admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-01-17 14:01:11 +00:00
parent d97e3047f8
commit f035c320a4
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
4 changed files with 250 additions and 232 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

164
2021/25xxx/CVE-2021-25037.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-25037",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "All In One SEO < 4.1.5.3 - Authenticated SQL Injection"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "All in One SEO Best WordPress SEO Plugin Easily Improve SEO Rankings & Increase Traffic",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "4.1.3.1",
"version_value": "4.1.3.1"
},
{
"version_affected": "<",
"version_name": "4.1.5.3",
"version_value": "4.1.5.3"
"CVE_data_meta": {
"ID": "CVE-2021-25037",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "All In One SEO < 4.1.5.3 - Authenticated SQL Injection"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "All in One SEO \u2013 Best WordPress SEO Plugin \u2013 Easily Improve SEO Rankings & Increase Traffic",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "4.1.3.1",
"version_value": "4.1.3.1"
},
{
"version_affected": "<",
"version_name": "4.1.5.3",
"version_value": "4.1.5.3"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected sites database (e.g., usernames and hashed passwords)."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/4cd2a57b-3e1a-4acf-aecb-201ed9f4ee6d",
"name": "https://wpscan.com/vulnerability/4cd2a57b-3e1a-4acf-aecb-201ed9f4ee6d"
},
{
"refsource": "MISC",
"url": "https://jetpack.com/2021/12/14/severe-vulnerabilities-fixed-in-all-in-one-seo-plugin-version-4-1-5-3/",
"name": "https://jetpack.com/2021/12/14/severe-vulnerabilities-fixed-in-all-in-one-seo-plugin-version-4-1-5-3/"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2640944/all-in-one-seo-pack/trunk/app/Common/Api/PostsTerms.php",
"name": "https://plugins.trac.wordpress.org/changeset/2640944/all-in-one-seo-pack/trunk/app/Common/Api/PostsTerms.php"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected site\u2019s database (e.g., usernames and hashed passwords)."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Marc Montpas (Jetpack Scan)"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://jetpack.com/2021/12/14/severe-vulnerabilities-fixed-in-all-in-one-seo-plugin-version-4-1-5-3/",
"name": "https://jetpack.com/2021/12/14/severe-vulnerabilities-fixed-in-all-in-one-seo-plugin-version-4-1-5-3/"
},
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/4cd2a57b-3e1a-4acf-aecb-201ed9f4ee6d",
"name": "https://wpscan.com/vulnerability/4cd2a57b-3e1a-4acf-aecb-201ed9f4ee6d"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2640944/all-in-one-seo-pack/trunk/app/Common/Api/PostsTerms.php",
"name": "https://plugins.trac.wordpress.org/changeset/2640944/all-in-one-seo-pack/trunk/app/Common/Api/PostsTerms.php"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-89 SQL Injection",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Marc Montpas (Jetpack Scan)"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

134
2021/25xxx/CVE-2021-25067.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-25067",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Landing Page Builder < 1.4.9.6 - Authenticated Reflected Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Landing Page Builder Lead Page Optin Page Squeeze Page WordPress Landing Pages",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.4.9.6",
"version_value": "1.4.9.6"
"CVE_data_meta": {
"ID": "CVE-2021-25067",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Landing Page Builder < 1.4.9.6 - Authenticated Reflected Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Landing Page Builder \u2013 Lead Page \u2013 Optin Page \u2013 Squeeze Page \u2013 WordPress Landing Pages",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.4.9.6",
"version_value": "1.4.9.6"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-builder-add on the ulpb_post admin page."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/365007f0-61ac-4e81-8a3a-3a068f2c84bc",
"name": "https://wpscan.com/vulnerability/365007f0-61ac-4e81-8a3a-3a068f2c84bc"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-builder-add on the ulpb_post admin page."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zając"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/365007f0-61ac-4e81-8a3a-3a068f2c84bc",
"name": "https://wpscan.com/vulnerability/365007f0-61ac-4e81-8a3a-3a068f2c84bc"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

166
2022/0xxx/CVE-2022-0253.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0253",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "3.91"
}
]
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0253",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "livehelperchat/livehelperchat",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "3.91"
}
]
}
}
]
},
"vendor_name": "livehelperchat"
}
}
]
},
"vendor_name": "livehelperchat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ac7f7eba-ee0b-4a50-bd89-29fd9b3e8303",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ac7f7eba-ee0b-4a50-bd89-29fd9b3e8303"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/407d0b1a1fa56fa6f824a19092774f10f4880437",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/407d0b1a1fa56fa6f824a19092774f10f4880437"
}
]
},
"source": {
"advisory": "ac7f7eba-ee0b-4a50-bd89-29fd9b3e8303",
"discovery": "EXTERNAL"
}
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ac7f7eba-ee0b-4a50-bd89-29fd9b3e8303",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ac7f7eba-ee0b-4a50-bd89-29fd9b3e8303"
},
{
"name": "https://github.com/livehelperchat/livehelperchat/commit/407d0b1a1fa56fa6f824a19092774f10f4880437",
"refsource": "MISC",
"url": "https://github.com/livehelperchat/livehelperchat/commit/407d0b1a1fa56fa6f824a19092774f10f4880437"
}
]
},
"source": {
"advisory": "ac7f7eba-ee0b-4a50-bd89-29fd9b3e8303",
"discovery": "EXTERNAL"
}
}

18
2022/0xxx/CVE-2022-0255.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0255",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}