admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-02T22:00:24.615811+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-02 22:00:28 +00:00
parent 297d7286ca
commit 43a8f47733
86 changed files with 4729 additions and 339 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
CVE-2022/CVE-2022-471xx/CVE-2022-47187.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-47187",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-28T14:15:17.927",
"lastModified": "2023-09-28T14:29:58.860",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:45:38.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file.\n\n"
},
{
"lang": "es",
"value": "Hay una vulnerabilidad XSS de carga de archivos en Generex CS141 por debajo de la versi\u00f3n 2.06. La aplicaci\u00f3n web permite la carga de archivos, posibilitando la carga de un archivo con contenido HTML. Cuando se permiten archivos HTML, el payload XSS se puede inyectar en el archivo cargado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,14 +80,50 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:generex:cs141_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.06",
"matchCriteriaId": "45AC1134-C83A-435F-AFCB-32CC1E691C9E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:generex:cs141:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE00F7F0-4011-4F62-9E11-1BBDDCE4F46B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.generex.de/support/changelogs/cs141/2-12",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Not Applicable"
]
}
]
}

18
CVE-2023/CVE-2023-08xx/CVE-2023-0809.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0809",
"sourceIdentifier": "emo@eclipse.org",
"published": "2023-10-02T19:15:09.717",
"lastModified": "2023-10-02T19:15:09.717",
"vulnStatus": "Received",
"lastModified": "2023-10-02T20:26:54.460",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
@ -17,20 +17,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
"impactScore": 1.4
}
]
},

64
CVE-2023/CVE-2023-261xx/CVE-2023-26146.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26146",
"sourceIdentifier": "report@snyk.io",
"published": "2023-09-29T05:15:46.540",
"lastModified": "2023-09-29T12:45:33.353",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:03:13.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -38,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ithewei:libhv:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02035540-1A6E-46F6-A215-8ADBE8A24F04"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/dellalibera/c53448135480cbe12257c4b413a90d20",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Exploit"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-UNMANAGED-ITHEWEILIBHV-5730766",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-261xx/CVE-2023-26147.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26147",
"sourceIdentifier": "report@snyk.io",
"published": "2023-09-29T05:15:46.630",
"lastModified": "2023-09-29T12:45:33.353",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:03:03.403",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -38,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ithewei:libhv:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02035540-1A6E-46F6-A215-8ADBE8A24F04"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/dellalibera/2be265b56b7b3b00de1a777b9dec0c7b",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-UNMANAGED-ITHEWEILIBHV-5730768",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-261xx/CVE-2023-26148.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26148",
"sourceIdentifier": "report@snyk.io",
"published": "2023-09-29T05:15:46.693",
"lastModified": "2023-09-29T12:45:33.353",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:02:10.400",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -38,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ithewei:libhv:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02035540-1A6E-46F6-A215-8ADBE8A24F04"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/dellalibera/65d136066fdd5ea4dddaadaa9b0ba90e",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-UNMANAGED-ITHEWEILIBHV-5730769",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-35xx/CVE-2023-3592.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3592",
"sourceIdentifier": "emo@eclipse.org",
"published": "2023-10-02T20:15:10.123",
"lastModified": "2023-10-02T20:26:54.460",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "emo@eclipse.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "emo@eclipse.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"references": [
{
"url": "https://mosquitto.org/blog/2023/08/version-2-0-16-released/",
"source": "emo@eclipse.org"
}
]
}

4
CVE-2023/CVE-2023-376xx/CVE-2023-37605.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37605",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T19:15:10.327",
"lastModified": "2023-10-02T19:15:10.327",
"vulnStatus": "Received",
"lastModified": "2023-10-02T20:26:54.460",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

69
CVE-2023/CVE-2023-37xx/CVE-2023-3775.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-3775",
"sourceIdentifier": "security@hashicorp.com",
"published": "2023-09-29T00:15:12.543",
"lastModified": "2023-09-29T04:19:01.990",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:04:13.150",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8."
},
{
"lang": "es",
"value": "Vault Enterprise Sentinel Role Governing Policy creada por un operador para restringir el acceso a los recursos en un espacio de nombres se puede aplicar a solicitudes externas en otro espacio de nombres no descendiente, lo que podr\u00eda provocar una denegaci\u00f3n de servicio. Corregido en Vault Enterprise 1.15.0, 1.14.4, 1.13.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "security@hashicorp.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@hashicorp.com",
"type": "Secondary",
@ -46,10 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "0.11.0",
"versionEndExcluding": "1.13.8",
"matchCriteriaId": "648748AE-3BBB-4918-AF7A-5261B36B851E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "1.14.0",
"versionEndExcluding": "1.14.4",
"matchCriteriaId": "6950375D-91C1-46D3-8554-22D710C6FC8E"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-29-vault-enterprise-s-sentinel-rgp-policies-allowed-for-cross-namespace-denial-of-service/58653",
"source": "security@hashicorp.com"
"source": "security@hashicorp.com",
"tags": [
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-388xx/CVE-2023-38873.json
View File

@ -2,27 +2,98 @@
"id": "CVE-2023-38873",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-28T04:15:12.123",
"lastModified": "2023-09-28T12:44:04.973",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:48:21.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a \"UI redress attack\", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page. Thus, the attacker is \"hijacking\" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both."
},
{
"lang": "es",
"value": "El commit 3730880 (abril de 2023) y v.0.9-beta1 de gugoan Economizzer es vulnerable al secuestro de clics. El secuestro de clics, tambi\u00e9n conocido como \"UI redress attack\", ocurre cuando un atacante usa m\u00faltiples capas transparentes u opacas para enga\u00f1ar a un usuario para que haga clic en un bot\u00f3n o enlace en otra p\u00e1gina cuando ten\u00eda la intenci\u00f3n de hacer clic en la p\u00e1gina de nivel superior. Por lo tanto, el atacante est\u00e1 \"secuestrando\" los clics destinados a su p\u00e1gina y envi\u00e1ndolos a otra p\u00e1gina, probablemente propiedad de otra aplicaci\u00f3n, dominio o ambos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:economizzer:economizzer:0.9:beta1:*:*:*:wordpress:*:*",
"matchCriteriaId": "330109B8-8E3F-4E44-83B2-F000BEB32288"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:economizzer:economizzer:april_2023:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "BC008109-5EFA-47BA-99B2-01120532E7D6"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38873",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/gugoan/economizzer",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.economizzer.org",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

