diff --git a/2021/29xxx/CVE-2021-29110.json b/2021/29xxx/CVE-2021-29110.json index 9c32312cc51..8c63147db37 100644 --- a/2021/29xxx/CVE-2021-29110.json +++ b/2021/29xxx/CVE-2021-29110.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "PSIRT@esri.com", + "ASSIGNER": "psirt@esri.com", "DATE_PUBLIC": "2021-07-15T18:39:00.000Z", "ID": "CVE-2021-29110", "STATE": "PUBLIC", @@ -90,4 +90,4 @@ ], "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2021/40xxx/CVE-2021-40921.json b/2021/40xxx/CVE-2021-40921.json index d1805bf10b2..91342ceb306 100644 --- a/2021/40xxx/CVE-2021-40921.json +++ b/2021/40xxx/CVE-2021-40921.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40921", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40921", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in _contactform.inc.php in Detector 0.8.5 and below version allows remote attackers to inject arbitrary web script or HTML via the cid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/dmolsen/Detector/issues/35", + "refsource": "MISC", + "name": "https://github.com/dmolsen/Detector/issues/35" } ] } diff --git a/2021/40xxx/CVE-2021-40922.json b/2021/40xxx/CVE-2021-40922.json index fe6f76b1117..e76db50409f 100644 --- a/2021/40xxx/CVE-2021-40922.json +++ b/2021/40xxx/CVE-2021-40922.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40922", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40922", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the last_name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pixeline/bugs/issues/552", + "refsource": "MISC", + "name": "https://github.com/pixeline/bugs/issues/552" + }, + { + "url": "https://github.com/pixeline/bugs", + "refsource": "MISC", + "name": "https://github.com/pixeline/bugs" } ] } diff --git a/2021/40xxx/CVE-2021-40923.json b/2021/40xxx/CVE-2021-40923.json index b9f0bf4dba8..2ba74cac2a2 100644 --- a/2021/40xxx/CVE-2021-40923.json +++ b/2021/40xxx/CVE-2021-40923.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40923", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40923", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the email parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pixeline/bugs/issues/552", + "refsource": "MISC", + "name": "https://github.com/pixeline/bugs/issues/552" + }, + { + "url": "https://github.com/pixeline/bugs", + "refsource": "MISC", + "name": "https://github.com/pixeline/bugs" } ] } diff --git a/2021/40xxx/CVE-2021-40924.json b/2021/40xxx/CVE-2021-40924.json index c3b45d43790..d67dc2a9159 100644 --- a/2021/40xxx/CVE-2021-40924.json +++ b/2021/40xxx/CVE-2021-40924.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40924", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40924", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the first_name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pixeline/bugs/issues/552", + "refsource": "MISC", + "name": "https://github.com/pixeline/bugs/issues/552" + }, + { + "url": "https://github.com/pixeline/bugs", + "refsource": "MISC", + "name": "https://github.com/pixeline/bugs" } ] } diff --git a/2021/40xxx/CVE-2021-40925.json b/2021/40xxx/CVE-2021-40925.json index bf139fb64d4..2c658bbe8e6 100644 --- a/2021/40xxx/CVE-2021-40925.json +++ b/2021/40xxx/CVE-2021-40925.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40925", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40925", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $_SERVER[\"PHP_SELF\"] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ladybirdweb/faveo-helpdesk/issues/5423", + "refsource": "MISC", + "name": "https://github.com/ladybirdweb/faveo-helpdesk/issues/5423" + }, + { + "url": "https://github.com/ladybirdweb/faveo-helpdesk", + "refsource": "MISC", + "name": "https://github.com/ladybirdweb/faveo-helpdesk" } ] } diff --git a/2021/40xxx/CVE-2021-40926.json b/2021/40xxx/CVE-2021-40926.json index f177447918b..8cbf0706c5b 100644 --- a/2021/40xxx/CVE-2021-40926.json +++ b/2021/40xxx/CVE-2021-40926.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40926", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40926", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/JamesHeinrich/getID3/issues/341", + "refsource": "MISC", + "name": "https://github.com/JamesHeinrich/getID3/issues/341" + }, + { + "url": "https://github.com/JamesHeinrich/getID3", + "refsource": "MISC", + "name": "https://github.com/JamesHeinrich/getID3" } ] } diff --git a/2021/40xxx/CVE-2021-40927.json b/2021/40xxx/CVE-2021-40927.json index d7ad0331735..0e04374cb71 100644 --- a/2021/40xxx/CVE-2021-40927.json +++ b/2021/40xxx/CVE-2021-40927.