From fecbc6ce9b60246a02d1088a70f562101f12831b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 Sep 2021 18:01:00 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/20xxx/CVE-2021-20433.json | 174 +++++++++++++++---------------- 2021/27xxx/CVE-2021-27027.json | 2 +- 2021/27xxx/CVE-2021-27028.json | 2 +- 2021/27xxx/CVE-2021-27029.json | 2 +- 2021/27xxx/CVE-2021-27044.json | 4 +- 2021/28xxx/CVE-2021-28901.json | 56 ++++++++-- 2021/29xxx/CVE-2021-29750.json | 180 ++++++++++++++++----------------- 2021/29xxx/CVE-2021-29773.json | 180 ++++++++++++++++----------------- 2021/39xxx/CVE-2021-39213.json | 10 +- 2021/40xxx/CVE-2021-40964.json | 61 +++++++++-- 2021/40xxx/CVE-2021-40965.json | 61 +++++++++-- 2021/40xxx/CVE-2021-40966.json | 61 +++++++++-- 12 files changed, 492 insertions(+), 301 deletions(-) diff --git a/2021/20xxx/CVE-2021-20433.json b/2021/20xxx/CVE-2021-20433.json index c60ac405993..7b65a93370e 100644 --- a/2021/20xxx/CVE-2021-20433.json +++ b/2021/20xxx/CVE-2021-20433.json @@ -1,90 +1,90 @@ { - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2021-20433", - "DATE_PUBLIC" : "2021-09-14T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 196345." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-20433", + "DATE_PUBLIC": "2021-09-14T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Security Guardium", - "version" : { - "version_data" : [ - { - "version_value" : "11.3" - } - ] - } - } - ] - } + "lang": "eng", + "value": "IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 196345." } - ] - } - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "AC" : "L", - "I" : "N", - "AV" : "N", - "C" : "H", - "SCORE" : "6.500", - "PR" : "L", - "UI" : "N", - "A" : "N", - "S" : "U" - } - } - }, - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6488941 (Security Guardium)", - "url" : "https://www.ibm.com/support/pages/node/6488941", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6488941" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196345", - "name" : "ibm-guardium-cve202120433-info-disc (196345)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Guardium", + "version": { + "version_data": [ + { + "version_value": "11.3" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "AC": "L", + "I": "N", + "AV": "N", + "C": "H", + "SCORE": "6.500", + "PR": "L", + "UI": "N", + "A": "N", + "S": "U" + } + } + }, + "data_type": "CVE", + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6488941 (Security Guardium)", + "url": "https://www.ibm.com/support/pages/node/6488941", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6488941" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196345", + "name": "ibm-guardium-cve202120433-info-disc (196345)", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + } +} \ No newline at end of file diff --git a/2021/27xxx/CVE-2021-27027.json b/2021/27xxx/CVE-2021-27027.json index 964cebd18f1..cffd14485e8 100644 --- a/2021/27xxx/CVE-2021-27027.json +++ b/2021/27xxx/CVE-2021-27027.json @@ -80,7 +80,7 @@ "description_data": [ { "lang": "eng", - "value": "A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure." + "value": "An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to code execution through maliciously crafted DLL files or information disclosure." } ] } diff --git a/2021/27xxx/CVE-2021-27028.json b/2021/27xxx/CVE-2021-27028.json index 67f91020dcb..5cb36b90b58 100644 --- a/2021/27xxx/CVE-2021-27028.json +++ b/2021/27xxx/CVE-2021-27028.json @@ -65,7 +65,7 @@ "description_data": [ { "lang": "eng", - "value": "A Memory Corruption Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files." + "value": "A Memory Corruption Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to remote code execution through maliciously crafted DLL files." } ] } diff --git a/2021/27xxx/CVE-2021-27029.json b/2021/27xxx/CVE-2021-27029.json index a3cf4b55a5d..31051c3ee97 100644 --- a/2021/27xxx/CVE-2021-27029.json +++ b/2021/27xxx/CVE-2021-27029.json @@ -60,7 +60,7 @@ "description_data": [ { "lang": "eng", - "value": "The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's Review causing the application to crash leading to a denial of service." + "value": "The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's Review version 1.5.0 and prior causing the application to crash leading to a denial of service." } ] } diff --git a/2021/27xxx/CVE-2021-27044.json b/2021/27xxx/CVE-2021-27044.json index a6aea007d18..0987964a7a5 100644 --- a/2021/27xxx/CVE-2021-27044.json +++ b/2021/27xxx/CVE-2021-27044.json @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "Out-Of-Bounds Write Vulnerability " + "value": "Out-Of-Bounds Read Vulnerability " } ] } @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "An Out-Of-Bounds Write Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to code execution through maliciously crafted DLL files or information disclosure." + "value": "A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure." } ] } diff --git a/2021/28xxx/CVE-2021-28901.json b/2021/28xxx/CVE-2021-28901.json index eedea11b58d..4015771fc56 100644 --- a/2021/28xxx/CVE-2021-28901.json +++ b/2021/28xxx/CVE-2021-28901.