51
CVE-2023/CVE-2023-416xx/CVE-2023-41661.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41661",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-29T14:15:10.500",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:06:08.623",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <=\u00a03.1.35 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en PressPage Entertainment Inc. Smarty para el complemento WordPress en versiones &lt;= 3.1.35."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:smarty:smarty:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.1.35",
"matchCriteriaId": "C4688979-8FCE-4AB2-A0E2-F8A76435BC67"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/smarty-for-wordpress/wordpress-smarty-for-wordpress-plugin-3-1-35-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-416xx/CVE-2023-41662.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41662",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-29T14:15:10.573",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:06:02.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ulf Benjaminsson WP-dTree plugin <=\u00a04.4.5 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento Ulf Benjaminsson WP-dTree en versiones &lt;= 4.4.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ulfbenjaminsson:wp-dtree:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.4.5",
"matchCriteriaId": "3AE4DC8B-9D48-4FE5-869E-2BFBBABE0695"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-dtree-30/wordpress-wp-dtree-plugin-4-4-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-416xx/CVE-2023-41663.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41663",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-29T14:15:10.650",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:05:50.483",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Giovambattista Fazioli WP Bannerize Pro plugin <=\u00a01.6.9 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento Giovambattista Fazioli WP Bannerize Pro en versiones &lt;= 1.6.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:undolog:wp_bannerize_pro:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.6.9",
"matchCriteriaId": "50DF69C9-DDB2-499D-8B8A-03593EA403F5"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-bannerize-pro/wordpress-wp-bannerize-pro-plugin-1-6-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-416xx/CVE-2023-41666.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41666",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-29T14:15:10.723",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:05:44.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Stockdio Stock Quotes List plugin <=\u00a02.9.9 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de colaboradores o superiores) almacenada en el complemento Stockdio Stock Quotes List en versiones &lt;= 2.9.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:stockdio:stock_quotes_list:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.9.9",
"matchCriteriaId": "243DC8D9-87A0-49AF-9E00-A942347AA586"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/stock-quotes-list/wordpress-stock-quotes-list-plugin-2-9-9-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-416xx/CVE-2023-41687.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41687",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-29T14:15:10.797",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:05:38.330",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Irina Sokolovskaya Goods Catalog plugin <=\u00a02.4.1 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de colaboradores o superiores) almacenada en el complemento Irina Sokolovskaya Goods Catalog en versiones &lt;= 2.4.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:goods_catalog_project:goods_catalog:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.4.1",
"matchCriteriaId": "23F11490-E1DA-4196-AEED-FDF4ED291398"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/goods-catalog/wordpress-goods-catalog-plugin-2-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-432xx/CVE-2023-43267.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-43267",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T21:15:34.377",
"lastModified": "2023-10-02T21:15:34.377",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/Fliggyaaa/b61c24e828cbcfac42406be408665280",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Fliggyaaa/xss/",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-432xx/CVE-2023-43268.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-43268",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T21:15:34.430",
"lastModified": "2023-10-02T21:15:34.430",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Deyue Remote Vehicle Management System v1.1 was discovered to contain a deserialization vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/Fliggyaaa/5517fdd59853cd81724b19d2f29c6760",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Fliggyaaa/DeYue-remote-vehicle-management-system",
"source": "cve@mitre.org"
},
{
"url": "https://hzya.anlu169.com/ms/login",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-432xx/CVE-2023-43297.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43297",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T21:15:34.480",
"lastModified": "2023-10-02T21:15:34.480",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in animal-art-lab v13.6.1 allows attackers to send crafted notifications via leakage of the channel access token."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-43297.md",
"source": "cve@mitre.org"
}
]
}

32
CVE-2023/CVE-2023-433xx/CVE-2023-43361.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-43361",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T21:15:34.520",
"lastModified": "2023-10-02T21:15:34.520",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/xiph/vorbis",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/xiph/vorbis-tools",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/xiph/vorbis-tools/issues/41",
"source": "cve@mitre.org"
},
{
"url": "https://xiph.org/vorbis/",
"source": "cve@mitre.org"
}
]
}

