Auto-Update: 2023-11-06T23:00:19.118910+00:00

CVE-2021/CVE-2021-294xx/CVE-2021-29439.json

@@ -2,12 +2,12 @@
   "id": "CVE-2021-29439",
   "sourceIdentifier": "security-advisories@github.com",
   "published": "2021-04-13T20:15:22.297",
-  "lastModified": "2022-12-13T16:39:31.270",
+  "lastModified": "2023-11-06T22:15:07.620",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary code execution primitive and elevate their privileges on the instance. The vulnerability has been addressed in version 1.10.11. As a mitigation blocking access to the `/admin` path from untrusted sources will reduce the probability of exploitation."
+      "value": "The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary code execution primitive and elevate their privileges on the instance. The vulnerability has been addressed in version 1.10.11. As a mitigation blocking access to the `/admin` path from untrusted sources will reduce the probability of exploitation. "
     },
     {
       "lang": "es",
@@ -115,12 +115,8 @@
   ],
   "references": [
     {
-      "url": "https://blog.sonarsource.com/grav-cms-code-execution-vulnerabilities",
+      "url": "https://github.com/getgrav/grav-plugin-admin/commit/a220359877fd1281f76ba732e5308e0e3002e4b1",
-      "source": "security-advisories@github.com",
+      "source": "security-advisories@github.com"
-      "tags": [
-        "Exploit",
-        "Third Party Advisory"
-      ]
     },
     {
       "url": "https://github.com/getgrav/grav-plugin-admin/security/advisories/GHSA-wg37-cf5x-55hq",

CVE-2021/CVE-2021-294xx/CVE-2021-29493.json

@@ -2,8 +2,8 @@
   "id": "CVE-2021-29493",
   "sourceIdentifier": "security-advisories@github.com",
   "published": "2021-05-06T20:15:09.867",
-  "lastModified": "2022-04-25T20:02:57.307",
+  "lastModified": "2023-11-06T22:15:07.737",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
@@ -85,22 +85,22 @@
   },
   "weaknesses": [
     {
-      "source": "nvd@nist.gov",
+      "source": "security-advisories@github.com",
       "type": "Primary",
       "description": [
         {
           "lang": "en",
-          "value": "NVD-CWE-noinfo"
+          "value": "CWE-94"
         }
       ]
     },
     {
-      "source": "security-advisories@github.com",
+      "source": "nvd@nist.gov",
       "type": "Secondary",
       "description": [
         {
           "lang": "en",
-          "value": "CWE-94"
+          "value": "NVD-CWE-noinfo"
         }
       ]
     }
@@ -124,6 +124,10 @@
     }
   ],
   "references": [
+    {
+      "url": "https://github.com/kennnyshiwa/kennnyshiwa-cogs/commit/5a84d60018468e5c0346f7ee74b2b4650a6dade7",
+      "source": "security-advisories@github.com"
+    },
     {
       "url": "https://github.com/kennnyshiwa/kennnyshiwa-cogs/security/advisories/GHSA-f4j2-2cwr-h473",
       "source": "security-advisories@github.com",

CVE-2023/CVE-2023-230xx/CVE-2023-23082.json

@@ -2,8 +2,8 @@
   "id": "CVE-2023-23082",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2023-02-03T22:15:12.277",
-  "lastModified": "2023-02-12T04:53:50.410",
+  "lastModified": "2023-11-06T21:15:08.800",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
@@ -65,22 +65,6 @@
     }
   ],
   "references": [
-    {
-      "url": "https://github.com/fritsch/xbmc/commit/367cc80d66b0310b460f587fea44274b442951f1",
-      "source": "cve@mitre.org",
-      "tags": [
-        "Patch",
-        "Third Party Advisory"
-      ]
-    },
-    {
-      "url": "https://github.com/fritsch/xbmc/commit/54df944584fc9fecd4cd5d69c2289f0934de305b",
-      "source": "cve@mitre.org",
-      "tags": [
-        "Patch",
-        "Third Party Advisory"
-      ]
-    },
     {
       "url": "https://github.com/xbmc/xbmc/commit/8c2aafb6d4987833803e037c923aaf83f9ff41e1",
       "source": "cve@mitre.org",
@@ -106,6 +90,14 @@
         "Patch",
         "Third Party Advisory"
       ]
+    },
+    {
+      "url": "https://github.com/xbmc/xbmc/pull/22380/commits/00fec1dbdd1df827872c7b55ad93059636dfc076",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/xbmc/xbmc/pull/22380/commits/7e5f9fbf9aaa3540aab35e7504036855b23dcf60",
+      "source": "cve@mitre.org"
     }
   ]
 }

