From 25a856295a01dc8eef36d72373610fb1cbdea040 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 20 Jul 2024 14:03:12 +0000 Subject: [PATCH] Auto-Update: 2024-07-20T14:00:18.474974+00:00 --- CVE-2024/CVE-2024-68xx/CVE-2024-6848.json | 72 +++++++++++++++++++++++ README.md | 11 ++-- _state.csv | 5 +- 3 files changed, 80 insertions(+), 8 deletions(-) create mode 100644 CVE-2024/CVE-2024-68xx/CVE-2024-6848.json diff --git a/CVE-2024/CVE-2024-68xx/CVE-2024-6848.json b/CVE-2024/CVE-2024-68xx/CVE-2024-6848.json new file mode 100644 index 00000000000..afbb2e08e78 --- /dev/null +++ b/CVE-2024/CVE-2024-68xx/CVE-2024-6848.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2024-6848", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-07-20T12:15:02.203", + "lastModified": "2024-07-20T12:15:02.203", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 1.26.6 due to insufficient input sanitization and output escaping affecting the boldgrid_canvas_image AJAX endpoint. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/BoldGrid/post-and-page-builder/issues/612", + "source": "security@wordfence.com" + }, + { + "url": "https://github.com/BoldGrid/post-and-page-builder/pull/613/commits/64c33a6d0c9dbb0151d3af5fee9e026df6c5a2f6", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/post-and-page-builder/tags/1.26.6/includes/class-boldgrid-editor-ajax.php#L372", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/post-and-page-builder/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d5dcec8-fa36-43ab-9a35-0b391fe1d88e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 1d683b7bc58..0e00127b99f 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-07-20T12:00:18.636818+00:00 +2024-07-20T14:00:18.474974+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-07-20T10:15:03.693000+00:00 +2024-07-20T12:15:02.203000+00:00 ``` ### Last Data Feed Release @@ -33,15 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -257602 +257603 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `1` -- [CVE-2024-37561](CVE-2024/CVE-2024-375xx/CVE-2024-37561.json) (`2024-07-20T10:15:02.317`) -- [CVE-2024-37562](CVE-2024/CVE-2024-375xx/CVE-2024-37562.json) (`2024-07-20T10:15:03.693`) +- [CVE-2024-6848](CVE-2024/CVE-2024-68xx/CVE-2024-6848.json) (`2024-07-20T12:15:02.203`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 58a130ad926..dedb5e8ba53 100644 --- a/_state.csv +++ b/_state.csv @@ -254181,8 +254181,8 @@ CVE-2024-37554,0,0,f21873c8cc723d73a5be37e43f70a0cc0c9c1c460efddd02b4e8ae7999da0 CVE-2024-37555,0,0,1644327e39d431b11dca9e571309a66e1f1bfd16300400fc24b3c08e5496ae7a,2024-07-17T18:11:44.260000 CVE-2024-3756,0,0,9f6325e6bf8bb208b4e2ee6674c7d5cde657d33007cb72c8f23cf7232b49431b,2024-07-03T02:06:32.530000 CVE-2024-37560,0,0,6a6c51fd8ffab166572e38f12a64292826710da41d309700e65eba27d6039e12,2024-07-12T16:34:58.687000 -CVE-2024-37561,1,1,0405b7eb3c2a88adb1f9f2422287724c3691f1b5713897cb81a5d6a19c5659cd,2024-07-20T10:15:02.317000 -CVE-2024-37562,1,1,05faa8651779b19e9c3a157be681debeb6c57ef6741b0ef905b5805876281537,2024-07-20T10:15:03.693000 +CVE-2024-37561,0,0,0405b7eb3c2a88adb1f9f2422287724c3691f1b5713897cb81a5d6a19c5659cd,2024-07-20T10:15:02.317000 +CVE-2024-37562,0,0,05faa8651779b19e9c3a157be681debeb6c57ef6741b0ef905b5805876281537,2024-07-20T10:15:03.693000 CVE-2024-37563,0,0,a7bcd96a6802b29647c5e435ca1284679a741b47b6a577c5570f8fbd48279954,2024-07-20T09:15:03.410000 CVE-2024-37564,0,0,e7a776936a19636d3a76b462e4343d760a6a25be8bce1ad25bb7880ea2c1908a,2024-07-12T16:34:58.687000 CVE-2024-37565,0,0,cd29cd59b4dcb71dc162aeacd38887a129251b9b27b2c600691182e5d9abdecb,2024-07-20T09:15:03.780000 @@ -257588,6 +257588,7 @@ CVE-2024-6808,0,0,2df5a702fa4af6687f0c8dc8e100812ff9b6b346801edb239f41e0ca638c00 CVE-2024-6830,0,0,66325e33317c6fde8b929b285667c5104c4ae04492532b5067560968ff36e7fb,2024-07-18T12:28:43.707000 CVE-2024-6833,0,0,b0ea48d29166f6347ac218b4f9f93d3f7fc599fd932b64c35cfa55e5a1a94672,2024-07-18T12:28:43.707000 CVE-2024-6834,0,0,9b06026f568f95c4c2a4be9208340b1bc5ab27fea601ce9296ee0a0b671ec68d,2024-07-18T12:28:43.707000 +CVE-2024-6848,1,1,922eb113f4cfc11e5ffa9af297f7fb5669e378c5a17e85300d1ded82680e8f73,2024-07-20T12:15:02.203000 CVE-2024-6895,0,0,0c486e88c5dc57ed2713d59c6e5f599844da09fd6e820a24b10235451464145d,2024-07-19T15:15:10.547000 CVE-2024-6898,0,0,98dae2dc951da0c9f1ac4e695a7ad38573b2abb15f5508f51642ed9635c194c6,2024-07-19T13:01:44.567000 CVE-2024-6899,0,0,862a9d8e40eab426823cca194fdd307dafe70d2837c62b14a818c2e38cfb311c,2024-07-19T13:01:44.567000