admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-10-31 14:00:34 +00:00
parent e31f6078d4
commit ef0dc4cc72
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
45 changed files with 1775 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2020/28xxx/CVE-2020-28243.json
View File

@ -101,6 +101,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220103 [SECURITY] [DLA 2480-2] salt regression update",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202310-22",
"url": "https://security.gentoo.org/glsa/202310-22"
}
]
}

5
2020/28xxx/CVE-2020-28972.json
View File

@ -86,6 +86,11 @@
"refsource": "DEBIAN",
"name": "DSA-5011",
"url": "https://www.debian.org/security/2021/dsa-5011"
},
{
"refsource": "GENTOO",
"name": "GLSA-202310-22",
"url": "https://security.gentoo.org/glsa/202310-22"
}
]
}

5
2020/35xxx/CVE-2020-35662.json
View File

@ -86,6 +86,11 @@
"refsource": "DEBIAN",
"name": "DSA-5011",
"url": "https://www.debian.org/security/2021/dsa-5011"
},
{
"refsource": "GENTOO",
"name": "GLSA-202310-22",
"url": "https://security.gentoo.org/glsa/202310-22"
}
]
},

5
2021/21xxx/CVE-2021-21996.json
View File

@ -78,6 +78,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211121 [SECURITY] [DLA 2823-2] salt regression update",
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00019.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202310-22",
"url": "https://security.gentoo.org/glsa/202310-22"
}
]
},

5
2021/25xxx/CVE-2021-25281.json
View File

@ -101,6 +101,11 @@
"refsource": "DEBIAN",
"name": "DSA-5011",
"url": "https://www.debian.org/security/2021/dsa-5011"
},
{
"refsource": "GENTOO",
"name": "GLSA-202310-22",
"url": "https://security.gentoo.org/glsa/202310-22"
}
]
}

5
2021/25xxx/CVE-2021-25282.json
View File

@ -101,6 +101,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220103 [SECURITY] [DLA 2480-2] salt regression update",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202310-22",
"url": "https://security.gentoo.org/glsa/202310-22"
}
]
}

5
2021/25xxx/CVE-2021-25283.json
View File

@ -91,6 +91,11 @@
"refsource": "DEBIAN",
"name": "DSA-5011",
"url": "https://www.debian.org/security/2021/dsa-5011"
},
{
"refsource": "GENTOO",
"name": "GLSA-202310-22",
"url": "https://security.gentoo.org/glsa/202310-22"
}
]
}

5
2021/25xxx/CVE-2021-25284.json
View File

@ -96,6 +96,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220103 [SECURITY] [DLA 2480-2] salt regression update",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202310-22",
"url": "https://security.gentoo.org/glsa/202310-22"
}
]
}

5
2021/31xxx/CVE-2021-31607.json
View File

@ -86,6 +86,11 @@
"refsource": "DEBIAN",
"name": "DSA-5011",
"url": "https://www.debian.org/security/2021/dsa-5011"
},
{
"refsource": "GENTOO",
"name": "GLSA-202310-22",
"url": "https://security.gentoo.org/glsa/202310-22"
}
]
}

5
2021/3xxx/CVE-2021-3144.json
View File

@ -91,6 +91,11 @@
"refsource": "DEBIAN",
"name": "DSA-5011",
"url": "https://www.debian.org/security/2021/dsa-5011"
},
{
"refsource": "GENTOO",
"name": "GLSA-202310-22",
"url": "https://security.gentoo.org/glsa/202310-22"
}
]
}

5
2021/3xxx/CVE-2021-3148.json
View File

@ -91,6 +91,11 @@
"refsource": "DEBIAN",
"name": "DSA-5011",
"url": "https://www.debian.org/security/2021/dsa-5011"
},
{
"refsource": "GENTOO",
"name": "GLSA-202310-22",
"url": "https://security.gentoo.org/glsa/202310-22"
}
]
}

5
2021/3xxx/CVE-2021-3197.json
View File

@ -96,6 +96,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220103 [SECURITY] [DLA 2480-2] salt regression update",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202310-22",
"url": "https://security.gentoo.org/glsa/202310-22"
}
]
}

5
2022/22xxx/CVE-2022-22934.json
View File

@ -58,6 +58,11 @@
"refsource": "MISC",
"name": "https://repo.saltproject.io/",
"url": "https://repo.saltproject.io/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202310-22",
"url": "https://security.gentoo.org/glsa/202310-22"
}
]
},

