diff --git a/2023/1xxx/CVE-2023-1876.json b/2023/1xxx/CVE-2023-1876.json index c6ee02c3c2b..f79c82ae321 100644 --- a/2023/1xxx/CVE-2023-1876.json +++ b/2023/1xxx/CVE-2023-1876.json @@ -1,89 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2023-1876", - "STATE": "PUBLIC", - "TITLE": "Deserialization of Untrusted Data in microweber/microweber" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "microweber/microweber", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "1.3.3" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2023-1876", + "STATE": "PUBLIC", + "TITLE": "Deserialization of Untrusted Data in microweber/microweber" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "microweber/microweber", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.3.3" + } + ] + } + } + ] + }, + "vendor_name": "microweber" } - } ] - }, - "vendor_name": "microweber" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Deserialization of Untrusted Data in GitHub repository microweber/microweber prior to 1.3.3." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 3.9, - "baseSeverity": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "HIGH", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-502 Deserialization of Untrusted Data" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Deserialization of Untrusted Data in GitHub repository microweber/microweber prior to 1.3.3." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/15b06488-5849-47ce-aaf4-81d4c3c202e2", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/15b06488-5849-47ce-aaf4-81d4c3c202e2" - }, - { - "name": "https://github.com/microweber/microweber/commit/039e33b446a5bc0dc028c5bc6e0a1c4056046b03", - "refsource": "MISC", - "url": "https://github.com/microweber/microweber/commit/039e33b446a5bc0dc028c5bc6e0a1c4056046b03" - } - ] - }, - "source": { - "advisory": "15b06488-5849-47ce-aaf4-81d4c3c202e2", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 3.9, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/15b06488-5849-47ce-aaf4-81d4c3c202e2", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/15b06488-5849-47ce-aaf4-81d4c3c202e2" + }, + { + "name": "https://github.com/microweber/microweber/commit/039e33b446a5bc0dc028c5bc6e0a1c4056046b03", + "refsource": "MISC", + "url": "https://github.com/microweber/microweber/commit/039e33b446a5bc0dc028c5bc6e0a1c4056046b03" + } + ] + }, + "source": { + "advisory": "15b06488-5849-47ce-aaf4-81d4c3c202e2", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1877.json b/2023/1xxx/CVE-2023-1877.json index 64eb1e08bb6..3dd8b34559a 100644 --- a/2023/1xxx/CVE-2023-1877.json +++ b/2023/1xxx/CVE-2023-1877.json @@ -1,89 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2023-1877", - "STATE": "PUBLIC", - "TITLE": "Command Injection in microweber/microweber" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "microweber/microweber", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "1.3.3" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2023-1877", + "STATE": "PUBLIC", + "TITLE": "Command Injection in microweber/microweber" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "microweber/microweber", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.3.3" + } + ] + } + } + ] + }, + "vendor_name": "microweber" } - } ] - }, - "vendor_name": "microweber" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Command Injection in GitHub repository microweber/microweber prior to 1.3.3." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "LOW", - "baseScore": 6.1, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "HIGH", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Command Injection in GitHub repository microweber/microweber prior to 1.3.3." