diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23890.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23890.json new file mode 100644 index 00000000000..fbab5606730 --- /dev/null +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23890.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-23890", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-01-26T11:15:08.053", + "lastModified": "2024-01-26T11:15:08.053", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itempopup.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/itempopup.php, en el par\u00e1metro de description. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23891.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23891.json new file mode 100644 index 00000000000..f2e481e4cdd --- /dev/null +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23891.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-23891", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-01-26T11:15:08.707", + "lastModified": "2024-01-26T11:15:08.707", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemcreate.php, in the itemid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/itemcreate.php, en el par\u00e1metro itemid. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23892.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23892.json new file mode 100644 index 00000000000..9f5703197e5 --- /dev/null +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23892.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-23892", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-01-26T11:15:08.970", + "lastModified": "2024-01-26T11:15:08.970", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/costcentercreate.php, in the costcenterid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/costcentercreate.php, en el par\u00e1metro costcenterid. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23893.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23893.json new file mode 100644 index 00000000000..a8e57b83d16 --- /dev/null +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23893.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-23893", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-01-26T11:15:09.223", + "lastModified": "2024-01-26T11:15:09.223", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/costcentermodify.php, in the costcenterid\u00a0parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/costcentermodify.php, en el par\u00e1metro costcenterid. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23894.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23894.json new file mode 100644 index 00000000000..ce1101e803d --- /dev/null +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23894.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-23894", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-01-26T11:15:09.477", + "lastModified": "2024-01-26T11:15:09.477", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancecreate.php, in the issuancedate parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/stockissuancecreate.php, en el par\u00e1metro issuancedate. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23896.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23896.json new file mode 100644 index 00000000000..a1ab6be05e6 --- /dev/null +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23896.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-23896", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-01-26T11:15:09.747", + "lastModified": "2024-01-26T11:15:09.747", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stock.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials." + }, + { + "lang": "es", + "value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/stock.php, en el par\u00e1metro batchno. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 4ffa2549352..3d2aa794173 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-26T11:00:25.747478+00:00 +2024-01-26T13:00:25.097940+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-26T10:15:12.953000+00:00 +2024-01-26T11:15:09.747000+00:00 ``` ### Last Data Feed Release @@ -29,47 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -236908 +236914 ``` ### CVEs added in the last Commit -Recently added CVEs: `39` +Recently added CVEs: `6` -* [CVE-2024-23865](CVE-2024/CVE-2024-238xx/CVE-2024-23865.json) (`2024-01-26T10:15:08.223`) -* [CVE-2024-23866](CVE-2024/CVE-2024-238xx/CVE-2024-23866.json) (`2024-01-26T10:15:08.420`) -* [CVE-2024-23867](CVE-2024/CVE-2024-238xx/CVE-2024-23867.json) (`2024-01-26T10:15:08.640`) -* [CVE-2024-23868](CVE-2024/CVE-2024-238xx/CVE-2024-23868.json) (`2024-01-26T10:15:08.840`) -* [CVE-2024-23869](CVE-2024/CVE-2024-238xx/CVE-2024-23869.json) (`2024-01-26T10:15:09.047`) -* [CVE-2024-23870](CVE-2024/CVE-2024-238xx/CVE-2024-23870.json) (`2024-01-26T10:15:09.243`) -* [CVE-2024-23871](CVE-2024/CVE-2024-238xx/CVE-2024-23871.json) (`2024-01-26T10:15:09.437`) -* [CVE-2024-23872](CVE-2024/CVE-2024-238xx/CVE-2024-23872.json) (`2024-01-26T10:15:09.637`) -* [CVE-2024-23873](CVE-2024/CVE-2024-238xx/CVE-2024-23873.json) (`2024-01-26T10:15:09.830`) -* [CVE-2024-23874](CVE-2024/CVE-2024-238xx/CVE-2024-23874.json) (`2024-01-26T10:15:10.023`) -* [CVE-2024-23875](CVE-2024/CVE-2024-238xx/CVE-2024-23875.json) (`2024-01-26T10:15:10.213`) -* [CVE-2024-23876](CVE-2024/CVE-2024-238xx/CVE-2024-23876.json) (`2024-01-26T10:15:10.410`) -* [CVE-2024-23877](CVE-2024/CVE-2024-238xx/CVE-2024-23877.json) (`2024-01-26T10:15:10.597`) -* [CVE-2024-23878](CVE-2024/CVE-2024-238xx/CVE-2024-23878.json) (`2024-01-26T10:15:10.803`) -* [CVE-2024-23879](CVE-2024/CVE-2024-238xx/CVE-2024-23879.json) (`2024-01-26T10:15:10.997`) -* [CVE-2024-23880](CVE-2024/CVE-2024-238xx/CVE-2024-23880.json) (`2024-01-26T10:15:11.203`) -* [CVE-2024-23881](CVE-2024/CVE-2024-238xx/CVE-2024-23881.json) (`2024-01-26T10:15:11.410`) -* [CVE-2024-23882](CVE-2024/CVE-2024-238xx/CVE-2024-23882.json) (`2024-01-26T10:15:11.600`) -* [CVE-2024-23883](CVE-2024/CVE-2024-238xx/CVE-2024-23883.json) (`2024-01-26T10:15:11.800`) -* [CVE-2024-23884](CVE-2024/CVE-2024-238xx/CVE-2024-23884.json) (`2024-01-26T10:15:11.993`) -* [CVE-2024-23885](CVE-2024/CVE-2024-238xx/CVE-2024-23885.json) (`2024-01-26T10:15:12.180`) -* [CVE-2024-23886](CVE-2024/CVE-2024-238xx/CVE-2024-23886.json) (`2024-01-26T10:15:12.370`) -* [CVE-2024-23887](CVE-2024/CVE-2024-238xx/CVE-2024-23887.json) (`2024-01-26T10:15:12.570`) -* [CVE-2024-23888](CVE-2024/CVE-2024-238xx/CVE-2024-23888.json) (`2024-01-26T10:15:12.760`) -* [CVE-2024-23889](CVE-2024/CVE-2024-238xx/CVE-2024-23889.json) (`2024-01-26T10:15:12.953`) +* [CVE-2024-23890](CVE-2024/CVE-2024-238xx/CVE-2024-23890.json) (`2024-01-26T11:15:08.053`) +* [CVE-2024-23891](CVE-2024/CVE-2024-238xx/CVE-2024-23891.json) (`2024-01-26T11:15:08.707`) +* [CVE-2024-23892](CVE-2024/CVE-2024-238xx/CVE-2024-23892.json) (`2024-01-26T11:15:08.970`) +* [CVE-2024-23893](CVE-2024/CVE-2024-238xx/CVE-2024-23893.json) (`2024-01-26T11:15:09.223`) +* [CVE-2024-23894](CVE-2024/CVE-2024-238xx/CVE-2024-23894.json) (`2024-01-26T11:15:09.477`) +* [CVE-2024-23896](CVE-2024/CVE-2024-238xx/CVE-2024-23896.json) (`2024-01-26T11:15:09.747`) ### CVEs modified in the last Commit -Recently modified CVEs: `3` +Recently modified CVEs: `0` -* [CVE-2021-33630](CVE-2021/CVE-2021-336xx/CVE-2021-33630.json) (`2024-01-26T09:15:07.277`) -* [CVE-2021-33631](CVE-2021/CVE-2021-336xx/CVE-2021-33631.json) (`2024-01-26T09:15:07.457`) -* [CVE-2024-23855](CVE-2024/CVE-2024-238xx/CVE-2024-23855.json) (`2024-01-26T09:15:08.527`) ## Download and Usage