5
2022/22xxx/CVE-2022-22935.json
View File

@ -58,6 +58,11 @@
"refsource": "MISC",
"name": "https://repo.saltproject.io/",
"url": "https://repo.saltproject.io/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202310-22",
"url": "https://security.gentoo.org/glsa/202310-22"
}
]
},

5
2022/22xxx/CVE-2022-22936.json
View File

@ -58,6 +58,11 @@
"refsource": "MISC",
"name": "https://repo.saltproject.io/",
"url": "https://repo.saltproject.io/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202310-22",
"url": "https://security.gentoo.org/glsa/202310-22"
}
]
},

5
2022/22xxx/CVE-2022-22941.json
View File

@ -58,6 +58,11 @@
"refsource": "MISC",
"name": "https://repo.saltproject.io/",
"url": "https://repo.saltproject.io/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202310-22",
"url": "https://security.gentoo.org/glsa/202310-22"
}
]
},

5
2022/22xxx/CVE-2022-22967.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://saltproject.io/security_announcements/salt-security-advisory-release-june-21st-2022/,",
"url": "https://saltproject.io/security_announcements/salt-security-advisory-release-june-21st-2022/,"
},
{
"refsource": "GENTOO",
"name": "GLSA-202310-22",
"url": "https://security.gentoo.org/glsa/202310-22"
}
]
},

97
2023/24xxx/CVE-2023-24000.json
View File

@ -1,18 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24000",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through 2.5.7.\n\n"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GamiPress",
"product": {
"product_data": [
{
"product_name": "GamiPress",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "2.5.7.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.5.7",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/gamipress/wordpress-gamipress-plugin-2-5-7-unauthenticated-sql-injection-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/gamipress/wordpress-gamipress-plugin-2-5-7-unauthenticated-sql-injection-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 2.5.7.1 or a higher version."
}
],
"value": "Update to\u00a02.5.7.1 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Dave Jong (Patchstack)"
}
]
}

113
2023/25xxx/CVE-2023-25045.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25045",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "David F. Carr",
"product": {
"product_data": [
{
"product_name": "RSVPMaker",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "9.9.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "9.9.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/rsvpmaker/wordpress-rsvpmaker-plugin-9-9-3-sql-injection-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/rsvpmaker/wordpress-rsvpmaker-plugin-9-9-3-sql-injection-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 9.9.4 or a higher version."
}
],
"value": "Update to\u00a09.9.4 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Aldo Dimas Anugrah K (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
}
]
}

97
2023/25xxx/CVE-2023-25047.json
View File

@ -1,18 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25047",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3.\n\n"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "David F. Carr",
"product": {
"product_data": [
{
"product_name": "RSVPMaker",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "9.9.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "9.9.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/rsvpmaker/wordpress-rsvpmaker-plugin-9-9-3-sql-injection-vulnerability-2?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/rsvpmaker/wordpress-rsvpmaker-plugin-9-9-3-sql-injection-vulnerability-2?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 9.9.4 or a higher version."
}
],
"value": "Update to\u00a09.9.4 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Muhammad Arsalan Diponegoro - tripoloski (Patchstack Alliance)"
}
]
}

97
2023/28xxx/CVE-2023-28777.json
View File

@ -1,18 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28777",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LearnDash LearnDash LMS allows SQL Injection.This issue affects LearnDash LMS: from n/a through 4.5.3.\n\n"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LearnDash",
"product": {
"product_data": [
{
"product_name": "LearnDash LMS",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "4.5.3.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.5.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/sfwd-lms/wordpress-learndash-lms-plugin-4-5-3-contributor-sql-injection-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/sfwd-lms/wordpress-learndash-lms-plugin-4-5-3-contributor-sql-injection-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.5.3.1 or a higher version."
}
],
"value": "Update to\u00a04.5.3.1 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Rafie Muhammad (Patchstack)"
}
]
}

56
2023/46xxx/CVE-2023-46976.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46976",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/shinypolaris/vuln-reports/blob/master/TOTOLINK%20A3300R/1/README.md",
"refsource": "MISC",
"name": "https://github.com/shinypolaris/vuln-reports/blob/master/TOTOLINK%20A3300R/1/README.md"
}
]
}

