diff --git a/2024/10xxx/CVE-2024-10932.json b/2024/10xxx/CVE-2024-10932.json index cfb91640411..be1d0abe483 100644 --- a/2024/10xxx/CVE-2024-10932.json +++ b/2024/10xxx/CVE-2024-10932.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-10932", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must create a staging site in order to trigger the exploit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data", + "cweId": "CWE-502" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "inisev", + "product": { + "product_data": [ + { + "product_name": "Backup Migration", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.4.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d5a0c514-5200-47f4-9d2e-684d68946b9a?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d5a0c514-5200-47f4-9d2e-684d68946b9a?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser//backup-backup/tags/1.4.6/includes/database/search-replace.php#L46", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser//backup-backup/tags/1.4.6/includes/database/search-replace.php#L46" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.4.6.1/includes/database/search-replace.php#L46", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.4.6.1/includes/database/search-replace.php#L46" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Craig Smith" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/11xxx/CVE-2024-11974.json b/2024/11xxx/CVE-2024-11974.json index 4aad2782194..63f3a92e0a8 100644 --- a/2024/11xxx/CVE-2024-11974.json +++ b/2024/11xxx/CVE-2024-11974.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11974", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018smc_settings_tab', 'unattachfixit-action', and 'woofixit-action\u2019 parameters in all versions up to, and including, 3.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "dglingren", + "product": { + "product_data": [ + { + "product_name": "Media Library Assistant", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.23" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/65f4e5e1-4c2e-4943-aa84-4caa61e14bc2?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/65f4e5e1-4c2e-4943-aa84-4caa61e14bc2?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/media-library-assistant/trunk/examples/plugins/mla-unattached-fixit.php#L177", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/media-library-assistant/trunk/examples/plugins/mla-unattached-fixit.php#L177" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/media-library-assistant/trunk/examples/plugins/woofixit.php#L1391", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/media-library-assistant/trunk/examples/plugins/woofixit.php#L1391" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/media-library-assistant/trunk/examples/plugins/smart-media-categories/admin/includes/class-smc-settings-support.php#L459", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/media-library-assistant/trunk/examples/plugins/smart-media-categories/admin/includes/class-smc-settings-support.php#L459" + }, + { + "url": "https://wordpress.org/plugins/media-library-assistant/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/media-library-assistant/#developers" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3215759/", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3215759/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Dale Mavers" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/12xxx/CVE-2024-12047.json b/2024/12xxx/CVE-2024-12047.json index f5f9998b5f2..1fb4982b255 100644 --- a/2024/12xxx/CVE-2024-12047.json +++ b/2024/12xxx/CVE-2024-12047.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12047", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Compress \u2013 Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018custom_server\u2019 parameter in all versions up to, and including, 6.30.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "smartersite", + "product": { + "product_data": [ + { + "product_name": "WP Compress \u2013 Instant Performance & Speed Optimization", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "6.30.03" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/09c04863-a454-4f05-9403-aff39dbccd43?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/09c04863-a454-4f05-9403-aff39dbccd43?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-compress-image-optimizer/tags/6.30.00/addons/cdn/cdn-rewrite.php#L459", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wp-compress-image-optimizer/tags/6.30.00/addons/cdn/cdn-rewrite.php#L459" + }, + { + "url": "https://wordpress.org/plugins/wp-compress-image-optimizer/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-compress-image-optimizer/#developers" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3213738/", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3213738/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Dale Mavers" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/12xxx/CVE-2024-12545.json b/2024/12xxx/CVE-2024-12545.json index 9a029f88140..22cb16fa518 100644 --- a/2024/12xxx/CVE-2024-12545.json +++ b/2024/12xxx/CVE-2024-12545.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12545", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Scratch & Win \u2013 Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.1. This is due to missing nonce validation on the reset_installation() function. This makes it possible for unauthenticated attackers to reset the plugin\u2019s installation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "akashmalik", + "product": { + "product_data": [ + { + "product_name": "Scratch & Win \u2013 Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.7.