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/71fe4b3b-20ac-448c-8191-7b99d7ffaf55", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/71fe4b3b-20ac-448c-8191-7b99d7ffaf55" - }, - { - "name": "https://github.com/microweber/microweber/commit/93a906d0bf096c3ab1674012a90c88d101e76c8d", - "refsource": "MISC", - "url": "https://github.com/microweber/microweber/commit/93a906d0bf096c3ab1674012a90c88d101e76c8d" - } - ] - }, - "source": { - "advisory": "71fe4b3b-20ac-448c-8191-7b99d7ffaf55", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/71fe4b3b-20ac-448c-8191-7b99d7ffaf55", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/71fe4b3b-20ac-448c-8191-7b99d7ffaf55" + }, + { + "name": "https://github.com/microweber/microweber/commit/93a906d0bf096c3ab1674012a90c88d101e76c8d", + "refsource": "MISC", + "url": "https://github.com/microweber/microweber/commit/93a906d0bf096c3ab1674012a90c88d101e76c8d" + } + ] + }, + "source": { + "advisory": "71fe4b3b-20ac-448c-8191-7b99d7ffaf55", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1878.json b/2023/1xxx/CVE-2023-1878.json index c2200531010..2239ba4fa95 100644 --- a/2023/1xxx/CVE-2023-1878.json +++ b/2023/1xxx/CVE-2023-1878.json @@ -1,89 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2023-1878", - "STATE": "PUBLIC", - "TITLE": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "thorsten/phpmyfaq", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "3.1.12" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2023-1878", + "STATE": "PUBLIC", + "TITLE": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "thorsten/phpmyfaq", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "3.1.12" + } + ] + } + } + ] + }, + "vendor_name": "thorsten" } - } ] - }, - "vendor_name": "thorsten" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 8.3, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/93f981a3-231d-460d-a239-bb960e8c2fdc", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/93f981a3-231d-460d-a239-bb960e8c2fdc" - }, - { - "name": "https://github.com/thorsten/phpmyfaq/commit/e018823f8e3bca103c11e5a98b0dd469e41ed417", - "refsource": "MISC", - "url": "https://github.com/thorsten/phpmyfaq/commit/e018823f8e3bca103c11e5a98b0dd469e41ed417" - } - ] - }, - "source": { - "advisory": "93f981a3-231d-460d-a239-bb960e8c2fdc", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/93f981a3-231d-460d-a239-bb960e8c2fdc", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/93f981a3-231d-460d-a239-bb960e8c2fdc" + }, + { + "name": "https://github.com/thorsten/phpmyfaq/commit/e018823f8e3bca103c11e5a98b0dd469e41ed417", + "refsource": "MISC", + "url": "https://github.com/thorsten/phpmyfaq/commit/e018823f8e3bca103c11e5a98b0dd469e41ed417" + } + ] + }, + "source": { + "advisory": "93f981a3-231d-460d-a239-bb960e8c2fdc", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1879.json b/2023/1xxx/CVE-2023-1879.json index 44ebd799ad2..25f3df26672 100644 --- a/2023/1xxx/CVE-2023-1879.json +++ b/2023/1xxx/CVE-2023-1879.json @@ -1,89 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2023-1879", - "STATE": "PUBLIC", - "TITLE": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "thorsten/phpmyfaq", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "3.1.12" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2023-1879", + "STATE": "PUBLIC", + "TITLE": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "thorsten/phpmyfaq", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "3.1.12" + } + ] + } + } + ] + }, + "vendor_name": "thorsten" } - } ] - }, - "vendor_name": "thorsten" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 4.7, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "HIGH", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/1dc7f818-c8ea-4f80-b000-31b48a426334", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/1dc7f818-c8ea-4f80-b000-31b48a426334" - }, - { - "name": "https://github.com/thorsten/phpmyfaq/commit/0dc8e527c375007cd4b8dbf61f7167393a6f6e91", - "refsource": "MISC", - "url": "https://github.com/thorsten/phpmyfaq/commit/0dc8e527c375007cd4b8dbf61f7167393a6f6e91" - } - ] - }, - "source": { - "advisory": "1dc7f818-c8ea-4f80-b000-31b48a426334", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/1dc7f818-c8ea-4f80-b000-31b48a426334", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/1dc7f818-c8ea-4f80-b000-31b48a426334" + }, + { + "name": "https://github.com/thorsten/phpmyfaq/commit/0dc8e527c375007cd4b8dbf61f7167393a6f6e91", + "refsource": "MISC", + "url": "https://github.com/thorsten/phpmyfaq/commit/0dc8e527c375007cd4b8dbf61f7167393a6f6e91" + } + ] + }, + "source": { + "advisory": "1dc7f818-c8ea-4f80-b000-31b48a426334", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1880.json