admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-18 12:00:27.258543+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-05-18 12:00:30 +00:00
parent c95839ea94
commit 42cd65d64f
19 changed files with 959 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2021/CVE-2021-247xx/CVE-2021-24705.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-24705",
"sourceIdentifier": "contact@wpscan.com",
"published": "2021-12-13T11:15:08.137",
"lastModified": "2023-03-17T09:15:10.680",
"lastModified": "2023-05-18T11:15:09.023",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The NEX-Forms WordPress plugin before 8.3.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow attackers to make a logged in admin edit arbitrary forms with Cross-Site Scripting payloads in them"
"value": "The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow attackers to make a logged in admin edit arbitrary forms with Cross-Site Scripting payloads in them"
},
{
"lang": "es",

55
CVE-2022/CVE-2022-44xx/CVE-2022-4418.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-4418",
"sourceIdentifier": "security@acronis.com",
"published": "2023-05-18T10:15:09.767",
"lastModified": "2023-05-18T10:15:09.767",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40208."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@acronis.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@acronis.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-4729",
"source": "security@acronis.com"
}
]
}

55
CVE-2022/CVE-2022-454xx/CVE-2022-45450.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-45450",
"sourceIdentifier": "security@acronis.com",
"published": "2023-05-18T10:15:09.413",
"lastModified": "2023-05-18T10:15:09.413",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 28610, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 30984."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@acronis.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@acronis.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-2410",
"source": "security@acronis.com"
}
]
}

55
CVE-2022/CVE-2022-454xx/CVE-2022-45452.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-45452",
"sourceIdentifier": "security@acronis.com",
"published": "2023-05-18T10:15:09.487",
"lastModified": "2023-05-18T10:15:09.487",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@acronis.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@acronis.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-3967",
"source": "security@acronis.com"
}
]
}

55
CVE-2022/CVE-2022-454xx/CVE-2022-45453.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-45453",
"sourceIdentifier": "security@acronis.com",
"published": "2023-05-18T10:15:09.547",
"lastModified": "2023-05-18T10:15:09.547",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "TLS/SSL weak cipher suites enabled. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@acronis.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@acronis.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-310"
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5112",
"source": "security@acronis.com"
}
]
}

55
CVE-2022/CVE-2022-454xx/CVE-2022-45457.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-45457",
"sourceIdentifier": "security@acronis.com",
"published": "2023-05-18T10:15:09.603",
"lastModified": "2023-05-18T10:15:09.603",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows) before build 29633, Acronis Cyber Protect 15 (Windows) before build 30984."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@acronis.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@acronis.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-3957",
"source": "security@acronis.com"
}
]
}

55
CVE-2022/CVE-2022-454xx/CVE-2022-45458.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-45458",
"sourceIdentifier": "security@acronis.com",
"published": "2023-05-18T10:15:09.657",
"lastModified": "2023-05-18T10:15:09.657",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 29633, Acronis Cyber Protect 15 (Windows, macOS, Linux) before build 30984."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@acronis.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@acronis.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-3952",
"source": "security@acronis.com"
}
]
}

55
CVE-2022/CVE-2022-454xx/CVE-2022-45459.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-45459",
"sourceIdentifier": "security@acronis.com",
"published": "2023-05-18T10:15:09.710",
"lastModified": "2023-05-18T10:15:09.710",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to insecure registry permissions. The following products are affected: Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@acronis.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.0,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@acronis.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-3196",
"source": "security@acronis.com"
}
]
}

55
CVE-2022/CVE-2022-471xx/CVE-2022-47157.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47157",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-18T11:15:09.150",
"lastModified": "2023-05-18T11:15:09.150",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Don Benjamin WP Custom Fields Search plugin <=\u00a01.2.34 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-custom-fields-search/wordpress-wp-custom-fields-search-plugin-1-2-34-cross-site-scripting-xss?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-236xx/CVE-2023-23667.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23667",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-18T11:15:09.223",
"lastModified": "2023-05-18T11:15:09.223",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in BeRocket Brands for WooCommerce plugin <=\u00a03.7.0.6 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/brands-for-woocommerce/wordpress-brands-for-woocommerce-plugin-3-7-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-239xx/CVE-2023-23999.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23999",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-18T11:15:09.293",
"lastModified": "2023-05-18T11:15:09.293",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in MonsterInsights plugin <=\u00a08.14.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/google-analytics-for-wordpress/wordpress-google-analytics-by-monsterinsights-plugin-8-14-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-256xx/CVE-2023-25698.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25698",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-18T11:15:09.357",
"lastModified": "2023-05-18T11:15:09.357",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Studio Wombat Shoppable Images plugin <=\u00a01.2.3 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mabel-shoppable-images-lite/wordpress-shoppable-images-plugin-1-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-274xx/CVE-2023-27423.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-27423",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-18T11:15:09.427",
"lastModified": "2023-05-18T11:15:09.427",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Auto Prune Posts plugin <=\u00a01.8.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/auto-prune-posts/wordpress-auto-prune-posts-plugin-1-8-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-274xx/CVE-2023-27430.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-27430",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-18T11:15:09.490",
"lastModified": "2023-05-18T11:15:09.490",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Mass Delete Unused Tags plugin <=\u00a02.0.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mass-delete-unused-tags/wordpress-mass-delete-unused-tags-plugin-2-0-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-27xx/CVE-2023-2782.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2782",
"sourceIdentifier": "security@acronis.com",
"published": "2023-05-18T11:15:09.563",
"lastModified": "2023-05-18T11:15:09.563",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.3.1-38."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@acronis.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@acronis.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-3475",
"source": "security@acronis.com"
}
]
}

