mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-01 03:01:36 +00:00
Auto-Update: 2025-05-22T06:00:19.008015+00:00
This commit is contained in:
cad-safe-bot
parent
6b79a9352c
commit
15ed0e27e5
68
CVE-2025/CVE-2025-50xx/CVE-2025-5062.json
Normal file
68
CVE-2025/CVE-2025-50xx/CVE-2025-5062.json
Normal file
@ -0,0 +1,68 @@
|
||||
{
|
||||
"id": "CVE-2025-5062",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2025-05-22T04:16:22.913",
|
||||
"lastModified": "2025-05-22T04:16:22.913",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The WooCommerce plugin for WordPress is vulnerable to PostMessage-Based Cross-Site Scripting via the 'customize-store' page in all versions up to, and including, 9.4.2 due to insufficient input sanitization and output escaping on PostMessage data. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "security@wordfence.com",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
||||
"baseScore": 6.1,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 2.7
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "security@wordfence.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://developer.woocommerce.com/2024/12/03/woocommerce-9-4-3-and-woocommerce-9-3-4-available-now/",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/woocommerce/woocommerce/blob/08dbc3b7dea140dd5dc19ee9c9ecd47dac0605b6/plugins/woocommerce/client/admin/client/customize-store/utils.js#L39C1-L56C2",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/woocommerce/woocommerce/pull/53405/files",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cc2ee5bb-eeb8-4134-8f3f-b411e56457f0?source=cve",
|
||||
"source": "security@wordfence.com"
|
||||
}
|
||||
]
|
||||
}
|
||||
22
README.md
22
README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
|
||||
### Last Repository Update
|
||||
|
||||
```plain
|
||||
2025-05-22T02:00:20.089461+00:00
|
||||
2025-05-22T06:00:19.008015+00:00
|
||||
```
|
||||
|
||||
### Most recent CVE Modification Timestamp synchronized with NVD
|
||||
|
||||
```plain
|
||||
2025-05-22T01:15:54.463000+00:00
|
||||
2025-05-22T04:16:22.913000+00:00
|
||||
```
|
||||
|
||||
### Last Data Feed Release
|
||||
@ -33,26 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
|
||||
### Total Number of included CVEs
|
||||
|
||||
```plain
|
||||
295121
|
||||
295122
|
||||
```
|
||||
|
||||
### CVEs added in the last Commit
|
||||
|
||||
Recently added CVEs: `13`
|
||||
Recently added CVEs: `1`
|
||||
|
||||
- [CVE-2025-2759](CVE-2025/CVE-2025-27xx/CVE-2025-2759.json) (`2025-05-22T01:15:52.557`)
|
||||
- [CVE-2025-3480](CVE-2025/CVE-2025-34xx/CVE-2025-3480.json) (`2025-05-22T01:15:52.867`)
|
||||
- [CVE-2025-3481](CVE-2025/CVE-2025-34xx/CVE-2025-3481.json) (`2025-05-22T01:15:53.023`)
|
||||
- [CVE-2025-3482](CVE-2025/CVE-2025-34xx/CVE-2025-3482.json) (`2025-05-22T01:15:53.180`)
|
||||
- [CVE-2025-3483](CVE-2025/CVE-2025-34xx/CVE-2025-3483.json) (`2025-05-22T01:15:53.330`)
|
||||
- [CVE-2025-3484](CVE-2025/CVE-2025-34xx/CVE-2025-3484.json) (`2025-05-22T01:15:53.473`)
|
||||
- [CVE-2025-3486](CVE-2025/CVE-2025-34xx/CVE-2025-3486.json) (`2025-05-22T01:15:53.610`)
|
||||
- [CVE-2025-3881](CVE-2025/CVE-2025-38xx/CVE-2025-3881.json) (`2025-05-22T01:15:53.753`)
|
||||
- [CVE-2025-3882](CVE-2025/CVE-2025-38xx/CVE-2025-3882.json) (`2025-05-22T01:15:53.897`)
|
||||
- [CVE-2025-3883](CVE-2025/CVE-2025-38xx/CVE-2025-3883.json) (`2025-05-22T01:15:54.040`)