CVE-2023/CVE-2023-357xx/CVE-2023-35784.json

@@ -2,8 +2,8 @@
   "id": "CVE-2023-35784",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2023-06-16T20:15:09.493",
-  "lastModified": "2023-06-26T22:16:35.380",
+  "lastModified": "2023-11-06T22:15:07.897",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
@@ -115,18 +115,8 @@
       ]
     },
     {
-      "url": "https://github.com/libressl/openbsd/commit/1d6680b3682f8caba78c627dee60c76da6e20dd7",
+      "url": "https://github.com/libressl/openbsd/commit/e42d8f4b21a8a498e2eabbffe4c7b7d4ef7cec54",
-      "source": "cve@mitre.org",
+      "source": "cve@mitre.org"
-      "tags": [
-        "Patch"
-      ]
-    },
-    {
-      "url": "https://github.com/libressl/openbsd/commit/96094ca8757b95298f49d65c813f303bd514b27b",
-      "source": "cve@mitre.org",
-      "tags": [
-        "Patch"
-      ]
     }
   ]
 }

CVE-2023/CVE-2023-455xx/CVE-2023-45556.json

@@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-45556",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-06T22:15:07.990",
+  "lastModified": "2023-11-06T22:15:07.990",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/Or4ngm4n/Mybb/blob/main/MyBB%201.8.33%20Cross%20Site%20Scripting.txt",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/mybb/mybb/security/advisories/GHSA-4xqm-3cm2-5xgf",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://raw.githubusercontent.com/Or4ngm4n/Mybb/main/Screenshot%202023-10-08%20012112.png",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-470xx/CVE-2023-47004.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-47004",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-06T22:15:08.043",
+  "lastModified": "2023-11-06T22:15:08.043",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/RedisGraph/RedisGraph/issues/3178",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-48xx/CVE-2023-4810.json

@@ -0,0 +1,36 @@
+{
+  "id": "CVE-2023-4810",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2023-11-06T21:15:08.900",
+  "lastModified": "2023-11-06T21:15:08.900",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Responsive Pricing Table WordPress plugin before 5.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "contact@wpscan.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://portswigger.net/web-security/cross-site-scripting/stored",
+      "source": "contact@wpscan.com"
+    },
+    {
+      "url": "https://wpscan.com/vulnerability/dfde5436-dd5c-4c70-a9c2-3cb85cc99c0a",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-48xx/CVE-2023-4858.json