b/2023/1xxx/CVE-2023-1880.json index 0fde510dfde..8f33137d6ca 100644 --- a/2023/1xxx/CVE-2023-1880.json +++ b/2023/1xxx/CVE-2023-1880.json @@ -1,89 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2023-1880", - "STATE": "PUBLIC", - "TITLE": "Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "thorsten/phpmyfaq", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "3.1.12" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2023-1880", + "STATE": "PUBLIC", + "TITLE": "Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "thorsten/phpmyfaq", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "3.1.12" + } + ] + } + } + ] + }, + "vendor_name": "thorsten" } - } ] - }, - "vendor_name": "thorsten" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 8.3, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e" - }, - { - "name": "https://github.com/thorsten/phpmyfaq/commit/bbc5d4aa4a4375c14e34dd9fcad2042066fe476d", - "refsource": "MISC", - "url": "https://github.com/thorsten/phpmyfaq/commit/bbc5d4aa4a4375c14e34dd9fcad2042066fe476d" - } - ] - }, - "source": { - "advisory": "ece5f051-674e-4919-b998-594714910f9e", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e" + }, + { + "name": "https://github.com/thorsten/phpmyfaq/commit/bbc5d4aa4a4375c14e34dd9fcad2042066fe476d", + "refsource": "MISC", + "url": "https://github.com/thorsten/phpmyfaq/commit/bbc5d4aa4a4375c14e34dd9fcad2042066fe476d" + } + ] + }, + "source": { + "advisory": "ece5f051-674e-4919-b998-594714910f9e", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1881.json b/2023/1xxx/CVE-2023-1881.json index aa96bc18620..79460c3756d 100644 --- a/2023/1xxx/CVE-2023-1881.json +++ b/2023/1xxx/CVE-2023-1881.json @@ -1,89 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2023-1881", - "STATE": "PUBLIC", - "TITLE": "Cross-site Scripting (XSS) - Stored in microweber/microweber" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "microweber/microweber", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "1.3.3" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2023-1881", + "STATE": "PUBLIC", + "TITLE": "Cross-site Scripting (XSS) - Stored in microweber/microweber" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "microweber/microweber", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.3.3" + } + ] + } + } + ] + }, + "vendor_name": "microweber" } - } ] - }, - "vendor_name": "microweber" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 7.4, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/d5ebc2bd-8638-41c4-bf72-7c906c601344", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/d5ebc2bd-8638-41c4-bf72-7c906c601344" - }, - { - "name": "https://github.com/microweber/microweber/commit/8d039de2d615956f6df8df0bb1045ff3be88f183", - "refsource": "MISC", - "url": "https://github.com/microweber/microweber/commit/8d039de2d615956f6df8df0bb1045ff3be88f183" - } - ] - }, - "source": { - "advisory": "d5ebc2bd-8638-41c4-bf72-7c906c601344", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/d5ebc2bd-8638-41c4-bf72-7c906c601344", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/d5ebc2bd-8638-41c4-bf72-7c906c601344" + }, + { + "name": "https://github.com/microweber/microweber/commit/8d039de2d615956f6df8df0bb1045ff3be88f183", + "refsource": "MISC", + "url": "https://github.com/microweber/microweber/commit/8d039de2d615956f6df8df0bb1045ff3be88f183" + } + ] + }, + "source": { + "advisory": "d5ebc2bd-8638-41c4-bf72-7c906c601344", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1882.json b/2023/1xxx/CVE-2023-1882.json index b58f4dce625..5a44feaaef6 100644 --- a/2023/1xxx/CVE-2023-1882.json +++ b/2023/1xxx/CVE-2023-1882.json @@ -1,89 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2023-1882", - "STATE": "PUBLIC", - "TITLE": "Cross-site Scripting (XSS) - DOM in thorsten/phpmyfaq" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "thorsten/phpmyfaq", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "3.1.12" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2023-1882", + "STATE": "PUBLIC", + "TITLE": "Cross-site Scripting (XSS) - DOM in thorsten/phpmyfaq" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "thorsten/phpmyfaq", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "3.1.12" + } + ] + } + } + ] + }, + "vendor_name": "thorsten" } - } ] - }, - "vendor_name": "thorsten" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 8.