admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-12-28 12:00:43 +00:00
parent 6d823469b6
commit eea5fdbc5f
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
8 changed files with 800 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
2018/25xxx/CVE-2018-25051.json Normal file
View File

@ -0,0 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2018-25051",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, was found in JmPotato Pomash. This affects an unknown part of the file Pomash/theme/clean/templates/editor.html. The manipulation of the argument article.title/content.title/article.tag leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is be1914ef0a6808e00f51618b2de92496a3604415. It is recommended to apply a patch to fix this issue. The identifier VDB-216957 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in JmPotato Pomash gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei Pomash/theme/clean/templates/editor.html. Durch Manipulation des Arguments article.title/content.title/article.tag mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Patch wird als be1914ef0a6808e00f51618b2de92496a3604415 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "JmPotato",
"product": {
"product_data": [
{
"product_name": "Pomash",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.216957",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216957"
},
{
"url": "https://vuldb.com/?ctiid.216957",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.216957"
},
{
"url": "https://github.com/JmPotato/Pomash/commit/be1914ef0a6808e00f51618b2de92496a3604415",
"refsource": "MISC",
"name": "https://github.com/JmPotato/Pomash/commit/be1914ef0a6808e00f51618b2de92496a3604415"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 2.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 2.4,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
}
]
}
}

255
2018/25xxx/CVE-2018-25052.json Normal file
View File

@ -0,0 +1,255 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2018-25052",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function _load_sessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.41 is able to address this issue. The name of the patch is 88d1b599e1163761c9bd53bec53ba078f13e09d4. It is recommended to upgrade the affected component. VDB-216958 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In Catalyst-Plugin-Session bis 0.40 wurde eine problematische Schwachstelle gefunden. Dabei geht es um die Funktion _load_sessionid der Datei lib/Catalyst/Plugin/Session.pm der Komponente Session ID Handler. Mittels dem Manipulieren des Arguments sid mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 0.41 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 88d1b599e1163761c9bd53bec53ba078f13e09d4 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Catalyst-Plugin-Session",
"version": {
"version_data": [
{
"version_value": "0.1",
"version_affected": "="
},
{
"version_value": "0.2",
"version_affected": "="
},
{
"version_value": "0.3",
"version_affected": "="
},
{
"version_value": "0.4",
"version_affected": "="
},
{
"version_value": "0.5",
"version_affected": "="
},
{
"version_value": "0.6",
"version_affected": "="
},
{
"version_value": "0.7",
"version_affected": "="
},
{
"version_value": "0.8",
"version_affected": "="
},
{
"version_value": "0.9",
"version_affected": "="
},
{
"version_value": "0.10",
"version_affected": "="
},
{
"version_value": "0.11",
"version_affected": "="
},
{
"version_value": "0.12",
"version_affected": "="
},
{
"version_value": "0.13",
"version_affected": "="
},
{
"version_value": "0.14",
"version_affected": "="
},
{
"version_value": "0.15",
"version_affected": "="
},
{
"version_value": "0.16",
"version_affected": "="
},
{
"version_value": "0.17",
"version_affected": "="
},
{
"version_value": "0.18",
"version_affected": "="
},
{
"version_value": "0.19",
"version_affected": "="
},
{
"version_value": "0.20",
"version_affected": "="
},
{
"version_value": "0.21",
"version_affected": "="
},
{
"version_value": "0.22",
"version_affected": "="
},
{
"version_value": "0.23",
"version_affected": "="
},
{
"version_value": "0.24",
"version_affected": "="
},
{
"version_value": "0.25",
"version_affected": "="
},
{
"version_value": "0.26",
"version_affected": "="
},
{
"version_value": "0.27",
"version_affected": "="
},
{
"version_value": "0.28",
"version_affected": "="
},
{
"version_value": "0.29",
"version_affected": "="
},
{
"version_value": "0.30",
"version_affected": "="
},
{
"version_value": "0.31",
"version_affected": "="
},
{
"version_value": "0.32",
"version_affected": "="
},
{
"version_value": "0.33",
"version_affected": "="
},
{
"version_value": "0.34",
"version_affected": "="
},
{
"version_value": "0.35",
"version_affected": "="
},
{
"version_value": "0.36",
"version_affected": "="
},
{
"version_value": "0.37",
"version_affected": "="
},
{
"version_value": "0.38",
"version_affected": "="
},
{
"version_value": "0.39",
"version_affected": "="
},
{
"version_value": "0.40",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.216958",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216958"
},
{
"url": "https://vuldb.com/?ctiid.216958",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.216958"
},
{
"url": "https://github.com/perl-catalyst/Catalyst-Plugin-Session/commit/88d1b599e1163761c9bd53bec53ba078f13e09d4",
"refsource": "MISC",
"name": "https://github.com/perl-catalyst/Catalyst-Plugin-Session/commit/88d1b599e1163761c9bd53bec53ba078f13e09d4"
},
{
"url": "https://github.com/perl-catalyst/Catalyst-Plugin-Session/releases/tag/0.41",
"refsource": "MISC",
"name": "https://github.com/perl-catalyst/Catalyst-Plugin-Session/releases/tag/0.41"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
}
]
}
}