56
2023/46xxx/CVE-2023-46977.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46977",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK LR1200GB V9.1.0u.6619_B20230130 was discovered to contain a stack overflow via the password parameter in the function loginAuth."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/shinypolaris/vuln-reports/blob/master/TOTOLINK%20LR1200GB/1/README.md",
"refsource": "MISC",
"name": "https://github.com/shinypolaris/vuln-reports/blob/master/TOTOLINK%20LR1200GB/1/README.md"
}
]
}

56
2023/46xxx/CVE-2023-46978.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46978",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can reset login password & WIFI passwords without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/shinypolaris/vuln-reports/blob/master/TOTOLINK%20X6000R/1/README.md",
"refsource": "MISC",
"name": "https://github.com/shinypolaris/vuln-reports/blob/master/TOTOLINK%20X6000R/1/README.md"
}
]
}

56
2023/46xxx/CVE-2023-46979.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46979",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/shinypolaris/vuln-reports/blob/master/TOTOLINK%20X6000R/2/README.md",
"refsource": "MISC",
"name": "https://github.com/shinypolaris/vuln-reports/blob/master/TOTOLINK%20X6000R/2/README.md"
}
]
}

72
2023/4xxx/CVE-2023-4250.json
View File

@ -1,18 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4250",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "EventPrime",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/9c271619-f478-45c3-91d9-be0f55ee06a2",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/9c271619-f478-45c3-91d9-be0f55ee06a2"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Miguel Santareno"
},
{
"lang": "en",
"value": "WPScan"
}
]
}

72
2023/4xxx/CVE-2023-4251.json
View File

@ -1,18 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4251",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "EventPrime",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/ce564628-3d15-4bc5-8b8e-60b71786ac19",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/ce564628-3d15-4bc5-8b8e-60b71786ac19"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Alex Sanford"
},
{
"lang": "en",
"value": "WPScan"
}
]
}

72
2023/4xxx/CVE-2023-4390.json
View File

@ -1,18 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4390",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup)."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Popup box",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.7.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/9fd2eb81-185d-4d42-8acf-925664b7cb2f",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/9fd2eb81-185d-4d42-8acf-925664b7cb2f"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Prasad Borvankar"
},
{
"lang": "en",
"value": "WPScan"
}
]
}

8
2023/4xxx/CVE-2023-4610.json
View File

@ -1,17 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4610",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** The SRCU code was added in upstream kernel v6.4-rc1 and removed before v6.4. This bug only existed in development kernels. Please see https://lore.kernel.org/all/ZTKVfoQZplpB8rki@casper.infradead.org and https://bugzilla.suse.com/show_bug.cgi?id=1215932 for more information."
}
]
}

72
2023/4xxx/CVE-2023-4823.json
View File

@ -1,18 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4823",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change them and perform Stored Cross-Site Scripting."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WP Meta and Date Remover",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/84f53e27-d8d2-4fa3-91f9-447037508d30",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/84f53e27-d8d2-4fa3-91f9-447037508d30"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "dc11"
},
{
"lang": "en",
"value": "WPScan"
}
]
}

77
2023/4xxx/CVE-2023-4836.json
View File

@ -1,18 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4836",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WordPress File Sharing Plugin",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2.0.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/c17f2534-d791-4fe3-b45b-875777585dc6",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/c17f2534-d791-4fe3-b45b-875777585dc6"
},
{
"url": "https://research.cleantalk.org/cve-2023-4836-user-private-files-idor-to-sensitive-data-and-private-files-exposure-leak-of-info-poc",
"refsource": "MISC",
"name": "https://research.cleantalk.org/cve-2023-4836-user-private-files-idor-to-sensitive-data-and-private-files-exposure-leak-of-info-poc"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Dmitrii Ignatyev"
},
{
"lang": "en",
"value": "WPScan"
}
]
}

72
2023/5xxx/CVE-2023-5098.json
View File

@ -1,18 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5098",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Campaign Monitor Forms by Optin Cat WordPress plugin before 2.5.6 does not prevent users with low privileges (like subscribers) from overwriting any options on a site with the string \"true\", which could lead to a variety of outcomes, including DoS."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Campaign Monitor Forms by Optin Cat",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2.5.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/3167a83c-291e-4372-a42e-d842205ba722",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/3167a83c-291e-4372-a42e-d842205ba722"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Francesco Marano"
},
{
"lang": "en",
"value": "WPScan"
}
]
}