@@ -0,0 +1,36 @@
+{
+  "id": "CVE-2023-4858",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2023-11-06T21:15:08.980",
+  "lastModified": "2023-11-06T21:15:08.980",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Simple Table Manager WordPress plugin through 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "contact@wpscan.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/nightcloudos/bug_report/blob/main/vendors/poc2.md",
+      "source": "contact@wpscan.com"
+    },
+    {
+      "url": "https://wpscan.com/vulnerability/ef8029e0-9282-401a-a77d-10b6656adaa6",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-49xx/CVE-2023-4930.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-4930",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2023-11-06T21:15:09.233",
+  "lastModified": "2023-11-06T21:15:09.233",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "contact@wpscan.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-200"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/c73b3276-e6f1-4f22-a888-025e5d0504f2",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-50xx/CVE-2023-5082.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-5082",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2023-11-06T21:15:09.517",
+  "lastModified": "2023-11-06T21:15:09.517",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "contact@wpscan.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/13a196ba-49c7-4575-9a49-3ef9eb2348f3",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-51xx/CVE-2023-5181.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-5181",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2023-11-06T21:15:09.590",
+  "lastModified": "2023-11-06T21:15:09.590",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WP Discord Invite WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "contact@wpscan.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/564ad2b0-6ba6-4415-98d7-8d41bc1c3d44",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-52xx/CVE-2023-5228.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-5228",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2023-11-06T21:15:09.660",
+  "lastModified": "2023-11-06T21:15:09.660",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "contact@wpscan.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/50ae7008-46f0-4f89-ae98-65dcabe4ef09",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-53xx/CVE-2023-5352.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-5352",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2023-11-06T21:15:09.723",
+  "lastModified": "2023-11-06T21:15:09.723",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Awesome Support WordPress plugin before 6.1.5 does not correctly authorize the wpas_edit_reply function, allowing users to edit posts for which they do not have permission."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "contact@wpscan.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/d32b2136-d923-4f36-bd76-af4578deb23b",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-53xx/CVE-2023-5354.json

@@ -0,0 +1,36 @@
+{
+  "id": "CVE-2023-5354",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2023-11-06T21:15:09.790",
+  "lastModified": "2023-11-06T21:15:09.790",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Awesome Support WordPress plugin before 6.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "contact@wpscan.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/aa380524-031d-4e49-9d0b-96e62d54557f",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-53xx/CVE-2023-5355.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-5355",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2023-11-06T21:15:09.870",
+  "lastModified": "2023-11-06T21:15:09.870",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "contact@wpscan.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/d6f7faca-dacf-4455-a837-0404803d0f25",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-54xx/CVE-2023-5454.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-5454",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2023-11-06T21:15:09.937",
+  "lastModified": "2023-11-06T21:15:09.937",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users to delete arbitrary posts."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "contact@wpscan.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/1854f77f-e12a-4370-9c44-73d16d493685",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-55xx/CVE-2023-5530.json

@@ -0,0 +1,36 @@
+{
+  "id": "CVE-2023-5530",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2023-11-06T21:15:10.003",
+  "lastModified": "2023-11-06T21:15:10.003",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this, and such users are already allowed to use JS in posts/comments etc however the vendor acknowledged and fixed the issue"
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "contact@wpscan.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://ninjaforms.com/blog/saturday-drive-x-edition/",
+      "source": "contact@wpscan.com"
+    },
+    {
+      "url": "https://wpscan.com/vulnerability/a642f313-cc3e-4d75-b207-1dceb6a7fbae",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-56xx/CVE-2023-5601.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-5601",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2023-11-06T21:15:10.063",
+  "lastModified": "2023-11-06T21:15:10.063",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "contact@wpscan.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/0035ec5e-d405-4eb7-8fe4-29dd0c71e4bc",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-56xx/CVE-2023-5605.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-5605",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2023-11-06T21:15:10.137",
+  "lastModified": "2023-11-06T21:15:10.137",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The URL Shortify WordPress plugin through 1.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "contact@wpscan.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/9ec03ef0-0c04-4517-b761-df87af722a64",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-57xx/CVE-2023-5771.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-5771",
+  "sourceIdentifier": "security@proofpoint.com",
+  "published": "2023-11-06T21:15:10.203",
+  "lastModified": "2023-11-06T21:15:10.203",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages.\u00a0\u00a0This issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other prior versions.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@proofpoint.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@proofpoint.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0010",
+      "source": "security@proofpoint.com"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-11-06T21:00:19.166686+00:00
+2023-11-06T23:00:19.118910+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-11-06T20:15:08.033000+00:00
+2023-11-06T22:15:08.043000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,52 +29,39 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-229892
+229908
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `8`
+Recently added CVEs: `16`
 