55
CVE-2023/CVE-2023-307xx/CVE-2023-30780.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30780",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-18T11:15:09.633",
"lastModified": "2023-05-18T11:15:09.633",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TheGuideX User IP and Location plugin <=\u00a02.2 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/user-ip-and-location/wordpress-user-ip-and-location-plugin-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-312xx/CVE-2023-31233.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31233",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-18T10:15:09.837",
"lastModified": "2023-05-18T10:15:09.837",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Haoqisir Baidu Tongji generator plugin <=\u00a01.0.2 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/baidu-tongji-generator/wordpress-baidu-tongji-generator-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-325xx/CVE-2023-32515.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32515",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-18T10:15:09.913",
"lastModified": "2023-05-18T10:15:09.913",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt Gibbs Custom Field Suite plugin <=\u00a02.6.2.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/custom-field-suite/wordpress-custom-field-suite-plugin-2-6-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

32
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-18T10:00:35.546430+00:00
2023-05-18T12:00:27.258543+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-18T09:15:10.437000+00:00
2023-05-18T11:15:09.633000+00:00
```
### Last Data Feed Release
@ -29,25 +29,37 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
215595
215612
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `17`
* [CVE-2023-33203](CVE-2023/CVE-2023-332xx/CVE-2023-33203.json) (`2023-05-18T08:15:08.723`)
* [CVE-2023-33204](CVE-2023/CVE-2023-332xx/CVE-2023-33204.json) (`2023-05-18T08:15:08.773`)
* [CVE-2023-28369](CVE-2023/CVE-2023-283xx/CVE-2023-28369.json) (`2023-05-18T09:15:09.483`)
* [CVE-2023-30487](CVE-2023/CVE-2023-304xx/CVE-2023-30487.json) (`2023-05-18T09:15:10.333`)
* [CVE-2023-30868](CVE-2023/CVE-2023-308xx/CVE-2023-30868.json) (`2023-05-18T09:15:10.437`)
* [CVE-2022-45450](CVE-2022/CVE-2022-454xx/CVE-2022-45450.json) (`2023-05-18T10:15:09.413`)
* [CVE-2022-45452](CVE-2022/CVE-2022-454xx/CVE-2022-45452.json) (`2023-05-18T10:15:09.487`)
* [CVE-2022-45453](CVE-2022/CVE-2022-454xx/CVE-2022-45453.json) (`2023-05-18T10:15:09.547`)
* [CVE-2022-45457](CVE-2022/CVE-2022-454xx/CVE-2022-45457.json) (`2023-05-18T10:15:09.603`)
* [CVE-2022-45458](CVE-2022/CVE-2022-454xx/CVE-2022-45458.json) (`2023-05-18T10:15:09.657`)
* [CVE-2022-45459](CVE-2022/CVE-2022-454xx/CVE-2022-45459.json) (`2023-05-18T10:15:09.710`)
* [CVE-2022-4418](CVE-2022/CVE-2022-44xx/CVE-2022-4418.json) (`2023-05-18T10:15:09.767`)
* [CVE-2022-47157](CVE-2022/CVE-2022-471xx/CVE-2022-47157.json) (`2023-05-18T11:15:09.150`)
* [CVE-2023-31233](CVE-2023/CVE-2023-312xx/CVE-2023-31233.json) (`2023-05-18T10:15:09.837`)
* [CVE-2023-32515](CVE-2023/CVE-2023-325xx/CVE-2023-32515.json) (`2023-05-18T10:15:09.913`)
* [CVE-2023-23667](CVE-2023/CVE-2023-236xx/CVE-2023-23667.json) (`2023-05-18T11:15:09.223`)
* [CVE-2023-23999](CVE-2023/CVE-2023-239xx/CVE-2023-23999.json) (`2023-05-18T11:15:09.293`)
* [CVE-2023-25698](CVE-2023/CVE-2023-256xx/CVE-2023-25698.json) (`2023-05-18T11:15:09.357`)
* [CVE-2023-27423](CVE-2023/CVE-2023-274xx/CVE-2023-27423.json) (`2023-05-18T11:15:09.427`)
* [CVE-2023-27430](CVE-2023/CVE-2023-274xx/CVE-2023-27430.json) (`2023-05-18T11:15:09.490`)
* [CVE-2023-2782](CVE-2023/CVE-2023-27xx/CVE-2023-2782.json) (`2023-05-18T11:15:09.563`)
* [CVE-2023-30780](CVE-2023/CVE-2023-307xx/CVE-2023-30780.json) (`2023-05-18T11:15:09.633`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
* [CVE-2023-2156](CVE-2023/CVE-2023-21xx/CVE-2023-2156.json) (`2023-05-18T09:15:10.090`)
* [CVE-2021-24705](CVE-2021/CVE-2021-247xx/CVE-2021-24705.json) (`2023-05-18T11:15:09.023`)
## Download and Usage