admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-11-23 12:00:30 +00:00
parent 1f31f2791a
commit f55215fd67
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 453 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
2024/11xxx/CVE-2024-11034.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11034",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The The Request a Quote for WooCommerce and Elementor \u2013 Get a Quote Button \u2013 Product Enquiry Form Popup \u2013 Product Quotation plugin for WordPress is vulnerable to arbitrary shortcode execution via fire_contact_form AJAX action in all versions up to, and including, 1.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wpbean",
"product": {
"product_data": [
{
"product_name": "Request a Quote for WooCommerce and Elementor \u2013 Get a Quote Button \u2013 Product Enquiry Form Popup \u2013 Product Quotation",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3ccd3504-5663-48cd-90bc-502c2ce232f7?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3ccd3504-5663-48cd-90bc-502c2ce232f7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/get-a-quote-button-for-woocommerce/tags/1.3.9/includes/class-ajax.php#L31",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/get-a-quote-button-for-woocommerce/tags/1.3.9/includes/class-ajax.php#L31"
},
{
"url": "https://wordpress.org/plugins/get-a-quote-button-for-woocommerce/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/get-a-quote-button-for-woocommerce/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3195227/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3195227/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Arkadiusz Hydzik"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
]
}

86
2024/11xxx/CVE-2024-11228.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11228",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The \uc6cc\ub4dc\ud504\ub808\uc2a4 \uacb0\uc81c \uc2ec\ud50c\ud398\uc774 \u2013 \uc6b0\ucee4\uba38\uc2a4 \uacb0\uc81c \ud50c\ub7ec\uadf8\uc778 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pafw_instant_payment shortcode in all versions up to, and including, 5.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "codemstory",
"product": {
"product_data": [
{
"product_name": "\uc6cc\ub4dc\ud504\ub808\uc2a4 \uacb0\uc81c \uc2ec\ud50c\ud398\uc774 \u2013 \uc6b0\ucee4\uba38\uc2a4 \uacb0\uc81c \ud50c\ub7ec\uadf8\uc778",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "5.1.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2fe166a9-8e80-4bb9-8074-5404289f5685?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2fe166a9-8e80-4bb9-8074-5404289f5685?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/pgall-for-woocommerce/trunk/templates/checkout/pafw/instant-payment.php#L11",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/pgall-for-woocommerce/trunk/templates/checkout/pafw/instant-payment.php#L11"
},
{
"url": "https://wordpress.org/plugins/pgall-for-woocommerce/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/pgall-for-woocommerce/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3191856/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3191856/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Peter Thaleikis"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

101
2024/11xxx/CVE-2024-11229.json
View File

@ -1,17 +1,110 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11229",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The \ucf54\ub4dc\uc5e0\uc0f5 \uc18c\uc15c\ud1a1 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's add_plus_friends and add_plus_talk shortcodes in all versions up to, and including, 1.1.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "codemstory",
"product": {
"product_data": [
{
"product_name": "\ucf54\ub4dc\uc5e0\uc0f5 \uc18c\uc15c\ud1a1",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.1.18"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/226baf3e-1b28-4196-9438-0b17fef4c5af?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/226baf3e-1b28-4196-9438-0b17fef4c5af?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mshop-naver-talktalk/trunk/includes/class-msntt-plus-friends.php#L22",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/mshop-naver-talktalk/trunk/includes/class-msntt-plus-friends.php#L22"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mshop-naver-talktalk/trunk/includes/class-msntt-plus-friends.php#L168",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/mshop-naver-talktalk/trunk/includes/class-msntt-plus-friends.php#L168"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mshop-naver-talktalk/trunk/includes/class-msntt-plus-friends.php#L23",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/mshop-naver-talktalk/trunk/includes/class-msntt-plus-friends.php#L23"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mshop-naver-talktalk/trunk/includes/class-msntt-plus-friends.php#L215",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/mshop-naver-talktalk/trunk/includes/class-msntt-plus-friends.php#L215"
},
{
"url": "https://wordpress.org/plugins/mshop-naver-talktalk/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/mshop-naver-talktalk/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3191812/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3191812/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Peter Thaleikis"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

86
2024/11xxx/CVE-2024-11231.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11231",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The \uc6b0\ucee4\uba38\uc2a4 \ub124\uc774\ubc84\ud398\uc774 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mnp_purchase shortcode in all versions up to, and including, 3.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "codemstory",
"product": {
"product_data": [
{
"product_name": "\uc6b0\ucee4\uba38\uc2a4 \ub124\uc774\ubc84\ud398\uc774",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "3.3.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dab587c3-54f3-4619-8de0-8740d6451f96?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dab587c3-54f3-4619-8de0-8740d6451f96?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mshop-npay/trunk/templates/shortcodes/naverpay-button.php#L6",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/mshop-npay/trunk/templates/shortcodes/naverpay-button.php#L6"
},
{
"url": "https://wordpress.org/plugins/mshop-npay/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/mshop-npay/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3191814/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3191814/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Peter Thaleikis"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

114
2024/11xxx/CVE-2024-11631.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11631",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /expedit.php. The manipulation of the argument expcat leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in itsourcecode Tailoring Management System 1.0 gefunden. Dies betrifft einen unbekannten Teil der Datei /expedit.php. Mittels dem Manipulieren des Arguments expcat mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "itsourcecode",
"product": {
"product_data": [
{
"product_name": "Tailoring Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.285917",
"refsource": "MISC",
"name": "https://vuldb.com/?id.285917"
},
{
"url": "https://vuldb.com/?ctiid.285917",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.285917"
},
{
"url": "https://vuldb.com/?submit.446290",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.446290"
},
{
"url": "https://github.com/sil3n/cve/issues/1",
"refsource": "MISC",
"name": "https://github.com/sil3n/cve/issues/1"
},
{
"url": "https://itsourcecode.com/",
"refsource": "MISC",
"name": "https://itsourcecode.com/"
}
]
},
"credits": [
{
"lang": "en",
"value": "silen (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}