62
CVE-2023/CVE-2023-436xx/CVE-2023-43654.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43654",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-28T23:15:09.627",
"lastModified": "2023-09-29T04:19:01.990",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:04:38.423",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and sensitive data. This issue is present in versions 0.1.0 to 0.8.1. A user is able to load the model of their choice from any URL that they would like to use. The user of TorchServe is responsible for configuring both the allowed_urls and specifying the model URL to be used. A pull request to warn the user when the default value for allowed_urls is used has been merged in PR #2534. TorchServe release 0.8.2 includes this change. Users are advised to upgrade. There are no known workarounds for this issue."
},
{
"lang": "es",
"value": "TorchServe es una herramienta para servir y escalar modelos de PyTorch en producci\u00f3n. La configuraci\u00f3n predeterminada de TorchServe carece de una validaci\u00f3n de entrada adecuada, lo que permite a terceros invocar solicitudes de descarga HTTP remotas y escribir archivos en el disco. Se podr\u00eda aprovechar este problema para comprometer la integridad del sistema y los datos confidenciales. Este problema est\u00e1 presente en las versiones 0.1.0 a 0.8.1. Un usuario puede cargar el modelo de su elecci\u00f3n desde cualquier URL que desee utilizar. El usuario de TorchServe es responsable de configurar las URL permitidas y especificar la URL modelo que se utilizar\u00e1. En PR #2534 se fusion\u00f3 una solicitud de extracci\u00f3n para advertir al usuario cuando se utiliza el valor predeterminado para Allow_urls. La versi\u00f3n 0.8.2 de TorchServe incluye este cambio. Se recomienda a los usuarios que actualicen. No se conocen workarounds para este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pytorch:torchserve:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.1.0",
"versionEndExcluding": "0.8.2",
"matchCriteriaId": "1C72B515-779F-4815-B20E-80DF998B771B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pytorch/serve/pull/2534",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/pytorch/serve/releases/tag/v0.8.2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/pytorch/serve/security/advisories/GHSA-8fxr-qfr9-p34w",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-436xx/CVE-2023-43657.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43657",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-28T19:15:10.547",
"lastModified": "2023-09-28T20:29:46.433",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:15:53.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Improper escaping of encrypted topic titles could lead to a cross site scripting (XSS) issue when a site has content security policy (CSP) headers disabled. Having CSP disabled is a non-default configuration, and having it disabled with discourse-encrypt installed will result in a warning in the Discourse admin dashboard. This has been fixed in commit `9c75810af9` which is included in the latest version of the discourse-encrypt plugin. Users are advised to upgrade. Users unable to upgrade should ensure that CSP headers are enabled and properly configured."
},
{
"lang": "es",
"value": "discourse-encrypt es un complemento que proporciona un canal de comunicaci\u00f3n seguro a trav\u00e9s de Discourse. El escape inadecuado de los topic titles cifrados podr\u00eda provocar un problema de Cross Site Scripting (XSS) cuando un sitio tiene los encabezados de la pol\u00edtica de seguridad de contenido (CSP) deshabilitados. Tener CSP deshabilitado es una configuraci\u00f3n no predeterminada, y tenerlo deshabilitado con el discourse-encrypt instalado generar\u00e1 una advertencia en el panel de administraci\u00f3n de Discourse. Esto se solucion\u00f3 en el commit `9c75810af9` que se incluye en la \u00faltima versi\u00f3n del complemento discourse-encrypt. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar deben asegurarse de que los encabezados CSP est\u00e9n habilitados y configurados correctamente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse-encrypt:*:*:*:*:*:discourse:*:*",
"versionEndExcluding": "2023-09-28",
"matchCriteriaId": "F107A6F2-A831-40B8-9052-CE35E247D142"
}
]
}
]
}
],
"references": [
{
"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/discourse/discourse-encrypt/commit/9c75810af9a474d7edaec67dea66f852c0ba1f4e",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/discourse/discourse-encrypt/security/advisories/GHSA-5fh6-wp7p-xx7v",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-436xx/CVE-2023-43660.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43660",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-27T22:15:10.730",
"lastModified": "2023-09-28T12:44:13.510",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:21:26.290",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. The SSH key verification for a user can be bypassed by sending an SSH key offer without a signature. This allows bypassing authentication under following conditions: 1. The attacker knows the username and a valid target name 2. The attacked knows the user's public key and 3. Only SSH public key authentication is required for the user account. This issue has been addressed in version 0.8.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "\"Warpgate es un host bastionado SSH, HTTPS y MySQL inteligente para Linux que no necesita aplicaciones cliente especiales. La verificaci\u00f3n de la clave SSH para un usuario se puede omitir enviando una oferta de clave SSH sin firma. Esto permite eludir la autenticaci\u00f3n bajo las siguientes condiciones: \n1. El atacante conoce el nombre de usuario y un nombre de destino v\u00e1lido \n2. El atacado conoce la clave p\u00fablica del usuario \n3. Solo se requiere autenticaci\u00f3n de clave p\u00fablica SSH para la cuenta de usuario. \nEste problema se solucion\u00f3 en la versi\u00f3n 0.8.1. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.\""
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:warpgate_project:warpgate:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.8.1",
"matchCriteriaId": "87AAB4E3-1EE5-4781-8209-E180C31BAE14"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/warp-tech/warpgate/commit/a4df7f7a21395cfaee7a9789d1e3846290caeb63",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-3cjp-w4cp-m9c8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43702.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43702",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T02:15:09.167",
"lastModified": "2023-09-30T02:50:07.077",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:13:12.410",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"tracking_number\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"tracking_number\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43703.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43703",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T02:15:09.220",
"lastModified": "2023-09-30T02:50:07.077",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:13:06.190",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"product_info[][name]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"product_info[][name]\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43704.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43704",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T02:15:09.277",
"lastModified": "2023-09-30T02:50:07.077",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:12:59.533",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"title\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"title\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43705.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43705",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T02:15:09.337",
"lastModified": "2023-09-30T02:50:07.077",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:12:48.367",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"translation_value[1]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"translation_value[1]\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43706.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43706",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T02:15:09.397",
"lastModified": "2023-09-30T02:50:07.077",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:12:54.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"email_templates_key\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"email_templates_key\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43707.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43707",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T03:15:09.233",
"lastModified": "2023-09-30T03:16:35.133",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:12:42.573",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"CatalogsPageDescriptionForm[1][name]\n\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"CatalogsPageDescriptionForm[1][nombre] \", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43708.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43708",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T03:15:09.300",
"lastModified": "2023-09-30T03:16:35.133",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:12:36.513",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"configuration_title[1](MODULE_PAYMENT_SAGE_PAY_SERVER_TEXT_TITLE)\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"configuration_title[1](MODULE_PAYMENT_SAGE_PAY_SERVER_TEXT_TITLE)\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43709.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43709",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T03:15:09.363",
"lastModified": "2023-09-30T03:16:35.133",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:12:28.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"configuration_title[1](MODULE)\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"configuration_title[1](MODULE)\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43710.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43710",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T03:15:09.423",
"lastModified": "2023-09-30T03:16:35.133",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:12:21.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"configuration_title[1][MODULE_SHIPPING_PERCENT_TEXT_TITLE]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"configuration_title[1][MODULE_SHIPPING_PERCENT_TEXT_TITLE]\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43711.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43711",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T03:15:09.487",
"lastModified": "2023-09-30T03:16:35.133",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:12:08.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"admin_firstname\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"admin_firstname\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43712.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43712",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T21:15:09.850",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:22:53.103",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"access_levels_name\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"access_levels_name\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43713.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43713",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T21:15:09.947",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:22:47.300",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability,\nwhich allows attackers to inject JS via the \"title\" parameter, in the \"/admin/admin-menu/add-submit\"\nendpoint, which can lead to unauthorized execution of scripts in a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS), que permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"title\", en el endpoint \"/admin/admin-menu/add-submit\", lo que puede conducir a accesos no autorizados ejecuci\u00f3n de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43714.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43714",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T21:15:10.010",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:22:42.630",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"SKIP_CART_PAGE_TITLE[1]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"SKIP_CART_PAGE_TITLE[1]\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43715.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43715",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T21:15:10.077",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:22:38.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"ENTRY_FIRST_NAME_MIN_LENGTH_TITLE[1]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"ENTRY_FIRST_NAME_MIN_LENGTH_TITLE[1]\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43716.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43716",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T21:15:10.140",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:22:33.860",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"MAX_DISPLAY_NEW_PRODUCTS_TITLE[1]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"MAX_DISPLAY_NEW_PRODUCTS_TITLE[1]\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43717.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43717",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:10.347",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:22:28.010",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"MSEARCH_HIGHLIGHT_ENABLE_TITLE[1]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"MSEARCH_HIGHLIGHT_ENABLE_TITLE[1]\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43718.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43718",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:10.410",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:22:22.220",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"MSEARCH_ENABLE_TITLE[1]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"MSEARCH_ENABLE_TITLE[1]\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43719.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43719",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:10.467",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:22:15.927",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"SHIPPING_GENDER_TITLE[1]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"SHIPPING_GENDER_TITLE[1]\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts dentro del navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43720.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43720",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:10.533",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:24:18.953",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"BILLING_GENDER_TITLE[1]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"BILLING_GENDER_TITLE[1]\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43721.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43721",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:10.597",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:24:12.980",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"PACKING_SLIPS_SUMMARY_TITLE[1]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"PACKING_SLIPS_SUMMARY_TITLE[1]\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43722.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43722",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:10.657",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:24:07.800",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"orders_status_groups_name[1]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"orders_status_groups_name[1]\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43723.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43723",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:10.717",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:24:01.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"orders_status_name[1]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"orders_status_name[1]\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43724.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43724",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:10.777",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:23:55.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"derb6zmklgtjuhh2cn5chn2qjbm2stgmfa4.oastify.comscription[1][name]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"derb6zmklgtjuhh2cn5chn2qjbm2stgmfa4.oastify.comscription[1][name]\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43725.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43725",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:10.843",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:23:49.507",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"orders_products_status_name_long[1]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"orders_products_status_name_long[1]\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43726.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43726",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:10.903",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:23:42.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"orders_products_status_manual_name_long[1]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"orders_products_status_manual_name_long[1]\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43727.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43727",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:10.967",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:23:35.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"stock_indication_text[1]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"stock_indication_text[1]\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43728.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43728",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:11.027",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:25:37.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"stock_delivery_terms_text[1]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"stock_delivery_terms_text[1]\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43729.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43729",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:11.097",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:25:31.980",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"xsell_type_name[1]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"xsell_type_name[1]\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43730.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43730",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:11.163",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:25:14.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"countries_name[1]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"countries_name[1]\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43731.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43731",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:11.227",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:25:27.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"zone_name\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"zone_name\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43732.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43732",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T23:15:40.127",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:25:22.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"tax_class_title\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"tax_class_title\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43733.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43733",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T23:15:40.203",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:25:05.513",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"company_address\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"company_address\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43734.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43734",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T23:15:40.260",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:24:59.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"name\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"name\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts dentro del navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-437xx/CVE-2023-43735.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43735",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T23:15:40.320",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:24:51.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"formats_titles[7]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"formats_titles[7]\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