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/8ab09a1c-cfd5-4ce0-aae3-d33c93318957", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/8ab09a1c-cfd5-4ce0-aae3-d33c93318957" - }, - { - "name": "https://github.com/thorsten/phpmyfaq/commit/49db615c300ae0f87795f20570f6f5bdccb1d2f2", - "refsource": "MISC", - "url": "https://github.com/thorsten/phpmyfaq/commit/49db615c300ae0f87795f20570f6f5bdccb1d2f2" - } - ] - }, - "source": { - "advisory": "8ab09a1c-cfd5-4ce0-aae3-d33c93318957", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/8ab09a1c-cfd5-4ce0-aae3-d33c93318957", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/8ab09a1c-cfd5-4ce0-aae3-d33c93318957" + }, + { + "name": "https://github.com/thorsten/phpmyfaq/commit/49db615c300ae0f87795f20570f6f5bdccb1d2f2", + "refsource": "MISC", + "url": "https://github.com/thorsten/phpmyfaq/commit/49db615c300ae0f87795f20570f6f5bdccb1d2f2" + } + ] + }, + "source": { + "advisory": "8ab09a1c-cfd5-4ce0-aae3-d33c93318957", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1883.json b/2023/1xxx/CVE-2023-1883.json index 90a7b4e9df6..16b90242c9e 100644 --- a/2023/1xxx/CVE-2023-1883.json +++ b/2023/1xxx/CVE-2023-1883.json @@ -1,89 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2023-1883", - "STATE": "PUBLIC", - "TITLE": "Improper Access Control in thorsten/phpmyfaq" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "thorsten/phpmyfaq", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "3.1.12" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2023-1883", + "STATE": "PUBLIC", + "TITLE": "Improper Access Control in thorsten/phpmyfaq" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "thorsten/phpmyfaq", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "3.1.12" + } + ] + } + } + ] + }, + "vendor_name": "thorsten" } - } ] - }, - "vendor_name": "thorsten" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 5.4, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-284 Improper Access Control" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/2f1e417d-cf64-4cfb-954b-3a9cb2f38191", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/2f1e417d-cf64-4cfb-954b-3a9cb2f38191" - }, - { - "name": "https://github.com/thorsten/phpmyfaq/commit/db77df888178766987398597d4f153831c62a503", - "refsource": "MISC", - "url": "https://github.com/thorsten/phpmyfaq/commit/db77df888178766987398597d4f153831c62a503" - } - ] - }, - "source": { - "advisory": "2f1e417d-cf64-4cfb-954b-3a9cb2f38191", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/2f1e417d-cf64-4cfb-954b-3a9cb2f38191", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/2f1e417d-cf64-4cfb-954b-3a9cb2f38191" + }, + { + "name": "https://github.com/thorsten/phpmyfaq/commit/db77df888178766987398597d4f153831c62a503", + "refsource": "MISC", + "url": "https://github.com/thorsten/phpmyfaq/commit/db77df888178766987398597d4f153831c62a503" + } + ] + }, + "source": { + "advisory": "2f1e417d-cf64-4cfb-954b-3a9cb2f38191", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1884.json b/2023/1xxx/CVE-2023-1884.json index 3bcd125fe6e..83bc508ce18 100644 --- a/2023/1xxx/CVE-2023-1884.json +++ b/2023/1xxx/CVE-2023-1884.json @@ -1,89 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2023-1884", - "STATE": "PUBLIC", - "TITLE": "Cross-site Scripting (XSS) - Generic in thorsten/phpmyfaq" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "thorsten/phpmyfaq", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "3.1.12" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2023-1884", + "STATE": "PUBLIC", + "TITLE": "Cross-site Scripting (XSS) - Generic in thorsten/phpmyfaq" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "thorsten/phpmyfaq", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "3.1.12" + } + ] + } + } + ] + }, + "vendor_name": "thorsten" } - } ] - }, - "vendor_name": "thorsten" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 