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40927", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40927", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in callback.php in Spotify-for-Alfred 0.13.9 and below allows remote attackers to inject arbitrary web script or HTML via the error parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/citelao/Spotify-for-Alfred/issues/137", + "refsource": "MISC", + "name": "https://github.com/citelao/Spotify-for-Alfred/issues/137" + }, + { + "url": "https://github.com/citelao/Spotify-for-Alfred", + "refsource": "MISC", + "name": "https://github.com/citelao/Spotify-for-Alfred" } ] } diff --git a/2021/40xxx/CVE-2021-40928.json b/2021/40xxx/CVE-2021-40928.json index bb344044dac..ca89a78e13e 100644 --- a/2021/40xxx/CVE-2021-40928.json +++ b/2021/40xxx/CVE-2021-40928.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40928", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40928", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in index.php in FlexTV beta development version allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/d8ahazard/FlexTV/issues/37", + "refsource": "MISC", + "name": "https://github.com/d8ahazard/FlexTV/issues/37" + }, + { + "url": "https://github.com/d8ahazard/FlexTV", + "refsource": "MISC", + "name": "https://github.com/d8ahazard/FlexTV" } ] } diff --git a/2021/40xxx/CVE-2021-40968.json b/2021/40xxx/CVE-2021-40968.json index 67aefcebcef..40e9863566b 100644 --- a/2021/40xxx/CVE-2021-40968.json +++ b/2021/40xxx/CVE-2021-40968.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40968", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40968", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/spotweb/spotweb", + "refsource": "MISC", + "name": "https://github.com/spotweb/spotweb" + }, + { + "url": "https://github.com/spotweb/spotweb/issues/711", + "refsource": "MISC", + "name": "https://github.com/spotweb/spotweb/issues/711" } ] } diff --git a/2021/40xxx/CVE-2021-40969.json b/2021/40xxx/CVE-2021-40969.json index 1f4d6858eff..287df91f207 100644 --- a/2021/40xxx/CVE-2021-40969.json +++ b/2021/40xxx/CVE-2021-40969.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40969", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40969", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/spotweb/spotweb", + "refsource": "MISC", + "name": "https://github.com/spotweb/spotweb" + }, + { + "url": "https://github.com/spotweb/spotweb/issues/711", + "refsource": "MISC", + "name": "https://github.com/spotweb/spotweb/issues/711" } ] } diff --git a/2021/40xxx/CVE-2021-40970.json b/2021/40xxx/CVE-2021-40970.json index 4794107400a..550fe01777e 100644 --- a/2021/40xxx/CVE-2021-40970.json +++ b/2021/40xxx/CVE-2021-40970.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40970", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40970", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/spotweb/spotweb", + "refsource": "MISC", + "name": "https://github.com/spotweb/spotweb" + }, + { + "url": "https://github.com/spotweb/spotweb/issues/711", + "refsource": "MISC", + "name": "https://github.com/spotweb/spotweb/issues/711" } ] } diff --git a/2021/40xxx/CVE-2021-40971.json b/2021/40xxx/CVE-2021-40971.json index 0df16a825f3..3324f912b58 100644 --- a/2021/40xxx/CVE-2021-40971.json +++ b/2021/40xxx/CVE-2021-40971.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40971", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40971", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/spotweb/spotweb", + "refsource": "MISC", + "name": "https://github.com/spotweb/spotweb" + }, + { + "url": "https://github.com/spotweb/spotweb/issues/711", + "refsource": "MISC", + "name": "https://github.com/spotweb/spotweb/issues/711" } ] } diff --git a/2021/40xxx/CVE-2021-40972.json b/2021/40xxx/CVE-2021-40972.json index c55f41341c2..0a808b3ded2 100644 --- a/2021/40xxx/CVE-2021-40972.json +++ b/2021/40xxx/CVE-2021-40972.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40972", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40972", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/spotweb/spotweb", + "refsource": "MISC", + "name": "https://github.com/spotweb/spotweb" + }, + { + "url": "https://github.com/spotweb/spotweb/issues/711", + "refsource": "MISC", + "name": "https://github.com/spotweb/spotweb/issues/711" } ] } diff --git a/2021/40xxx/CVE-2021-40973.json b/2021/40xxx/CVE-2021-40973.json index b271acc951b..576755304da 100644 --- a/2021/40xxx/CVE-2021-40973.json +++ b/2021/40xxx/CVE-2021-40973.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40973", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40973", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/spotweb/spotweb", + "refsource": "MISC", + "name": "https://github.com/spotweb/spotweb" + }, + { + "url": "https://github.com/spotweb/spotweb/issues/711", + "refsource": "MISC", + "name": "https://github.com/spotweb/spotweb/issues/711" } ] } diff --git a/2021/40xxx/CVE-2021-40975.json b/2021/40xxx/CVE-2021-40975.json index 340ddf73e24..a9e0b19eb19 100644 --- a/2021/40xxx/CVE-2021-40975.json +++ b/2021/40xxx/CVE-2021-40975.