20
CVE-2023/CVE-2023-438xx/CVE-2023-43835.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43835",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T20:15:10.187",
"lastModified": "2023-10-02T20:26:54.460",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content."
}
],
"metrics": {},
"references": [
{
"url": "https://packetstormsecurity.com/files/174756/Super-Store-Finder-3.7-Remote-Command-Execution.html",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-438xx/CVE-2023-43836.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-43836",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T21:15:34.567",
"lastModified": "2023-10-02T21:15:34.567",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information"
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/Fliggyaaa/417f8335ce0f0546e95dda91d4b54604",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Fliggyaaa/jizhicmssql/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-438xx/CVE-2023-43890.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43890",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T20:15:10.233",
"lastModified": "2023-10-02T20:26:54.460",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/command%20injection%20bypass%20filter.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-440xx/CVE-2023-44008.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-44008",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T21:15:34.617",
"lastModified": "2023-10-02T21:15:34.617",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures/tree/main/2023/CVE-2023-44008",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-440xx/CVE-2023-44009.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-44009",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T21:15:34.663",
"lastModified": "2023-10-02T21:15:34.663",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the Skin Management function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures/tree/main/2023/CVE-2023-44009",
"source": "cve@mitre.org"
},
{
"url": "https://www.mojoportal.com/",
"source": "cve@mitre.org"
}
]
}

74
CVE-2023/CVE-2023-440xx/CVE-2023-44080.json
View File

@ -2,19 +2,85 @@
"id": "CVE-2023-44080",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T22:15:11.783",
"lastModified": "2023-09-28T12:44:13.510",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:30:36.210",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attacker to execute arbitrary code via a crafted request to the branchList component."
},
{
"lang": "es",
"value": "Un problema en PGYER codefever v.2023.8.14-2ce4006 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud manipulada al componente BranchList."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pgyer:codefever:2023.8.14-2ce4006:*:*:*:*:*:*:*",
"matchCriteriaId": "3D409190-70CD-4E5B-BB84-E84D29359856"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/one-pyy/330548f740415dff49f59d56e14b4219",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://github.com/advisories/GHSA-cjp8-pj2w-v99h",
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-442xx/CVE-2023-44273.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2023-44273",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-28T04:15:12.493",
"lastModified": "2023-09-28T12:44:04.973",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T21:06:10.147",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval."
},
{
"lang": "es",
"value": "Consensys gnark-crypto hasta 0.11.2 permite maleabilidad de firma. Esto ocurre porque la deserializaci\u00f3n de las firmas EdDSA y ECDSA no garantiza que los datos est\u00e9n en un intervalo determinado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:consensys:gnark-crypto:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.12.0",
"matchCriteriaId": "C4EE0152-70B4-4DB8-9B82-12C21D82CF09"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Consensys/gnark-crypto/pull/449",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/Consensys/gnark-crypto/releases",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://verichains.io",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

36
CVE-2023/CVE-2023-444xx/CVE-2023-44463.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-44463",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T20:15:10.277",
"lastModified": "2023-10-02T20:26:54.460",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoofing by users of the application."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/pretix/pretix/commit/ccdce2ccb8207b82501af3c03f50abc0f819b469",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/pretix/pretix/compare/v2023.7.0...v2023.7.1",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/pretix/pretix/tags",
"source": "cve@mitre.org"
},
{
"url": "https://pretix.eu/about/en/blog/20230911-release-2023-7-1/",
"source": "cve@mitre.org"
},
{
"url": "https://pretix.eu/about/en/ticketing",
"source": "cve@mitre.org"
}
]
}