4.7, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "HIGH", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e" - }, - { - "name": "https://github.com/thorsten/phpmyfaq/commit/7f0f921de74c88038826c46bbd2a123518d9d611", - "refsource": "MISC", - "url": "https://github.com/thorsten/phpmyfaq/commit/7f0f921de74c88038826c46bbd2a123518d9d611" - } - ] - }, - "source": { - "advisory": "dda73cb6-9344-4822-97a1-2e31efb6a73e", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e" + }, + { + "name": "https://github.com/thorsten/phpmyfaq/commit/7f0f921de74c88038826c46bbd2a123518d9d611", + "refsource": "MISC", + "url": "https://github.com/thorsten/phpmyfaq/commit/7f0f921de74c88038826c46bbd2a123518d9d611" + } + ] + }, + "source": { + "advisory": "dda73cb6-9344-4822-97a1-2e31efb6a73e", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1885.json b/2023/1xxx/CVE-2023-1885.json index d6da5ab846e..6137fdf3cdc 100644 --- a/2023/1xxx/CVE-2023-1885.json +++ b/2023/1xxx/CVE-2023-1885.json @@ -1,89 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2023-1885", - "STATE": "PUBLIC", - "TITLE": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "thorsten/phpmyfaq", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "3.1.12" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2023-1885", + "STATE": "PUBLIC", + "TITLE": "Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "thorsten/phpmyfaq", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "3.1.12" + } + ] + } + } + ] + }, + "vendor_name": "thorsten" } - } ] - }, - "vendor_name": "thorsten" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 6.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8" - }, - { - "name": "https://github.com/thorsten/phpmyfaq/commit/fecc803ab9c3e82718c4bcea7fe919d7a22ec024", - "refsource": "MISC", - "url": "https://github.com/thorsten/phpmyfaq/commit/fecc803ab9c3e82718c4bcea7fe919d7a22ec024" - } - ] - }, - "source": { - "advisory": "bce84c02-abb2-474f-a67b-1468c9dcabb8", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8" + }, + { + "name": "https://github.com/thorsten/phpmyfaq/commit/fecc803ab9c3e82718c4bcea7fe919d7a22ec024", + "refsource": "MISC", + "url": "https://github.com/thorsten/phpmyfaq/commit/fecc803ab9c3e82718c4bcea7fe919d7a22ec024" + } + ] + }, + "source": { + "advisory": "bce84c02-abb2-474f-a67b-1468c9dcabb8", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1886.json b/2023/1xxx/CVE-2023-1886.json index 243b0e2ae38..e9c3d20b61a 100644 --- a/2023/1xxx/CVE-2023-1886.json +++ b/2023/1xxx/CVE-2023-1886.json @@ -1,89 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2023-1886", - "STATE": "PUBLIC", - "TITLE": "Authentication Bypass by Capture-replay in thorsten/phpmyfaq" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "thorsten/phpmyfaq", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "3.1.12" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2023-1886", + "STATE": "PUBLIC", + "TITLE": "Authentication Bypass by Capture-replay in thorsten/phpmyfaq" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "thorsten/phpmyfaq", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "3.1.12" + } + ] + } + } + ] + }, + "vendor_name": "thorsten" } - } ] - }, - "vendor_name": "thorsten" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 7.3, - "baseSeverity": "HIGH", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-294 Authentication Bypass by Capture-replay" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a" - }, - { - "name": "https://github.com/thorsten/phpmyfaq/commit/27eaaae16850694634ac52416a0bd38b35d7330a", - "refsource": "MISC", - "url": "https://github.com/thorsten/phpmyfaq/commit/27eaaae16850694634ac52416a0bd38b35d7330a" - } - ] - }, - "source": { - "advisory": "b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-294 Authentication Bypass by