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40975", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40975", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in application/modules/admin/views/ecommerce/products.php in Ecommerce-CodeIgniter-Bootstrap (Codeigniter 3.1.11, Bootstrap 3.3.7) allows remote attackers to inject arbitrary web script or HTML via the search_title parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/blob/c546a716ba56e8e33b3a5def1c18a6d89c3608f5/application/modules/admin/views/ecommerce/products.php#L37", + "refsource": "MISC", + "name": "https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/blob/c546a716ba56e8e33b3a5def1c18a6d89c3608f5/application/modules/admin/views/ecommerce/products.php#L37" } ] } diff --git a/2021/41xxx/CVE-2021-41461.json b/2021/41xxx/CVE-2021-41461.json index a6c73de2d77..e67ae2db971 100644 --- a/2021/41xxx/CVE-2021-41461.json +++ b/2021/41xxx/CVE-2021-41461.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41461", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41461", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the mode parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/concrete5/concrete5-legacy/issues/2006", + "refsource": "MISC", + "name": "https://github.com/concrete5/concrete5-legacy/issues/2006" + }, + { + "url": "https://github.com/concrete5/concrete5-legacy", + "refsource": "MISC", + "name": "https://github.com/concrete5/concrete5-legacy" } ] } diff --git a/2021/41xxx/CVE-2021-41462.json b/2021/41xxx/CVE-2021-41462.json index fd9e1f28c27..ced891e0d77 100644 --- a/2021/41xxx/CVE-2021-41462.json +++ b/2021/41xxx/CVE-2021-41462.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41462", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41462", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the ctID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/concrete5/concrete5-legacy/issues/2006", + "refsource": "MISC", + "name": "https://github.com/concrete5/concrete5-legacy/issues/2006" + }, + { + "url": "https://github.com/concrete5/concrete5-legacy", + "refsource": "MISC", + "name": "https://github.com/concrete5/concrete5-legacy" } ] } diff --git a/2021/41xxx/CVE-2021-41463.json b/2021/41xxx/CVE-2021-41463.json index 3b6f74fac7c..fc529a29340 100644 --- a/2021/41xxx/CVE-2021-41463.json +++ b/2021/41xxx/CVE-2021-41463.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41463", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41463", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/access/entity/types/group_combination.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the cID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/concrete5/concrete5-legacy/issues/2006", + "refsource": "MISC", + "name": "https://github.com/concrete5/concrete5-legacy/issues/2006" + }, + { + "url": "https://github.com/concrete5/concrete5-legacy", + "refsource": "MISC", + "name": "https://github.com/concrete5/concrete5-legacy" } ] } diff --git a/2021/41xxx/CVE-2021-41464.json b/2021/41xxx/CVE-2021-41464.json index 6f5099fcd0f..ad29d80a603 100644 --- a/2021/41xxx/CVE-2021-41464.json +++ b/2021/41xxx/CVE-2021-41464.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41464", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41464", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/concrete5/concrete5-legacy/issues/2006", + "refsource": "MISC", + "name": "https://github.com/concrete5/concrete5-legacy/issues/2006" + }, + { + "url": "https://github.com/concrete5/concrete5-legacy", + "refsource": "MISC", + "name": "https://github.com/concrete5/concrete5-legacy" } ] } diff --git a/2021/41xxx/CVE-2021-41465.json b/2021/41xxx/CVE-2021-41465.json index 79b5e9023ed..b0b8664e184 100644 --- a/2021/41xxx/CVE-2021-41465.json +++ b/2021/41xxx/CVE-2021-41465.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41465", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41465", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in concrete/elements/collection_theme.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/concrete5/concrete5-legacy/issues/2006", + "refsource": "MISC", + "name": "https://github.com/concrete5/concrete5-legacy/issues/2006" + }, + { + "url": "https://github.com/concrete5/concrete5-legacy", + "refsource": "MISC", + "name": "https://github.com/concrete5/concrete5-legacy" } ] } diff --git a/2021/41xxx/CVE-2021-41467.json b/2021/41xxx/CVE-2021-41467.json index b224865bcc5..cfa6ba9ff9c 100644 --- a/2021/41xxx/CVE-2021-41467.json +++ b/2021/41xxx/CVE-2021-41467.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41467", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41467", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hjue/JustWriting/issues/106", + "refsource": "MISC", + "name": "https://github.com/hjue/JustWriting/issues/106" + }, + { + "url": "https://github.com/hjue/JustWriting/", + "refsource": "MISC", + "name": "https://github.com/hjue/JustWriting/" } ] }