mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
181d537209
commit
f72d4f7da2
@ -40,9 +40,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "V6R2013xE",
|
||||
"version_value": "V6R2013xE FP.CFA.2240"
|
||||
"version_affected": "<=",
|
||||
"version_name": "V6R2013xE Golden",
|
||||
"version_value": "V6R2013xE FP.CFA.2228"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote File inclusions."
|
||||
"value": "An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows an attacker to read local files on the server."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -40,9 +40,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "V6R2013xE",
|
||||
"version_value": "V6R2013xE FP.CFA.2240"
|
||||
"version_affected": "<=",
|
||||
"version_name": "V6R2013xE Golden",
|
||||
"version_value": "V6R2013xE FP.CFA.2228"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
18
2023/28xxx/CVE-2023-28391.json
Normal file
18
2023/28xxx/CVE-2023-28391.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-28391",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -1,17 +1,90 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-28426",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security-advisories@github.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "savg-sanitizer is a PHP SVG/XML Sanitizer. A bypass has been found in versions prior to 0.16.0 that allows an attacker to upload an SVG with persistent cross-site scripting. HTML elements within CDATA needed to be sanitized correctly, as we were converting them to a textnode and therefore, the library wasn't seeing them as DOM elements. This issue is fixed in version 0.16.0. Any data within a CDATA node will now be sanitised using HTMLPurifier. The maintainers have also removed many of the HTML and MathML elements from the allowed element list, as without ForiegnObject, they're not legal within the SVG context. There are no known workarounds."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
|
||||
"cweId": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "darylldoyle",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "svg-sanitizer",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "< 0.16.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/darylldoyle/svg-sanitizer/security/advisories/GHSA-xrqq-wqh4-5hg2",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/darylldoyle/svg-sanitizer/security/advisories/GHSA-xrqq-wqh4-5hg2"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/darylldoyle/svg-sanitizer/commit/cce18bc237c05c6e093e9672db7926788da9b322",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/darylldoyle/svg-sanitizer/commit/cce18bc237c05c6e093e9672db7926788da9b322"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "GHSA-xrqq-wqh4-5hg2",
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.3,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user