Capture-replay" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a" + }, + { + "name": "https://github.com/thorsten/phpmyfaq/commit/27eaaae16850694634ac52416a0bd38b35d7330a", + "refsource": "MISC", + "url": "https://github.com/thorsten/phpmyfaq/commit/27eaaae16850694634ac52416a0bd38b35d7330a" + } + ] + }, + "source": { + "advisory": "b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1887.json b/2023/1xxx/CVE-2023-1887.json index 61729709578..9d41e2de9ed 100644 --- a/2023/1xxx/CVE-2023-1887.json +++ b/2023/1xxx/CVE-2023-1887.json @@ -1,89 +1,89 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@huntr.dev", - "ID": "CVE-2023-1887", - "STATE": "PUBLIC", - "TITLE": "Business Logic Errors in thorsten/phpmyfaq" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "thorsten/phpmyfaq", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_value": "3.1.12" - } - ] + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2023-1887", + "STATE": "PUBLIC", + "TITLE": "Business Logic Errors in thorsten/phpmyfaq" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "thorsten/phpmyfaq", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "3.1.12" + } + ] + } + } + ] + }, + "vendor_name": "thorsten" } - } ] - }, - "vendor_name": "thorsten" } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.3, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-840 Business Logic Errors" - } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1", - "refsource": "CONFIRM", - "url": "https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1" - }, - { - "name": "https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89", - "refsource": "MISC", - "url": "https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89" - } - ] - }, - "source": { - "advisory": "e4a58835-96b5-412c-a17e-3ceed30231e1", - "discovery": "EXTERNAL" - } + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-840 Business Logic Errors" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1" + }, + { + "name": "https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89", + "refsource": "MISC", + "url": "https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89" + } + ] + }, + "source": { + "advisory": "e4a58835-96b5-412c-a17e-3ceed30231e1", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1890.json b/2023/1xxx/CVE-2023-1890.json new file mode 100644 index 00000000000..3e0be29e82e --- /dev/null +++ b/2023/1xxx/CVE-2023-1890.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1890", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1891.json b/2023/1xxx/CVE-2023-1891.json new file mode 100644 index 00000000000..30cdc137e0e --- /dev/null +++ b/2023/1xxx/CVE-2023-1891.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1891", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/20xxx/CVE-2023-20051.json b/2023/20xxx/CVE-2023-20051.json index b9876f528e2..8799c48fea3 100644 --- a/2023/20xxx/CVE-2023-20051.json +++ b/2023/20xxx/CVE-2023-20051.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "\r A vulnerability in the Vector Packet Processor (VPP) of Cisco Packet Data Network Gateway (PGW) could allow an unauthenticated, remote attacker to stop ICMP traffic from being processed over an IPsec connection.\r This vulnerability is due to the VPP improperly handling a malformed packet. An attacker could exploit this vulnerability by sending a malformed Encapsulating Security Payload (ESP) packet over an IPsec connection. A successful exploit could allow the attacker to stop ICMP traffic over an IPsec connection and cause a denial of service (DoS).\r " + "value": "A vulnerability in the Vector Packet Processor (VPP) of Cisco Packet Data Network Gateway (PGW) could allow an unauthenticated, remote attacker to stop ICMP traffic from being processed over an IPsec connection. This vulnerability is due to the VPP improperly handling a malformed packet. An attacker could exploit this vulnerability by sending a malformed Encapsulating Security Payload (ESP) packet over an IPsec connection. A successful exploit could allow the attacker to stop ICMP traffic over an IPsec connection and cause a denial of service (DoS)." } ] }, @@ -83,4 +83,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2023/28xxx/CVE-2023-28634.json b/2023/28xxx/CVE-2023-28634.json index ec9269d58d0..d6d5bdca067 100644 --- a/2023/28xxx/CVE-2023-28634.json +++ b/2023/28xxx/CVE-2023-28634.