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28901", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28901", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple cross-site scripting (XSS) vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and earlier, which allows remote attackers to inject arbitrary web script or HTML via the (1) NOM_CLI , (2) ADRESSE , (3) ADRESSE2, (4) LOCALITE parameters to /eshop/products/json/aouCustomerAdresse; and the (5) nom_liste parameter to /eshop/products/json/addCustomerFavorite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE_2021_28901.pdf", + "url": "https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE_2021_28901.pdf" } ] } diff --git a/2021/29xxx/CVE-2021-29750.json b/2021/29xxx/CVE-2021-29750.json index 8ab2345872e..10cb7d03b49 100644 --- a/2021/29xxx/CVE-2021-29750.json +++ b/2021/29xxx/CVE-2021-29750.json @@ -1,93 +1,93 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201778.", - "lang" : "eng" - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2021-29750", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-09-14T00:00:00" - }, - "data_version" : "4.0", - "data_format" : "MITRE", - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6488945 (QRadar SIEM)", - "url" : "https://www.ibm.com/support/pages/node/6488945", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6488945" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-qradar-cve202129750-info-disc (201778)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/201778" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "A" : "N", - "UI" : "N", - "AV" : "N", - "C" : "H", - "AC" : "H", - "I" : "N", - "SCORE" : "5.900", - "PR" : "N" - }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "7.3" - }, - { - "version_value" : "7.4" - } - ] - }, - "product_name" : "QRadar SIEM" - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] } - ] - } - } -} + ] + }, + "description": { + "description_data": [ + { + "value": "IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201778.", + "lang": "eng" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2021-29750", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-09-14T00:00:00" + }, + "data_version": "4.0", + "data_format": "MITRE", + "data_type": "CVE", + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6488945 (QRadar SIEM)", + "url": "https://www.ibm.com/support/pages/node/6488945", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6488945" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-qradar-cve202129750-info-disc (201778)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201778" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "A": "N", + "UI": "N", + "AV": "N", + "C": "H", + "AC": "H", + "I": "N", + "SCORE": "5.900", + "PR": "N" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.3" + }, + { + "version_value": "7.4" + } + ] + }, + "product_name": "QRadar SIEM" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29773.json b/2021/29xxx/CVE-2021-29773.json index 87c512310bd..bd24bff38ab 100644 --- a/2021/29xxx/CVE-2021-29773.json +++ b/2021/29xxx/CVE-2021-29773.json @@ -1,93 +1,93 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 202865.