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7cbc157b-4f1b-4212-9e5c-dd10dd443df7?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7cbc157b-4f1b-4212-9e5c-dd10dd443df7?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/scratch-win-giveaways-for-website-facebook/tags/2.7.0/includes/swin-api.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/scratch-win-giveaways-for-website-facebook/tags/2.7.0/includes/swin-api.php" + }, + { + "url": "https://wordpress.org/plugins/scratch-win-giveaways-for-website-facebook/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/scratch-win-giveaways-for-website-facebook/#developers" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3212730/", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3212730/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Peter Thaleikis" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/12xxx/CVE-2024-12701.json b/2024/12xxx/CVE-2024-12701.json index 4c0c3d8d819..ad393168b2c 100644 --- a/2024/12xxx/CVE-2024-12701.json +++ b/2024/12xxx/CVE-2024-12701.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12701", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Smart Import : Import any XML File to WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018 page\u2019 parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "xylus", + "product": { + "product_data": [ + { + "product_name": "WP Smart Import : Import any XML File to WordPress", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/27153c13-6bdc-4873-8a05-8aab6ba4243d?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/27153c13-6bdc-4873-8a05-8aab6ba4243d?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-smart-import/trunk/controller/manage_controller.php#L82", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wp-smart-import/trunk/controller/manage_controller.php#L82" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-smart-import/trunk/controller/file_manage_controller.php#L39", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wp-smart-import/trunk/controller/file_manage_controller.php#L39" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3212009/", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3212009/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Colin Xu" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" } ] } diff --git a/2025/0xxx/CVE-2025-0203.json b/2025/0xxx/CVE-2025-0203.json index 93b6905c6b2..92ea5f7d0f4 100644 --- a/2025/0xxx/CVE-2025-0203.json +++ b/2025/0xxx/CVE-2025-0203.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0203", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in code-projects Student Management System 1.0. It has been declared as critical. This vulnerability affects the function showSubject1 of the file /config/DbFunction.php. The manipulation of the argument sid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + }, + { + "lang": "deu", + "value": "In code-projects Student Management System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Es geht um die Funktion showSubject1 der Datei /config/DbFunction.php. Durch Manipulation des Arguments sid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "code-projects", + "product": { + "product_data": [ + { + "product_name": "Student Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.290140", + "refsource": "MISC", + "name": "https://vuldb.com/?id.290140" + }, + { + "url": "https://vuldb.com/?ctiid.290140", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.290140" + }, + { + "url": "https://vuldb.com/?submit.473410", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.473410" + }, + { + "url": "https://gist.github.com/th4s1s/e8488d7e35d789581979f3b7e4c48b1f", + "refsource": "MISC", + "name": "https://gist.github.com/th4s1s/e8488d7e35d789581979f3b7e4c48b1f" + }, + { + "url": "https://code-projects.org/", + "refsource": "MISC", + "name": "https://code-projects.org/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "lio346 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/0xxx/CVE-2025-0204.json b/2025/0xxx/CVE-2025-0204.json index dd8c50b7784..f46d09960ce 100644 --- a/2025/0xxx/CVE-2025-0204.json +++ b/2025/0xxx/CVE-2025-0204.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0204", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in code-projects Online Shoe Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /details.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in code-projects Online Shoe Store 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /details.php. Mittels dem Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "code-projects", + "product": { + "product_data": [ + { + "product_name": "Online Shoe Store", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.290141", + "refsource": "MISC", + "name": "https://vuldb.com/?id.290141" + }, + { + "url": "https://vuldb.com/?ctiid.290141", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.290141" + }, + { + "url": "https://vuldb.com/?submit.474031", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.474031" + }, + { + "url": "https://gist.github.com/th4s1s/6f0b3fcf85455238b4316d0fda7d489e", + "refsource": "MISC", + "name": "https://gist.github.com/th4s1s/6f0b3fcf85455238b4316d0fda7d489e" + }, + { + "url": "https://code-projects.org/", + "refsource": "MISC", + "name": "https://code-projects.org/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "lio346 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] }