diff --git a/2018/20xxx/CVE-2018-20816.json b/2018/20xxx/CVE-2018-20816.json new file mode 100644 index 00000000000..2382be341db --- /dev/null +++ b/2018/20xxx/CVE-2018-20816.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the \"add dashboard pages\" feature where users can receive a malicious attack through a phished URL, with script executed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/salesagility/SuiteDocs/pull/198/files", + "refsource": "MISC", + "name": "https://github.com/salesagility/SuiteDocs/pull/198/files" + }, + { + "url": "https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_11", + "refsource": "MISC", + "name": "https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_11" + }, + { + "url": "https://docs.suitecrm.com/admin/releases/7.8.x/#_7_8_24", + "refsource": "MISC", + "name": "https://docs.suitecrm.com/admin/releases/7.8.x/#_7_8_24" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3792.json b/2019/3xxx/CVE-2019-3792.json index a657a78e0b7..db62fd20f87 100644 --- a/2019/3xxx/CVE-2019-3792.json +++ b/2019/3xxx/CVE-2019-3792.json @@ -63,6 +63,11 @@ "refsource": "CONFIRM", "url": "https://pivotal.io/security/cve-2019-3792", "name": "https://pivotal.io/security/cve-2019-3792" + }, + { + "refsource": "BID", + "name": "107780", + "url": "http://www.securityfocus.com/bid/107780" } ] },