-* [CVE-2022-48192](CVE-2022/CVE-2022-481xx/CVE-2022-48192.json) (`2023-11-06T20:15:07.650`)
+* [CVE-2023-4810](CVE-2023/CVE-2023-48xx/CVE-2023-4810.json) (`2023-11-06T21:15:08.900`)
-* [CVE-2022-48193](CVE-2022/CVE-2022-481xx/CVE-2022-48193.json) (`2023-11-06T20:15:07.723`)
+* [CVE-2023-4858](CVE-2023/CVE-2023-48xx/CVE-2023-4858.json) (`2023-11-06T21:15:08.980`)
-* [CVE-2023-39345](CVE-2023/CVE-2023-393xx/CVE-2023-39345.json) (`2023-11-06T19:15:09.027`)
+* [CVE-2023-4930](CVE-2023/CVE-2023-49xx/CVE-2023-4930.json) (`2023-11-06T21:15:09.233`)
-* [CVE-2023-46254](CVE-2023/CVE-2023-462xx/CVE-2023-46254.json) (`2023-11-06T19:15:09.230`)
+* [CVE-2023-5082](CVE-2023/CVE-2023-50xx/CVE-2023-5082.json) (`2023-11-06T21:15:09.517`)
-* [CVE-2023-46731](CVE-2023/CVE-2023-467xx/CVE-2023-46731.json) (`2023-11-06T19:15:09.307`)
+* [CVE-2023-5181](CVE-2023/CVE-2023-51xx/CVE-2023-5181.json) (`2023-11-06T21:15:09.590`)
-* [CVE-2023-46732](CVE-2023/CVE-2023-467xx/CVE-2023-46732.json) (`2023-11-06T19:15:09.397`)
+* [CVE-2023-5228](CVE-2023/CVE-2023-52xx/CVE-2023-5228.json) (`2023-11-06T21:15:09.660`)
-* [CVE-2023-5719](CVE-2023/CVE-2023-57xx/CVE-2023-5719.json) (`2023-11-06T20:15:07.950`)
+* [CVE-2023-5352](CVE-2023/CVE-2023-53xx/CVE-2023-5352.json) (`2023-11-06T21:15:09.723`)
-* [CVE-2023-5777](CVE-2023/CVE-2023-57xx/CVE-2023-5777.json) (`2023-11-06T20:15:08.033`)
+* [CVE-2023-5354](CVE-2023/CVE-2023-53xx/CVE-2023-5354.json) (`2023-11-06T21:15:09.790`)
+* [CVE-2023-5355](CVE-2023/CVE-2023-53xx/CVE-2023-5355.json) (`2023-11-06T21:15:09.870`)
+* [CVE-2023-5454](CVE-2023/CVE-2023-54xx/CVE-2023-5454.json) (`2023-11-06T21:15:09.937`)
+* [CVE-2023-5530](CVE-2023/CVE-2023-55xx/CVE-2023-5530.json) (`2023-11-06T21:15:10.003`)
+* [CVE-2023-5601](CVE-2023/CVE-2023-56xx/CVE-2023-5601.json) (`2023-11-06T21:15:10.063`)
+* [CVE-2023-5605](CVE-2023/CVE-2023-56xx/CVE-2023-5605.json) (`2023-11-06T21:15:10.137`)
+* [CVE-2023-5771](CVE-2023/CVE-2023-57xx/CVE-2023-5771.json) (`2023-11-06T21:15:10.203`)
+* [CVE-2023-45556](CVE-2023/CVE-2023-455xx/CVE-2023-45556.json) (`2023-11-06T22:15:07.990`)
+* [CVE-2023-47004](CVE-2023/CVE-2023-470xx/CVE-2023-47004.json) (`2023-11-06T22:15:08.043`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `41`
+Recently modified CVEs: `4`
 