76
2023/5xxx/CVE-2023-5211.json
View File

@ -1,18 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5211",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Fattura24 WordPress plugin before 6.2.8 does not sanitize or escape the 'id' parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting vulnerability."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Fattura24",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "6.2.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/aa868380-cda7-4ec6-8a3f-d9fa692908f2",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/aa868380-cda7-4ec6-8a3f-d9fa692908f2"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Enrico Marcolini"
},
{
"lang": "en",
"value": "Claudio Marchesini"
},
{
"lang": "en",
"value": "WPScan"
}
]
}

72
2023/5xxx/CVE-2023-5229.json
View File

@ -1,18 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5229",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "E2Pdf",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.20.20"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/fb6ce636-9e0d-4c5c-bb95-dde1d2581245",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/fb6ce636-9e0d-4c5c-bb95-dde1d2581245"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Yassir Sbai Fahim"
},
{
"lang": "en",
"value": "WPScan"
}
]
}

77
2023/5xxx/CVE-2023-5237.json
View File

@ -1,18 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5237",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Memberlite Shortcodes WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Memberlite Shortcodes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.3.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/a46d686c-6234-4aa8-a656-00a65c55d0b0",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/a46d686c-6234-4aa8-a656-00a65c55d0b0"
},
{
"url": "https://research.cleantalk.org/cve-2023-5237-memberlite-shortcodes-stored-xss-via-shortcode",
"refsource": "MISC",
"name": "https://research.cleantalk.org/cve-2023-5237-memberlite-shortcodes-stored-xss-via-shortcode"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Dmitrii Ignatyev"
},
{
"lang": "en",
"value": "WPScan"
}
]
}

72
2023/5xxx/CVE-2023-5238.json
View File

@ -1,18 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5238",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "EventPrime",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/47a5fbfd-f47c-4356-8567-b29dadb48423",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/47a5fbfd-f47c-4356-8567-b29dadb48423"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Miguel Santareno"
},
{
"lang": "en",
"value": "WPScan"
}
]
}

81
2023/5xxx/CVE-2023-5243.json
View File

@ -1,18 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5243",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Login Screen Manager WordPress plugin through 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Login Screen Manager",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThanOrEqual": "3.5.2"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/ad895200-a03a-4e92-b256-d6991547d38a",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/ad895200-a03a-4e92-b256-d6991547d38a"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Nano"
},
{
"lang": "en",
"value": "WPScan"
}
]
}

77
2023/5xxx/CVE-2023-5307.json
View File

@ -1,18 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5307",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Photos and Files Contest Gallery",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "21.2.8.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/6fac1e09-21ab-430d-b56d-195e7238c08c",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/6fac1e09-21ab-430d-b56d-195e7238c08c"
},
{
"url": "https://research.cleantalk.org/cve-2023-5307-photos-and-files-contest-gallery-contact-form-21-2-8-1-unauthenticated-stored-xss-via-http-headers",
"refsource": "MISC",
"name": "https://research.cleantalk.org/cve-2023-5307-photos-and-files-contest-gallery-contact-form-21-2-8-1-unauthenticated-stored-xss-via-http-headers"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Dmitrii Ignatyev"
},
{
"lang": "en",
"value": "WPScan"
}
]
}

72
2023/5xxx/CVE-2023-5360.json
View File

@ -1,18 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5360",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Royal Elementor Addons and Templates",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.3.79"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/281518ff-7816-4007-b712-63aed7828b34",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/281518ff-7816-4007-b712-63aed7828b34"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Fioravante Souza"
},
{
"lang": "en",
"value": "WPScan"
}
]
}

72
2023/5xxx/CVE-2023-5458.json
View File

@ -1,18 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5458",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The CITS Support svg, webp Media and TTF,OTF File Upload WordPress plugin before 3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "CITS Support svg, webp Media and TTF,OTF File Upload",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/47d15f1c-b9ca-494d-be8f-63c30e92f9b8",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/47d15f1c-b9ca-494d-be8f-63c30e92f9b8"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Bob Matyas"
},
{
"lang": "en",
"value": "WPScan"
}
]
}

68
2023/5xxx/CVE-2023-5519.json
View File

@ -1,18 +1,76 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5519",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "EventPrime",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/ce564628-3d15-4bc5-8b8e-60b71786ac19",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/ce564628-3d15-4bc5-8b8e-60b71786ac19"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "WPScan"
}
]
}

18
2023/5xxx/CVE-2023-5878.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5878",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5879.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5879",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5880.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5880",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5881.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5881",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}