103
2018/25xxx/CVE-2018-25053.json Normal file
View File

@ -0,0 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2018-25053",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in moappi Json2html up to 1.1.x and classified as problematic. This issue affects some unknown processing of the file json2html.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is 2d3d24d971b19a8ed1fb823596300b9835d55801. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216959."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in moappi Json2html bis 1.1.x gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei json2html.js. Mittels Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 1.2.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 2d3d24d971b19a8ed1fb823596300b9835d55801 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "moappi",
"product": {
"product_data": [
{
"product_name": "Json2html",
"version": {
"version_data": [
{
"version_value": "1.0",
"version_affected": "="
},
{
"version_value": "1.1",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.216959",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216959"
},
{
"url": "https://vuldb.com/?ctiid.216959",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.216959"
},
{
"url": "https://github.com/moappi/json2html/commit/2d3d24d971b19a8ed1fb823596300b9835d55801",
"refsource": "MISC",
"name": "https://github.com/moappi/json2html/commit/2d3d24d971b19a8ed1fb823596300b9835d55801"
},
{
"url": "https://github.com/moappi/json2html/releases/tag/1.2.0",
"refsource": "MISC",
"name": "https://github.com/moappi/json2html/releases/tag/1.2.0"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
}
]
}
}

94
2018/25xxx/CVE-2018-25054.json Normal file
View File

@ -0,0 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2018-25054",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in shred cilla. It has been classified as problematic. Affected is an unknown function of the file cilla-xample/src/main/webapp/WEB-INF/jsp/view/search.jsp of the component Search Handler. The manipulation of the argument details leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is d345e6bc7798bd717a583ec7f545ca387819d5c7. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216960."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in shred cilla ausgemacht. Es betrifft eine unbekannte Funktion der Datei cilla-xample/src/main/webapp/WEB-INF/jsp/view/search.jsp der Komponente Search Handler. Durch das Manipulieren des Arguments details mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Patch wird als d345e6bc7798bd717a583ec7f545ca387819d5c7 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "shred",
"product": {
"product_data": [
{
"product_name": "cilla",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.216960",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216960"
},
{
"url": "https://vuldb.com/?ctiid.216960",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.216960"
},
{
"url": "https://github.com/shred/cilla/commit/d345e6bc7798bd717a583ec7f545ca387819d5c7",
"refsource": "MISC",
"name": "https://github.com/shred/cilla/commit/d345e6bc7798bd717a583ec7f545ca387819d5c7"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
}
]
}
}

124
2018/25xxx/CVE-2018-25055.json Normal file
View File

@ -0,0 +1,124 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2018-25055",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in FarCry Solr Pro Plugin up to 1.5.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file packages/forms/solrProSearch.cfc of the component Search Handler. The manipulation of the argument suggestion leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.6.0 is able to address this issue. The name of the patch is b8f3d61511c9b02b781ec442bfb803cbff8e08d5. It is recommended to upgrade the affected component. The identifier VDB-216961 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In FarCry Solr Pro Plugin bis 1.5.x wurde eine problematische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei packages/forms/solrProSearch.cfc der Komponente Search Handler. Durch Manipulieren des Arguments suggestion mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 1.6.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als b8f3d61511c9b02b781ec442bfb803cbff8e08d5 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "FarCry Solr Pro Plugin",
"version": {
"version_data": [
{
"version_value": "1.0",
"version_affected": "="
},
{
"version_value": "1.1",
"version_affected": "="
},
{
"version_value": "1.2",
"version_affected": "="
},
{
"version_value": "1.3",
"version_affected": "="
},
{
"version_value": "1.4",
"version_affected": "="
},
{
"version_value": "1.5",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.216961",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216961"
},
{
"url": "https://vuldb.com/?ctiid.216961",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.216961"
},
{
"url": "https://github.com/jeffcoughlin/farcrysolrpro/issues/78",
"refsource": "MISC",
"name": "https://github.com/jeffcoughlin/farcrysolrpro/issues/78"
},
{
"url": "https://github.com/jeffcoughlin/farcrysolrpro/commit/b8f3d61511c9b02b781ec442bfb803cbff8e08d5",
"refsource": "MISC",
"name": "https://github.com/jeffcoughlin/farcrysolrpro/commit/b8f3d61511c9b02b781ec442bfb803cbff8e08d5"
},
{
"url": "https://github.com/jeffcoughlin/farcrysolrpro/releases/tag/1.6.0",
"refsource": "MISC",
"name": "https://github.com/jeffcoughlin/farcrysolrpro/releases/tag/1.6.0"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
}
]
}
}

94
2018/25xxx/CVE-2018-25056.json Normal file
View File

@ -0,0 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2018-25056",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, was found in yolapi. Affected is the function render_description of the file yolapi/pypi/metadata.py. The manipulation of the argument text leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a0fe129055a99f429133a5c40cb13b44611ff796. It is recommended to apply a patch to fix this issue. VDB-216966 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in yolapi gefunden. Sie wurde als problematisch eingestuft. Hiervon betroffen ist die Funktion render_description der Datei yolapi/pypi/metadata.py. Mit der Manipulation des Arguments text mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Patch wird als a0fe129055a99f429133a5c40cb13b44611ff796 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "yolapi",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.216966",
"refsource": "MISC",
"name": "https://vuldb.com/?id.216966"
},
{
"url": "https://vuldb.com/?ctiid.216966",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.216966"
},
{
"url": "https://github.com/yola/yolapi/commit/a0fe129055a99f429133a5c40cb13b44611ff796",
"refsource": "MISC",
"name": "https://github.com/yola/yolapi/commit/a0fe129055a99f429133a5c40cb13b44611ff796"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
}
]
}
}

18
2022/4xxx/CVE-2022-4794.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4794",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/4xxx/CVE-2022-4795.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-4795",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}