-* [CVE-2023-40661](CVE-2023/CVE-2023-406xx/CVE-2023-40661.json) (`2023-11-06T19:17:15.773`)
+* [CVE-2021-29439](CVE-2021/CVE-2021-294xx/CVE-2021-29439.json) (`2023-11-06T22:15:07.620`)
-* [CVE-2023-4535](CVE-2023/CVE-2023-45xx/CVE-2023-4535.json) (`2023-11-06T19:17:15.773`)
+* [CVE-2021-29493](CVE-2021/CVE-2021-294xx/CVE-2021-29493.json) (`2023-11-06T22:15:07.737`)
-* [CVE-2023-44398](CVE-2023/CVE-2023-443xx/CVE-2023-44398.json) (`2023-11-06T19:17:15.773`)
+* [CVE-2023-23082](CVE-2023/CVE-2023-230xx/CVE-2023-23082.json) (`2023-11-06T21:15:08.800`)
-* [CVE-2023-45827](CVE-2023/CVE-2023-458xx/CVE-2023-45827.json) (`2023-11-06T19:17:15.773`)
+* [CVE-2023-35784](CVE-2023/CVE-2023-357xx/CVE-2023-35784.json) (`2023-11-06T22:15:07.897`)
-* [CVE-2023-46251](CVE-2023/CVE-2023-462xx/CVE-2023-46251.json) (`2023-11-06T19:17:15.773`)
-* [CVE-2023-46728](CVE-2023/CVE-2023-467xx/CVE-2023-46728.json) (`2023-11-06T19:17:15.773`)
-* [CVE-2023-4700](CVE-2023/CVE-2023-47xx/CVE-2023-4700.json) (`2023-11-06T19:17:15.773`)
-* [CVE-2023-31416](CVE-2023/CVE-2023-314xx/CVE-2023-31416.json) (`2023-11-06T19:21:20.910`)
-* [CVE-2023-31419](CVE-2023/CVE-2023-314xx/CVE-2023-31419.json) (`2023-11-06T19:23:04.963`)
-* [CVE-2023-5796](CVE-2023/CVE-2023-57xx/CVE-2023-5796.json) (`2023-11-06T19:24:36.727`)
-* [CVE-2023-44397](CVE-2023/CVE-2023-443xx/CVE-2023-44397.json) (`2023-11-06T19:26:20.520`)
-* [CVE-2023-46361](CVE-2023/CVE-2023-463xx/CVE-2023-46361.json) (`2023-11-06T19:26:57.803`)
-* [CVE-2023-46858](CVE-2023/CVE-2023-468xx/CVE-2023-46858.json) (`2023-11-06T19:29:24.480`)
-* [CVE-2023-45956](CVE-2023/CVE-2023-459xx/CVE-2023-45956.json) (`2023-11-06T19:29:41.313`)
-* [CVE-2023-46428](CVE-2023/CVE-2023-464xx/CVE-2023-46428.json) (`2023-11-06T19:30:17.810`)
-* [CVE-2023-5896](CVE-2023/CVE-2023-58xx/CVE-2023-5896.json) (`2023-11-06T19:30:41.957`)
-* [CVE-2023-46478](CVE-2023/CVE-2023-464xx/CVE-2023-46478.json) (`2023-11-06T19:36:03.123`)
-* [CVE-2023-43792](CVE-2023/CVE-2023-437xx/CVE-2023-43792.json) (`2023-11-06T19:37:01.740`)
-* [CVE-2023-43649](CVE-2023/CVE-2023-436xx/CVE-2023-43649.json) (`2023-11-06T19:37:27.737`)
-* [CVE-2023-43647](CVE-2023/CVE-2023-436xx/CVE-2023-43647.json) (`2023-11-06T19:38:20.630`)
-* [CVE-2023-43648](CVE-2023/CVE-2023-436xx/CVE-2023-43648.json) (`2023-11-06T19:39:02.777`)
-* [CVE-2023-46233](CVE-2023/CVE-2023-462xx/CVE-2023-46233.json) (`2023-11-06T19:49:29.380`)
-* [CVE-2023-5789](CVE-2023/CVE-2023-57xx/CVE-2023-5789.json) (`2023-11-06T19:56:13.717`)
-* [CVE-2023-22518](CVE-2023/CVE-2023-225xx/CVE-2023-22518.json) (`2023-11-06T20:15:07.797`)
-* [CVE-2023-46502](CVE-2023/CVE-2023-465xx/CVE-2023-46502.json) (`2023-11-06T20:15:07.887`)
 
 
 ## Download and Usage