82
CVE-2023/CVE-2023-444xx/CVE-2023-44466.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44466",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-29T06:15:11.007",
"lastModified": "2023-09-29T12:45:33.353",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:01:00.753",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,91 @@
"value": "Se descubri\u00f3 un problema en net/ceph/messenger_v2.c en el kernel de Linux anterior a 6.4.5. Hay un error de firma de enteros, lo que provoca un desbordamiento del b\u00fafer y la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de HELLO o uno de los frames AUTH. Esto ocurre debido a una longitud no confiable tomada de un paquete TCP en ceph_decode_32."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.5",
"matchCriteriaId": "5819C299-33F3-4B58-B0ED-46B0C73B4A51"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a282a2f10539dce2aa619e71e1817570d557fc97",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://github.com/google/security-research/security/advisories/GHSA-jg27-jx6w-xwph",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/torvalds/linux/commit/a282a2f10539dce2aa619e71e1817570d557fc97",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://www.spinics.net/lists/ceph-devel/msg57909.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
]
}
]
}

8
CVE-2023/CVE-2023-46xx/CVE-2023-4659.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4659",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-02T15:15:15.017",
"lastModified": "2023-10-02T15:15:15.017",
"vulnStatus": "Received",
"lastModified": "2023-10-02T20:26:54.460",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to \"admin\". It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an unprivileged remote user is able to create, delete and modify users within theapplication."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery, cuya explotaci\u00f3n podr\u00eda permitir a un atacante realizar diferentes acciones en la plataforma como administrador, simplemente cambiando el valor del token a \"admin\". Tambi\u00e9n es posible realizar solicitudes POST, GET y DELETE sin ning\u00fan valor de token. Por lo tanto, un usuario remoto sin privilegios puede crear, eliminar y modificar usuarios dentro de la aplicaci\u00f3n."
}
],
"metrics": {

69
CVE-2023/CVE-2023-50xx/CVE-2023-5077.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5077",
"sourceIdentifier": "security@hashicorp.com",
"published": "2023-09-29T00:15:12.693",
"lastModified": "2023-09-29T04:19:01.990",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:04:03.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Vault and Vault Enterprise (\"Vault\") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0."
},
{
"lang": "es",
"value": "El engine de los secretos en Vault and Vault Enterprise (\"Vault\") Google Cloud no conserv\u00f3 la existencia de Google Cloud IAM Conditions al crear o actualizar conjuntos de roles. Corregido en Vault 1.13.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@hashicorp.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
},
{
"source": "security@hashicorp.com",
"type": "Secondary",
@ -46,10 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"versionStartIncluding": "0.10.0",
"versionEndExcluding": "1.13.0",
"matchCriteriaId": "02EC9823-2E05-40AF-A186-D9344AC76FA5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "0.10.0",
"versionEndExcluding": "1.13.0",
"matchCriteriaId": "EB660653-154B-4CD8-A7BA-8814C9536616"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-30-vault-s-google-cloud-secrets-engine-removed-existing-iam-conditions-when-creating-updating-rolesets/58654",
"source": "security@hashicorp.com"
"source": "security@hashicorp.com",
"tags": [
"Vendor Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-51xx/CVE-2023-5111.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5111",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T23:15:40.377",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:25:54.513",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"featured_type_name[1]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"featured_type_name[1]\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2023/CVE-2023-51xx/CVE-2023-5112.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5112",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T23:15:40.433",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:26:32.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"specials_type_name[1]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser."
},
{
"lang": "es",
"value": "Os Commerce es actualmente susceptible a una vulnerabilidad de Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los atacantes inyectar JS a trav\u00e9s del par\u00e1metro \"specials_type_name[1]\", lo que podr\u00eda provocar la ejecuci\u00f3n no autorizada de scripts en el navegador web de un usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
@ -46,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.12.56860:*:*:*:*:*:*:*",
"matchCriteriaId": "541F9752-737F-4120-8D29-BE714711E66D"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/bts/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.oscommerce.com/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

68
CVE-2023/CVE-2023-51xx/CVE-2023-5197.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5197",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-09-27T15:19:43.110",
"lastModified": "2023-09-27T15:41:51.143",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:21:40.120",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nAddition and removal of rules from chain bindings within the same transaction causes leads to use-after-free.\n\nWe recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325.\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de use-after-free en el componente netfilter: nf_tables del kernel de Linux puede explotarse para lograr una escalada de privilegios local. La adici\u00f3n y eliminaci\u00f3n de reglas de enlaces de cadena dentro de la misma transacci\u00f3n provoca que se produzca un use-after-free. Recomendamos actualizar despu\u00e9s del compromiso f15f29fd4779be8a418b66e9d52979bb6d6c2325."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -46,14 +80,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.9.0",
"versionEndExcluding": "6.6",
"matchCriteriaId": "D35FCADA-85D5-4BFA-BB9B-22CE308126FB"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f15f29fd4779be8a418b66e9d52979bb6d6c2325",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Patch"
]
},
{
"url": "https://kernel.dance/f15f29fd4779be8a418b66e9d52979bb6d6c2325",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-52xx/CVE-2023-5265.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5265",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T15:15:10.670",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:09:38.133",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Tongda OA 2017. Affected by this issue is some unknown functionality of the file general/hr/manage/staff_transfer/delete.php. The manipulation of the argument TRANSFER_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240878 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Tongda OA 2017 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo general/hr/manage/staff_transfer/delete.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento TRANSFER_ID conduce a la inyecci\u00f3n SQL. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 11.10 puede solucionar este problema. Se recomienda actualizar el componente afectado. VDB-240878 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -61,7 +87,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,20 +95,66 @@
"value": "CWE-89"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:tongda_oa:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.10",
"matchCriteriaId": "17F21834-2024-4969-BB2C-1C56D7C85F5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:tongda_oa:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "A77F4CAB-A2ED-4AFF-B9C7-03C69B14AE9D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/YaGaoT/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.240878",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.240878",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

72
CVE-2023/CVE-2023-52xx/CVE-2023-5267.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5267",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T15:15:10.823",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:07:13.893",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/hr_pool/delete.php. The manipulation of the argument EXPERT_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-240880."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Tongda OA 2017 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo general/hr/recruit/hr_pool/delete.php. La manipulaci\u00f3n del argumento EXPERT_ID conduce a la inyecci\u00f3n SQL. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 11.10 puede solucionar este problema. Se recomienda actualizar el componente afectado. El identificador de esta vulnerabilidad es VDB-240880."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +97,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:tongda_oa:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.10",
"matchCriteriaId": "17F21834-2024-4969-BB2C-1C56D7C85F5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:tongda_oa:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "A77F4CAB-A2ED-4AFF-B9C7-03C69B14AE9D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kpz-wm/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.240880",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.240880",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

