"
},
{
"name": "https://github.com/thorsten/phpmyfaq/commit/db77df888178766987398597d4f153831c62a503",
"refsource": "MISC",
"url": "https://github.com/thorsten/phpmyfaq/commit/db77df888178766987398597d4f153831c62a503"
}
]
},
"source": {
"advisory": "2f1e417d-cf64-4cfb-954b-3a9cb2f38191",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/2f1e417d-cf64-4cfb-954b-3a9cb2f38191",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/2f1e417d-cf64-4cfb-954b-3a9cb2f38191"
},
{
"name": "https://github.com/thorsten/phpmyfaq/commit/db77df888178766987398597d4f153831c62a503",
"refsource": "MISC",
"url": "https://github.com/thorsten/phpmyfaq/commit/db77df888178766987398597d4f153831c62a503"
}
]
},
"source": {
"advisory": "2f1e417d-cf64-4cfb-954b-3a9cb2f38191",
"discovery": "EXTERNAL"
}
}

166
2023/1xxx/CVE-2023-1884.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1884",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Generic in thorsten/phpmyfaq"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "thorsten/phpmyfaq",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.1.12"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1884",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Generic in thorsten/phpmyfaq"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "thorsten/phpmyfaq",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.1.12"
}
]
}
}
]
},
"vendor_name": "thorsten"
}
}
]
},
"vendor_name": "thorsten"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e"
},
{
"name": "https://github.com/thorsten/phpmyfaq/commit/7f0f921de74c88038826c46bbd2a123518d9d611",
"refsource": "MISC",
"url": "https://github.com/thorsten/phpmyfaq/commit/7f0f921de74c88038826c46bbd2a123518d9d611"
}
]
},
"source": {
"advisory": "dda73cb6-9344-4822-97a1-2e31efb6a73e",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e"
},
{
"name": "https://github.com/thorsten/phpmyfaq/commit/7f0f921de74c88038826c46bbd2a123518d9d611",
"refsource": "MISC",
"url": "https://github.com/thorsten/phpmyfaq/commit/7f0f921de74c88038826c46bbd2a123518d9d611"
}
]
},
"source": {
"advisory": "dda73cb6-9344-4822-97a1-2e31efb6a73e",
"discovery": "EXTERNAL"
}
}

166
2023/1xxx/CVE-2023-1885.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1885",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "thorsten/phpmyfaq",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.1.12"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1885",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "thorsten/phpmyfaq",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.1.12"
}
]
}
}
]
},
"vendor_name": "thorsten"
}
}
]
},
"vendor_name": "thorsten"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8"
},
{
"name": "https://github.com/thorsten/phpmyfaq/commit/fecc803ab9c3e82718c4bcea7fe919d7a22ec024",
"refsource": "MISC",
"url": "https://github.com/thorsten/phpmyfaq/commit/fecc803ab9c3e82718c4bcea7fe919d7a22ec024"
}
]
},
"source": {
"advisory": "bce84c02-abb2-474f-a67b-1468c9dcabb8",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8"
},
{
"name": "https://github.com/thorsten/phpmyfaq/commit/fecc803ab9c3e82718c4bcea7fe919d7a22ec024",
"refsource": "MISC",
"url": "https://github.com/thorsten/phpmyfaq/commit/fecc803ab9c3e82718c4bcea7fe919d7a22ec024"
}
]
},
"source": {
"advisory": "bce84c02-abb2-474f-a67b-1468c9dcabb8",
"discovery": "EXTERNAL"
}
}

166
2023/1xxx/CVE-2023-1886.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1886",
"STATE": "PUBLIC",
"TITLE": "Authentication Bypass by Capture-replay in thorsten/phpmyfaq"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "thorsten/phpmyfaq",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.1.12"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1886",
"STATE": "PUBLIC",
"TITLE": "Authentication Bypass by Capture-replay in thorsten/phpmyfaq"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "thorsten/phpmyfaq",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.1.12"
}
]
}
}
]
},
"vendor_name": "thorsten"
}
}
]
},
"vendor_name": "thorsten"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-294 Authentication Bypass by Capture-replay"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a"
},
{
"name": "https://github.com/thorsten/phpmyfaq/commit/27eaaae16850694634ac52416a0bd38b35d7330a",
"refsource": "MISC",
"url": "https://github.com/thorsten/phpmyfaq/commit/27eaaae16850694634ac52416a0bd38b35d7330a"
}
]
},
"source": {
"advisory": "b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-294 Authentication Bypass by Capture-replay"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a"
},
{
"name": "https://github.com/thorsten/phpmyfaq/commit/27eaaae16850694634ac52416a0bd38b35d7330a",
"refsource": "MISC",
"url": "https://github.com/thorsten/phpmyfaq/commit/27eaaae16850694634ac52416a0bd38b35d7330a"
}
]
},
"source": {
"advisory": "b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a",
"discovery": "EXTERNAL"
}
}