|
||||
- [CVE-2025-3884](CVE-2025/CVE-2025-38xx/CVE-2025-3884.json) (`2025-05-22T01:15:54.180`)
|
||||
- [CVE-2025-3885](CVE-2025/CVE-2025-38xx/CVE-2025-3885.json) (`2025-05-22T01:15:54.323`)
|
||||
- [CVE-2025-3887](CVE-2025/CVE-2025-38xx/CVE-2025-3887.json) (`2025-05-22T01:15:54.463`)
|
||||
- [CVE-2025-5062](CVE-2025/CVE-2025-50xx/CVE-2025-5062.json) (`2025-05-22T04:16:22.913`)
|
||||
|
||||
|
||||
### CVEs modified in the last Commit
|
||||
|
||||
27
_state.csv
27
_state.csv
@ -289023,7 +289023,7 @@ CVE-2025-27581,0,0,010725d7ecbfe0dd212b958a3a5bd2c7e9f3630c39f4e0964f9540d000321
|
||||
CVE-2025-27583,0,0,0323a5ab9427edc3fc5fcf52b07bbd68cd541b31029bf0b1077e85dabad17762,2025-03-05T17:15:16.693000
|
||||
CVE-2025-27584,0,0,f03e6726bedccad19322a88f13d717b29a57c1713f548b043d4f11c0c134f427,2025-03-04T17:15:20.527000
|
||||
CVE-2025-27585,0,0,720b68d2eda984711942f08d1f5d1c3e9ff08ec0907ec239e78ca92044ae9f6a,2025-03-04T17:15:20.690000
|
||||
CVE-2025-2759,1,1,058c3180309f5c5003c43c8e508d1ba22def498626a7cc7fa252f9277ee129be,2025-05-22T01:15:52.557000
|
||||
CVE-2025-2759,0,0,058c3180309f5c5003c43c8e508d1ba22def498626a7cc7fa252f9277ee129be,2025-05-22T01:15:52.557000
|
||||
CVE-2025-27590,0,0,967f795bd4c85a7326c3accbc97af4e437c14d446f9275cd756d84bf07c7deb5,2025-03-10T14:01:33.053000
|
||||
CVE-2025-27591,0,0,bde746d629d3275aa4bd9bd60b4521aac06adacde1e58fa17d924514d9ced6d1,2025-03-21T21:15:36.737000
|
||||
CVE-2025-27593,0,0,ce5349a8322edbd13db7095e7159b1223dfa0ef4b6ca83b9170ad60af496b2cc,2025-03-14T13:15:40.437000
|
||||
@ -292392,12 +292392,12 @@ CVE-2025-3474,0,0,f3d4b355c6b48145dca2a43881241ecb1e655d9dbdb96be4731ac7b40121a4
|
||||
CVE-2025-3475,0,0,efbe23188df86d6e240d7ecf4c71cf62d870d07b674b0aba89229d60e0c7b2bb,2025-05-01T14:38:09.863000
|
||||
CVE-2025-3476,0,0,e9ff7dadd87cc1b5d38c6f4b90861333cdc35e0f0e9f56330696f9a142f8fe8c,2025-05-08T14:39:09.683000
|
||||
CVE-2025-3479,0,0,8f80f1c1f44c7d058394a2dc8af5ea1237f4382d2f768655200c00d11d9bc20e,2025-04-17T20:21:48.243000
|
||||
CVE-2025-3480,1,1,68045641d331a9c0f307e2b0c07d6097d570f99dac449d113fb067c868143aa2,2025-05-22T01:15:52.867000
|
||||
CVE-2025-3481,1,1,32ef07b0ad733db17b6a5038def3dea7001cc7447914f123c9e257ba41a00217,2025-05-22T01:15:53.023000
|
||||
CVE-2025-3482,1,1,db68e702e2fa186e17fae08aa9563585e36e82054c5b99131a711077b8f7bf30,2025-05-22T01:15:53.180000
|
||||
CVE-2025-3483,1,1,2893304988e05ceb8f7e2e1c6de6a956fa412de401896972c2d27b5a00815e97,2025-05-22T01:15:53.330000
|
||||
CVE-2025-3484,1,1,ee9f66c39c808153676cfa87635bafd0221a3f53c1ee753753e14d07af211690,2025-05-22T01:15:53.473000
|
||||
CVE-2025-3486,1,1,990f64858fd79979aba5b8ae3005ed9bf9f2656ae3863694eb9db28ae9c274e3,2025-05-22T01:15:53.610000
|
||||
CVE-2025-3480,0,0,68045641d331a9c0f307e2b0c07d6097d570f99dac449d113fb067c868143aa2,2025-05-22T01:15:52.867000
|
||||
CVE-2025-3481,0,0,32ef07b0ad733db17b6a5038def3dea7001cc7447914f123c9e257ba41a00217,2025-05-22T01:15:53.023000
|
||||
CVE-2025-3482,0,0,db68e702e2fa186e17fae08aa9563585e36e82054c5b99131a711077b8f7bf30,2025-05-22T01:15:53.180000
|
||||
CVE-2025-3483,0,0,2893304988e05ceb8f7e2e1c6de6a956fa412de401896972c2d27b5a00815e97,2025-05-22T01:15:53.330000
|
||||
CVE-2025-3484,0,0,ee9f66c39c808153676cfa87635bafd0221a3f53c1ee753753e14d07af211690,2025-05-22T01:15:53.473000
|
||||
CVE-2025-3486,0,0,990f64858fd79979aba5b8ae3005ed9bf9f2656ae3863694eb9db28ae9c274e3,2025-05-22T01:15:53.610000