84
CVE-2023/CVE-2023-52xx/CVE-2023-5285.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5285",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T20:15:10.217",
"lastModified": "2023-09-30T01:57:32.760",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:11:18.927",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Tongda OA 2017. Affected by this vulnerability is an unknown functionality of the file general/hr/recruit/recruitment/delete.php. The manipulation of the argument RECRUITMENT_ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-240913 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Tongda OA 2017 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo general/hr/recruit/recruitment/delete.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento RECRUITMENT_ID conduce a la inyecci\u00f3n SQL. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 11.10 puede solucionar este problema. Se recomienda actualizar el componente afectado. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-240913."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -61,7 +87,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,20 +95,66 @@
"value": "CWE-89"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:tongda_oa:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.10",
"matchCriteriaId": "17F21834-2024-4969-BB2C-1C56D7C85F5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:tongda_oa:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "A77F4CAB-A2ED-4AFF-B9C7-03C69B14AE9D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/OliverWu23/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.240913",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.240913",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

67
CVE-2023/CVE-2023-52xx/CVE-2023-5293.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5293",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T21:15:10.177",
"lastModified": "2023-09-30T01:57:32.760",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:11:48.657",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in ECshop 4.1.5. Affected is an unknown function of the file /admin/leancloud.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240924."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en ECshop 4.1.5 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /admin/leancloud.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-240924."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +97,49 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:shopex:ecshop:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6705D1-6449-4965-94CB-FE08E169D848"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xhcccan/code/issues/1",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.240924",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.240924",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

69
CVE-2023/CVE-2023-52xx/CVE-2023-5298.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5298",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-30T06:15:11.483",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:17:36.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -75,18 +97,55 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:tongda_oa:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.10",
"matchCriteriaId": "17F21834-2024-4969-BB2C-1C56D7C85F5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:tongda_oa:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "A77F4CAB-A2ED-4AFF-B9C7-03C69B14AE9D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/szh0105/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.240938",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.240938",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

62
CVE-2023/CVE-2023-53xx/CVE-2023-5301.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5301",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-30T11:15:15.333",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:20:04.580",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -75,18 +97,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dedecms:dedecms:5.7.111:*:*:*:*:*:*:*",
"matchCriteriaId": "377F392A-A04B-4E7A-BBE8-F77CE65BDFCF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Lamber-maybe/cve/blob/main/DedeCMS%20V5.7.111%20Remote%20Code%20Execution%20Vulnerability.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.240940",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.240940",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

63
CVE-2023/CVE-2023-53xx/CVE-2023-5302.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5302",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-30T12:15:09.963",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:19:45.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -75,18 +97,49 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mayurik:best_courier_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D0B90AE-6DFA-40B1-A97C-B445F29F3EB3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/rohit0x5/poc/blob/main/cve_2",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.240941",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.240941",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

61
CVE-2023/CVE-2023-53xx/CVE-2023-5303.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5303",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-30T14:15:15.737",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:19:22.663",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Online Banquet Booking System 1.0. Affected is an unknown function of the file /view-booking-detail.php of the component Account Detail Handler. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. VDB-240942 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Online Banquet Booking System 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /view-booking-detail.php del componente Account Detail Handler. La manipulaci\u00f3n del argumento nombre de usuario conduce a Cross-Site Scripting (XSS). Es posible lanzar el ataque de forma remota. VDB-240942 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,14 +97,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:online_banquet_booking_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52AD55AE-55B7-4780-B064-648A8D67734D"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.240942",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.240942",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

61
CVE-2023/CVE-2023-53xx/CVE-2023-5304.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5304",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-30T15:15:10.180",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:19:10.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /book-services.php of the component Service Booking. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-240943."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Online Banquet Booking System 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /book-services.php del componente Service Booking es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento \"message\" conduce a Cross-Site Scripting (XSS). El ataque se puede lanzar de forma remota. El identificador asociado de esta vulnerabilidad es VDB-240943."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,14 +97,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anujk305:online_banquet_booking_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABEC52EB-4DAA-4779-9778-9A50B5137E84"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.240943",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.240943",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

61
CVE-2023/CVE-2023-53xx/CVE-2023-5305.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5305",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-30T15:15:10.260",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:21:10.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /mail.php of the component Contact Us Page. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-240944."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Online Banquet Booking System 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /mail.php del componente Contact Us Page es afectada por esta vulnerabilidad. La manipulaci\u00f3n del mensaje de argumento conduce a Cross-Site Scripting (XSS). El ataque puede lanzarse de forma remota. El identificador de esta vulnerabilidad es VDB-240944."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,14 +97,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anujk305:online_banquet_booking_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABEC52EB-4DAA-4779-9778-9A50B5137E84"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.240944",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.240944",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

58
CVE-2023/CVE-2023-53xx/CVE-2023-5317.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5317",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-30T01:15:39.227",
"lastModified": "2023-09-30T01:57:32.760",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:13:53.743",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS)- almacenado en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.18."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +72,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.18",
"matchCriteriaId": "4AC7B224-C622-408D-A05F-74FE33C70B68"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/thorsten/phpmyfaq/commit/ec551bdf1566ede1e55f289888c446f877ad9a83",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/5e146e7c-60c7-498b-9ffe-fd4cb4ca8c54",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
]
}
]
}

70
CVE-2023/CVE-2023-53xx/CVE-2023-5318.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5318",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-30T01:15:39.293",
"lastModified": "2023-09-30T01:57:32.760",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:13:44.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0."
},
{
"lang": "es",
"value": "Uso de credenciales codificadas en el repositorio de GitHub microweber/microweber anterior a 2.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -36,7 +62,7 @@
},
"weaknesses": [
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,16 +70,50 @@
"value": "CWE-798"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0",
"matchCriteriaId": "A3C150C1-4763-474B-91B5-B571C53BEC4D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/microweber/microweber/commit/c48b34dfd6cae7a55b452280d692dc62512574b0",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/17826bdd-8136-48ae-afb9-af627cb6fd5d",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
]
}
]
}