166
2023/1xxx/CVE-2023-1887.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1887",
"STATE": "PUBLIC",
"TITLE": "Business Logic Errors in thorsten/phpmyfaq"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "thorsten/phpmyfaq",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.1.12"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2023-1887",
"STATE": "PUBLIC",
"TITLE": "Business Logic Errors in thorsten/phpmyfaq"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "thorsten/phpmyfaq",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.1.12"
}
]
}
}
]
},
"vendor_name": "thorsten"
}
}
]
},
"vendor_name": "thorsten"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-840 Business Logic Errors"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1"
},
{
"name": "https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89",
"refsource": "MISC",
"url": "https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89"
}
]
},
"source": {
"advisory": "e4a58835-96b5-412c-a17e-3ceed30231e1",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-840 Business Logic Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1"
},
{
"name": "https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89",
"refsource": "MISC",
"url": "https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89"
}
]
},
"source": {
"advisory": "e4a58835-96b5-412c-a17e-3ceed30231e1",
"discovery": "EXTERNAL"
}
}

18
2023/1xxx/CVE-2023-1890.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1890",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/1xxx/CVE-2023-1891.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1891",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

4
2023/20xxx/CVE-2023-20051.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r A vulnerability in the Vector Packet Processor (VPP) of Cisco Packet Data Network Gateway (PGW) could allow an unauthenticated, remote attacker to stop ICMP traffic from being processed over an IPsec connection.\r This vulnerability is due to the VPP improperly handling a malformed packet. An attacker could exploit this vulnerability by sending a malformed Encapsulating Security Payload (ESP) packet over an IPsec connection. A successful exploit could allow the attacker to stop ICMP traffic over an IPsec connection and cause a denial of service (DoS).\r "
"value": "A vulnerability in the Vector Packet Processor (VPP) of Cisco Packet Data Network Gateway (PGW) could allow an unauthenticated, remote attacker to stop ICMP traffic from being processed over an IPsec connection. This vulnerability is due to the VPP improperly handling a malformed packet. An attacker could exploit this vulnerability by sending a malformed Encapsulating Security Payload (ESP) packet over an IPsec connection. A successful exploit could allow the attacker to stop ICMP traffic over an IPsec connection and cause a denial of service (DoS)."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

99
2023/28xxx/CVE-2023-28634.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28634",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session and hijack the Super-Admin account, resulting in a Privilege Escalation. Versions 9.5.13 and 10.0.7 contain a patch for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization",
"cweId": "CWE-285"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "glpi-project",
"product": {
"product_data": [
{
"product_name": "glpi",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 0.83, < 9.5.13"
},
{
"version_affected": "=",
"version_value": ">= 10.0.0, < 10.0.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/glpi-project/glpi/releases/tag/10.0.7",
"refsource": "MISC",
"name": "https://github.com/glpi-project/glpi/releases/tag/10.0.7"
},
{
"url": "https://github.com/glpi-project/glpi/releases/tag/9.5.13",
"refsource": "MISC",
"name": "https://github.com/glpi-project/glpi/releases/tag/9.5.13"
},
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-4279-rxmh-gf39",
"refsource": "MISC",
"name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-4279-rxmh-gf39"
}
]
},
"source": {
"advisory": "GHSA-4279-rxmh-gf39",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2023/29xxx/CVE-2023-29390.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29390",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/29xxx/CVE-2023-29391.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29391",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/29xxx/CVE-2023-29392.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29392",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/29xxx/CVE-2023-29393.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29393",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/29xxx/CVE-2023-29394.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29394",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/29xxx/CVE-2023-29395.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29395",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/29xxx/CVE-2023-29396.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29396",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/29xxx/CVE-2023-29397.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29397",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/29xxx/CVE-2023-29398.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29398",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/29xxx/CVE-2023-29399.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29399",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}