|
||||
CVE-2025-3487,0,0,37a731f70f7d60f61f90004d6c1accd554e282489415894b87ac4c12467860d0,2025-04-17T20:21:48.243000
|
||||
CVE-2025-3488,0,0,c7eefb60f78d0958cd2e23946d634228ed1d24a7964a368a35db998af9592006,2025-05-06T13:42:26.630000
|
||||
CVE-2025-3489,0,0,022b54ffee4506f718addb5ceaf385be3790891db6976fea3fe419665201ae9e,2025-04-29T20:21:05.627000
|
||||
@ -292974,13 +292974,13 @@ CVE-2025-3876,0,0,98fa4965cd0fb5896f08763a0582c93ea252014e67d6fd79d41bdf5071b00a
|
||||
CVE-2025-3877,0,0,bd5b5066ee71dddb026ff4be45d533ff8a45759049f3b5031ade33120dd16821,2025-05-16T14:43:56.797000
|
||||
CVE-2025-3878,0,0,5d0ea49e265f118a3a830204c906368e4ab75640c7d76d121d2e4f7feb7a8abf,2025-05-21T13:36:16.070000
|
||||
CVE-2025-3879,0,0,d832e10f3f5a35fa6f778cb83701763ba1ca0a6464dece4429751c1aa0bef5fb,2025-05-05T20:54:19.760000
|
||||
CVE-2025-3881,1,1,fb6a60d117d48b11f267bce82d74b26a85b8fa334758ed6f974dac350fb06e24,2025-05-22T01:15:53.753000
|
||||
CVE-2025-3882,1,1,107024e5eef3b1d1e247f750e417372de126b22d9127491e1d43a40f9da3a252,2025-05-22T01:15:53.897000
|
||||
CVE-2025-3883,1,1,71bc224830f9add60e419cf70dd202592d715af2bb3e2226a22c6f3c131a2827,2025-05-22T01:15:54.040000
|
||||
CVE-2025-3884,1,1,050f69d7662ddb4b008ebb226fde8109306de04d97915e537ef43d91756e449a,2025-05-22T01:15:54.180000
|
||||
CVE-2025-3885,1,1,5cff193bed7f31dccc69abb10cc395329bc703da33fad2f950933681b37ffb02,2025-05-22T01:15:54.323000
|
||||
CVE-2025-3881,0,0,fb6a60d117d48b11f267bce82d74b26a85b8fa334758ed6f974dac350fb06e24,2025-05-22T01:15:53.753000
|
||||
CVE-2025-3882,0,0,107024e5eef3b1d1e247f750e417372de126b22d9127491e1d43a40f9da3a252,2025-05-22T01:15:53.897000
|
||||
CVE-2025-3883,0,0,71bc224830f9add60e419cf70dd202592d715af2bb3e2226a22c6f3c131a2827,2025-05-22T01:15:54.040000
|
||||
CVE-2025-3884,0,0,050f69d7662ddb4b008ebb226fde8109306de04d97915e537ef43d91756e449a,2025-05-22T01:15:54.180000
|
||||
CVE-2025-3885,0,0,5cff193bed7f31dccc69abb10cc395329bc703da33fad2f950933681b37ffb02,2025-05-22T01:15:54.323000
|
||||
CVE-2025-3886,0,0,2fc53166978634d08e3de1f22695786efe31d1a12a27d176dfd8ae397c364dba,2025-05-12T19:08:46.017000
|
||||
CVE-2025-3887,1,1,0259b9c543ea096b1babe946c40dcfd936b0a1d555069373aacee410164ba527,2025-05-22T01:15:54.463000
|
||||
CVE-2025-3887,0,0,0259b9c543ea096b1babe946c40dcfd936b0a1d555069373aacee410164ba527,2025-05-22T01:15:54.463000
|
||||
CVE-2025-3888,0,0,49e1b00723b387f853a81c82f5f016b5f1d15af81d74668da125765b119b544b,2025-05-19T13:35:20.460000
|
||||
CVE-2025-3889,0,0,addcdab3a978b132a54b1f1982e1745a3e16133d88989aba0f11c2d9da982971,2025-05-06T15:39:43.323000
|
||||
CVE-2025-3890,0,0,d96df3538703b6e7aa875d8f583dc14e28a363f629bce9d326c752b01881ed1a,2025-05-06T14:55:31.320000
|
||||
@ -295120,3 +295120,4 @@ CVE-2025-5053,0,0,f3960f3fef41d7ecf848774bf4b369d04e2db0aed84ce0d620ee1df80e70da
|
||||
CVE-2025-5056,0,0,24d061e88b3cf45f5032cfe21dd5c284567df8f8faa04bf61dd2cd373b6c9d3f,2025-05-21T22:15:51.283000
|
||||
CVE-2025-5057,0,0,e4643c147868b893ff9fb46d6871afbd02dc7ed36290a8a3934e2fc161fc8793,2025-05-21T22:15:51.460000
|
||||
CVE-2025-5059,0,0,e508ee3757781c3dcdb93531723f3d3cc6c73b0b7ef84512bfb7df130918f353,2025-05-21T23:15:55.683000
|
||||
CVE-2025-5062,1,1,d34f23217367fe5fdba634551cfcfd1099d867d6d3fef82f2c05aee0fe8663c4,2025-05-22T04:16:22.913000
|
||||
|
||||
|
Can't render this file because it is too large.
|
Loading…
x
Reference in New Issue
Block a user