58
CVE-2023/CVE-2023-53xx/CVE-2023-5319.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5319",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-30T01:15:39.363",
"lastModified": "2023-09-30T01:57:32.760",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:13:30.087",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS)- almacenado en el repositorio de GitHub thorsten/phpmyfaq antes de la versi\u00f3n 3.1.18."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +72,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.18",
"matchCriteriaId": "4AC7B224-C622-408D-A05F-74FE33C70B68"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/thorsten/phpmyfaq/commit/95ed9b20557ed930d4eed1f3a6db713416f31131",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/e2542cbe-41ab-4a90-b6a4-191884c1834d",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
]
}
]
}

58
CVE-2023/CVE-2023-53xx/CVE-2023-5320.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5320",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-30T01:15:39.430",
"lastModified": "2023-09-30T01:57:32.760",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-02T20:13:19.963",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18."
},
{
"lang": "es",
"value": "Cross-site Scripting (XSS)- DOM en el repositorio de GitHub thorsten/phpmyfaq anterior a 3.1.18."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +72,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.18",
"matchCriteriaId": "4AC7B224-C622-408D-A05F-74FE33C70B68"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/thorsten/phpmyfaq/commit/e92369543959772adcdab4f36c837faa27490346",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/3a2bc18b-5932-4fb5-a01e-24b2b0443b67",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Broken Link"
]
}
]
}

58
CVE-2023/CVE-2023-53xx/CVE-2023-5323.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5323",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-01T01:15:24.997",
"lastModified": "2023-10-01T03:02:09.307",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-02T20:26:24.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0."
},
{
"lang": "es",
"value": "Cross-Site Scripting (XSS) Gen\u00e9rico en el repositorio de GitHub dolibarr/dolibarr anterior a la versi\u00f3n 18.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +72,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.0",
"matchCriteriaId": "F0F079BB-D942-40AA-B9BF-9EFCB58933E3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/dolibarr/dolibarr/commit/695ca086847b3b6a185afa93e897972c93c43d15",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/7a048bb7-bfdd-4299-931e-9bc283e92bc8",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Permissions Required"
]
}
]
}

59
CVE-2023/CVE-2023-53xx/CVE-2023-5344.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5344",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-02T20:15:10.327",
"lastModified": "2023-10-02T20:26:54.460",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://github.com/vim/vim/commit/3bd7fa12e146c6051490d048a4acbfba974eeb04",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf",
"source": "security@huntr.dev"
}
]
}