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2021-29773", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-09-14T00:00:00" - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6488943", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6488943", - "title" : "IBM Security Bulletin 6488943 (Security Guardium)" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-guardium-cve202129773-info-disc (202865)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/202865" - } - ] - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "A" : "N", - "S" : "U", - "UI" : "N", - "PR" : "L", - "SCORE" : "5.400", - "C" : "L", - "AV" : "N", - "I" : "L", - "AC" : "L" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "10.6" - }, - { - "version_value" : "11.3" - } - ] - }, - "product_name" : "Security Guardium" - } - ] - } + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] } - ] - } - } -} + ] + }, + "description": { + "description_data": [ + { + "value": "IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 202865.", + "lang": "eng" + } + ] + }, + "data_version": "4.0", + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2021-29773", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-09-14T00:00:00" + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6488943", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6488943", + "title": "IBM Security Bulletin 6488943 (Security Guardium)" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-guardium-cve202129773-info-disc (202865)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202865" + } + ] + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + }, + "BM": { + "A": "N", + "S": "U", + "UI": "N", + "PR": "L", + "SCORE": "5.400", + "C": "L", + "AV": "N", + "I": "L", + "AC": "L" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "10.6" + }, + { + "version_value": "11.3" + } + ] + }, + "product_name": "Security Guardium" + } + ] + } + } + ] + } + } +} \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39213.json b/2021/39xxx/CVE-2021-39213.json index 3bb50fd99e6..739a72c2e09 100644 --- a/2021/39xxx/CVE-2021-39213.json +++ b/2021/39xxx/CVE-2021-39213.json @@ -69,15 +69,15 @@ }, "references": { "reference_data": [ - { - "name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-6w9f-2m6g-5777", - "refsource": "CONFIRM", - "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-6w9f-2m6g-5777" - }, { "name": "https://github.com/glpi-project/glpi/releases/tag/9.5.6", "refsource": "MISC", "url": "https://github.com/glpi-project/glpi/releases/tag/9.5.6" + }, + { + "name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-6w9f-2m6g-5777", + "refsource": "CONFIRM", + "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-6w9f-2m6g-5777" } ] }, diff --git a/2021/40xxx/CVE-2021-40964.json b/2021/40xxx/CVE-2021-40964.json index e62eae65588..abbaa55945b 100644 --- a/2021/40xxx/CVE-2021-40964.json +++ b/2021/40xxx/CVE-2021-40964.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40964", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40964", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the \"fullpath\" parameter containing path traversal strings (../ and ..\\) in order to escape the server's intended working directory and write malicious files onto any directory on the computer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/prasathmani/tinyfilemanager", + "refsource": "MISC", + "name": "https://github.com/prasathmani/tinyfilemanager" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/omriinbar/953368dcdd9e5eeefd83920166099528", + "url": "https://gist.github.com/omriinbar/953368dcdd9e5eeefd83920166099528" } ] } diff --git a/2021/40xxx/CVE-2021-40965.json b/2021/40xxx/CVE-2021-40965.json index e873a914940..d15cdc25858 100644 --- a/2021/40xxx/CVE-2021-40965.json +++ b/2021/40xxx/CVE-2021-40965.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40965", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40965", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/prasathmani/tinyfilemanager", + "refsource": "MISC", + "name": "https://github.com/prasathmani/tinyfilemanager" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/omriinbar/953368dcdd9e5eeefd83920166099528", + "url": "https://gist.github.com/omriinbar/953368dcdd9e5eeefd83920166099528" } ] } diff --git a/2021/40xxx/CVE-2021-40966.json b/2021/40xxx/CVE-2021-40966.json index 705dc5344e5..bfc2a359c24 100644 --- a/2021/40xxx/CVE-2021-40966.json +++ b/2021/40xxx/CVE-2021-40966.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40966", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40966", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious filename containing javascript code and it will run on any user browser when they access the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/prasathmani/tinyfilemanager", + "refsource": "MISC", + "name": "https://github.com/prasathmani/tinyfilemanager" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/omriinbar/953368dcdd9e5eeefd83920166099528", + "url": "https://gist.github.com/omriinbar/953368dcdd9e5eeefd83920166099528" } ] }