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28634", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session and hijack the Super-Admin account, resulting in a Privilege Escalation. Versions 9.5.13 and 10.0.7 contain a patch for this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization", + "cweId": "CWE-285" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-863: Incorrect Authorization", + "cweId": "CWE-863" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "glpi-project", + "product": { + "product_data": [ + { + "product_name": "glpi", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 0.83, < 9.5.13" + }, + { + "version_affected": "=", + "version_value": ">= 10.0.0, < 10.0.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/glpi-project/glpi/releases/tag/10.0.7", + "refsource": "MISC", + "name": "https://github.com/glpi-project/glpi/releases/tag/10.0.7" + }, + { + "url": "https://github.com/glpi-project/glpi/releases/tag/9.5.13", + "refsource": "MISC", + "name": "https://github.com/glpi-project/glpi/releases/tag/9.5.13" + }, + { + "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-4279-rxmh-gf39", + "refsource": "MISC", + "name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-4279-rxmh-gf39" + } + ] + }, + "source": { + "advisory": "GHSA-4279-rxmh-gf39", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/29xxx/CVE-2023-29390.json b/2023/29xxx/CVE-2023-29390.json new file mode 100644 index 00000000000..db62b7a741e --- /dev/null +++ b/2023/29xxx/CVE-2023-29390.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-29390", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/29xxx/CVE-2023-29391.json b/2023/29xxx/CVE-2023-29391.json new file mode 100644 index 00000000000..05db67b14e6 --- /dev/null +++ b/2023/29xxx/CVE-2023-29391.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-29391", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/29xxx/CVE-2023-29392.json b/2023/29xxx/CVE-2023-29392.json new file mode 100644 index 00000000000..2db7433335e --- /dev/null +++ b/2023/29xxx/CVE-2023-29392.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-29392", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/29xxx/CVE-2023-29393.json b/2023/29xxx/CVE-2023-29393.json new file mode 100644 index 00000000000..49c0a8391a4 --- /dev/null +++ b/2023/29xxx/CVE-2023-29393.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-29393", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/29xxx/CVE-2023-29394.json b/2023/29xxx/CVE-2023-29394.json new file mode 100644 index 00000000000..2e49e3a44d4 --- /dev/null +++ b/2023/29xxx/CVE-2023-29394.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-29394", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/29xxx/CVE-2023-29395.json b/2023/29xxx/CVE-2023-29395.json new file mode 100644 index 00000000000..ddaf47261f2 --- /dev/null +++ b/2023/29xxx/CVE-2023-29395.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-29395", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/29xxx/CVE-2023-29396.json b/2023/29xxx/CVE-2023-29396.json new file mode 100644 index 00000000000..77c46cfb3e1 --- /dev/null +++ b/2023/29xxx/CVE-2023-29396.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-29396", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/29xxx/CVE-2023-29397.json b/2023/29xxx/CVE-2023-29397.json new file mode 100644 index 00000000000..56471f3b47c --- /dev/null +++ b/2023/29xxx/CVE-2023-29397.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-29397", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/29xxx/CVE-2023-29398.json b/2023/29xxx/CVE-2023-29398.json new file mode 100644 index 00000000000..f355119dd13 --- /dev/null +++ b/2023/29xxx/CVE-2023-29398.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-29398", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/29xxx/CVE-2023-29399.json b/2023/29xxx/CVE-2023-29399.json new file mode 100644 index 00000000000..f06631f5137 --- /dev/null +++ b/2023/29xxx/CVE-2023-29399.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-29399", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file