75
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-02T20:00:26.031630+00:00
2023-10-02T22:00:24.615811+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-02T19:59:24+00:00
2023-10-02T21:15:34.663000+00:00
```
### Last Data Feed Release
@ -29,47 +29,56 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
226758
226770
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `12`
* [CVE-2023-40744](CVE-2023/CVE-2023-407xx/CVE-2023-40744.json) (`2023-10-02T18:15:09.780`)
* [CVE-2023-0809](CVE-2023/CVE-2023-08xx/CVE-2023-0809.json) (`2023-10-02T19:15:09.717`)
* [CVE-2023-37605](CVE-2023/CVE-2023-376xx/CVE-2023-37605.json) (`2023-10-02T19:15:10.327`)
* [CVE-2023-3592](CVE-2023/CVE-2023-35xx/CVE-2023-3592.json) (`2023-10-02T20:15:10.123`)
* [CVE-2023-43835](CVE-2023/CVE-2023-438xx/CVE-2023-43835.json) (`2023-10-02T20:15:10.187`)
* [CVE-2023-43890](CVE-2023/CVE-2023-438xx/CVE-2023-43890.json) (`2023-10-02T20:15:10.233`)
* [CVE-2023-44463](CVE-2023/CVE-2023-444xx/CVE-2023-44463.json) (`2023-10-02T20:15:10.277`)
* [CVE-2023-5344](CVE-2023/CVE-2023-53xx/CVE-2023-5344.json) (`2023-10-02T20:15:10.327`)
* [CVE-2023-43267](CVE-2023/CVE-2023-432xx/CVE-2023-43267.json) (`2023-10-02T21:15:34.377`)
* [CVE-2023-43268](CVE-2023/CVE-2023-432xx/CVE-2023-43268.json) (`2023-10-02T21:15:34.430`)
* [CVE-2023-43297](CVE-2023/CVE-2023-432xx/CVE-2023-43297.json) (`2023-10-02T21:15:34.480`)
* [CVE-2023-43361](CVE-2023/CVE-2023-433xx/CVE-2023-43361.json) (`2023-10-02T21:15:34.520`)
* [CVE-2023-43836](CVE-2023/CVE-2023-438xx/CVE-2023-43836.json) (`2023-10-02T21:15:34.567`)
* [CVE-2023-44008](CVE-2023/CVE-2023-440xx/CVE-2023-44008.json) (`2023-10-02T21:15:34.617`)
* [CVE-2023-44009](CVE-2023/CVE-2023-440xx/CVE-2023-44009.json) (`2023-10-02T21:15:34.663`)
### CVEs modified in the last Commit
Recently modified CVEs: `58`
Recently modified CVEs: `73`
* [CVE-2023-5170](CVE-2023/CVE-2023-51xx/CVE-2023-5170.json) (`2023-10-02T18:58:23.177`)
* [CVE-2023-5169](CVE-2023/CVE-2023-51xx/CVE-2023-5169.json) (`2023-10-02T18:58:51.953`)
* [CVE-2023-44129](CVE-2023/CVE-2023-441xx/CVE-2023-44129.json) (`2023-10-02T18:59:15.660`)
* [CVE-2023-41911](CVE-2023/CVE-2023-419xx/CVE-2023-41911.json) (`2023-10-02T19:02:19.277`)
* [CVE-2023-44276](CVE-2023/CVE-2023-442xx/CVE-2023-44276.json) (`2023-10-02T19:04:54.577`)
* [CVE-2023-5230](CVE-2023/CVE-2023-52xx/CVE-2023-5230.json) (`2023-10-02T19:07:13.023`)
* [CVE-2023-36844](CVE-2023/CVE-2023-368xx/CVE-2023-36844.json) (`2023-10-02T19:15:09.863`)
* [CVE-2023-36845](CVE-2023/CVE-2023-368xx/CVE-2023-36845.json) (`2023-10-02T19:15:10.070`)
* [CVE-2023-20223](CVE-2023/CVE-2023-202xx/CVE-2023-20223.json) (`2023-10-02T19:21:45.950`)
* [CVE-2023-5183](CVE-2023/CVE-2023-51xx/CVE-2023-5183.json) (`2023-10-02T19:22:03.777`)
* [CVE-2023-30961](CVE-2023/CVE-2023-309xx/CVE-2023-30961.json) (`2023-10-02T19:24:04.767`)
* [CVE-2023-0833](CVE-2023/CVE-2023-08xx/CVE-2023-0833.json) (`2023-10-02T19:26:24.710`)
* [CVE-2023-41658](CVE-2023/CVE-2023-416xx/CVE-2023-41658.json) (`2023-10-02T19:28:29.420`)
* [CVE-2023-41657](CVE-2023/CVE-2023-416xx/CVE-2023-41657.json) (`2023-10-02T19:30:19.917`)
* [CVE-2023-41655](CVE-2023/CVE-2023-416xx/CVE-2023-41655.json) (`2023-10-02T19:32:07.347`)
* [CVE-2023-39308](CVE-2023/CVE-2023-393xx/CVE-2023-39308.json) (`2023-10-02T19:36:52.837`)
* [CVE-2023-43944](CVE-2023/CVE-2023-439xx/CVE-2023-43944.json) (`2023-10-02T19:37:07.767`)
* [CVE-2023-43909](CVE-2023/CVE-2023-439xx/CVE-2023-43909.json) (`2023-10-02T19:40:04.803`)
* [CVE-2023-5288](CVE-2023/CVE-2023-52xx/CVE-2023-5288.json) (`2023-10-02T19:40:35.707`)
* [CVE-2023-5261](CVE-2023/CVE-2023-52xx/CVE-2023-5261.json) (`2023-10-02T19:41:13.977`)
* [CVE-2023-3906](CVE-2023/CVE-2023-39xx/CVE-2023-3906.json) (`2023-10-02T19:42:18.340`)
* [CVE-2023-3115](CVE-2023/CVE-2023-31xx/CVE-2023-3115.json) (`2023-10-02T19:46:27.487`)
* [CVE-2023-2233](CVE-2023/CVE-2023-22xx/CVE-2023-2233.json) (`2023-10-02T19:51:31.383`)
* [CVE-2023-0989](CVE-2023/CVE-2023-09xx/CVE-2023-0989.json) (`2023-10-02T19:52:42.083`)
* [CVE-2023-42818](CVE-2023/CVE-2023-428xx/CVE-2023-42818.json) (`2023-10-02T19:59:24.000`)
* [CVE-2023-43727](CVE-2023/CVE-2023-437xx/CVE-2023-43727.json) (`2023-10-02T20:23:35.937`)
* [CVE-2023-43726](CVE-2023/CVE-2023-437xx/CVE-2023-43726.json) (`2023-10-02T20:23:42.153`)
* [CVE-2023-43725](CVE-2023/CVE-2023-437xx/CVE-2023-43725.json) (`2023-10-02T20:23:49.507`)
* [CVE-2023-43724](CVE-2023/CVE-2023-437xx/CVE-2023-43724.json) (`2023-10-02T20:23:55.357`)
* [CVE-2023-43723](CVE-2023/CVE-2023-437xx/CVE-2023-43723.json) (`2023-10-02T20:24:01.857`)
* [CVE-2023-43722](CVE-2023/CVE-2023-437xx/CVE-2023-43722.json) (`2023-10-02T20:24:07.800`)
* [CVE-2023-43721](CVE-2023/CVE-2023-437xx/CVE-2023-43721.json) (`2023-10-02T20:24:12.980`)
* [CVE-2023-43720](CVE-2023/CVE-2023-437xx/CVE-2023-43720.json) (`2023-10-02T20:24:18.953`)
* [CVE-2023-43735](CVE-2023/CVE-2023-437xx/CVE-2023-43735.json) (`2023-10-02T20:24:51.227`)
* [CVE-2023-43734](CVE-2023/CVE-2023-437xx/CVE-2023-43734.json) (`2023-10-02T20:24:59.287`)
* [CVE-2023-43733](CVE-2023/CVE-2023-437xx/CVE-2023-43733.json) (`2023-10-02T20:25:05.513`)
* [CVE-2023-43730](CVE-2023/CVE-2023-437xx/CVE-2023-43730.json) (`2023-10-02T20:25:14.447`)
* [CVE-2023-43732](CVE-2023/CVE-2023-437xx/CVE-2023-43732.json) (`2023-10-02T20:25:22.140`)
* [CVE-2023-43731](CVE-2023/CVE-2023-437xx/CVE-2023-43731.json) (`2023-10-02T20:25:27.757`)
* [CVE-2023-43729](CVE-2023/CVE-2023-437xx/CVE-2023-43729.json) (`2023-10-02T20:25:31.980`)
* [CVE-2023-43728](CVE-2023/CVE-2023-437xx/CVE-2023-43728.json) (`2023-10-02T20:25:37.520`)
* [CVE-2023-5111](CVE-2023/CVE-2023-51xx/CVE-2023-5111.json) (`2023-10-02T20:25:54.513`)
* [CVE-2023-5323](CVE-2023/CVE-2023-53xx/CVE-2023-5323.json) (`2023-10-02T20:26:24.737`)
* [CVE-2023-5112](CVE-2023/CVE-2023-51xx/CVE-2023-5112.json) (`2023-10-02T20:26:32.583`)
* [CVE-2023-4659](CVE-2023/CVE-2023-46xx/CVE-2023-4659.json) (`2023-10-02T20:26:54.460`)
* [CVE-2023-0809](CVE-2023/CVE-2023-08xx/CVE-2023-0809.json) (`2023-10-02T20:26:54.460`)
* [CVE-2023-37605](CVE-2023/CVE-2023-376xx/CVE-2023-37605.json) (`2023-10-02T20:26:54.460`)
* [CVE-2023-44080](CVE-2023/CVE-2023-440xx/CVE-2023-44080.json) (`2023-10-02T20:30:36.210`)
* [CVE-2023-38873](CVE-2023/CVE-2023-388xx/CVE-2023-38873.json) (`2023-10-02T20:48:21.003`)
* [CVE-2023-44273](CVE-2023/CVE-2023-442xx/CVE-2023-44273.json) (`2023-10-02T21:06:10.147`)
## Download and Usage