Auto-Update: 2024-06-30T06:00:39.792483+00:00

2025-07-11 16:13:34 +00:00 · 2024-06-30 06:03:33 +00:00 · 2024-06-30 06:03:33 +00:00 · 624295e656
commit 624295e656
parent aaec8fd2c1
3 changed files with 145 additions and 8 deletions
--- a/CVE-2024/CVE-2024-64xx/CVE-2024-6415.json
+++ b/CVE-2024/CVE-2024-64xx/CVE-2024-6415.json
@ -0,0 +1,137 @@
 {
  "id": "CVE-2024-6415",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2024-06-30T04:15:02.250",
  "lastModified": "2024-06-30T04:15:02.250",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability classified as problematic was found in Ingenico Estate Manager 2023. Affected by this vulnerability is an unknown functionality of the file /emgui/rest/preferences/PREF_HOME_PAGE/sponsor/3/ of the component New Widget Handler. The manipulation of the argument URL leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-270001 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "vulnerableSystemConfidentiality": "NONE",
          "vulnerableSystemIntegrity": "LOW",
          "vulnerableSystemAvailability": "NONE",
          "subsequentSystemConfidentiality": "NONE",
          "subsequentSystemIntegrity": "NONE",
          "subsequentSystemAvailability": "NONE",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirements": "NOT_DEFINED",
          "integrityRequirements": "NOT_DEFINED",
          "availabilityRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
          "safety": "NOT_DEFINED",
          "automatable": "NOT_DEFINED",
          "recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM"
        }
      }
    ],
    "cvssMetricV31": [
      {
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 2.4,
          "baseSeverity": "LOW"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 1.4
      }
    ],
    "cvssMetricV2": [
      {
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "MULTIPLE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.3
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 6.4,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "cna@vuldb.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://gentle-khaan-c53.notion.site/Self-Reflected-XSS-in-Ingenico-The-Estate-Manager-94b4c85ffe074c6b870a6454f73edaf4?pvs=4",
      "source": "cna@vuldb.com"
    },
    {
      "url": "https://vuldb.com/?ctiid.270001",
      "source": "cna@vuldb.com"
    },
    {
      "url": "https://vuldb.com/?id.270001",
      "source": "cna@vuldb.com"
    },
    {
      "url": "https://vuldb.com/?submit.362344",
      "source": "cna@vuldb.com"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 ```plain
-2024-06-30T04:00:36.121844+00:00
+2024-06-30T06:00:39.792483+00:00
 ```
 ### Most recent CVE Modification Timestamp synchronized with NVD
 ```plain
-2024-06-30T03:15:02.223000+00:00
+2024-06-30T04:15:02.250000+00:00
 ```
 ### Last Data Feed Release
@ -33,21 +33,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 ```plain
-255499
+255500
 ```
 ### CVEs added in the last Commit
 Recently added CVEs: `1`
- [CVE-2024-6414](CVE-2024/CVE-2024-64xx/CVE-2024-6414.json) (`2024-06-30T03:15:02.223`)
+- [CVE-2024-6415](CVE-2024/CVE-2024-64xx/CVE-2024-6415.json) (`2024-06-30T04:15:02.250`)
 ### CVEs modified in the last Commit
-Recently modified CVEs: `1`
+Recently modified CVEs: `0`
 - [CVE-2024-39828](CVE-2024/CVE-2024-398xx/CVE-2024-39828.json) (`2024-06-30T02:15:02.267`)
 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -253868,7 +253868,7 @@ CVE-2024-3974,0,0,30b94b89b01dd2c6057362330f67dc78937f3f3edffa0c5a57e7602f711f91
 CVE-2024-3977,0,0,e9f44416847592725fc2cd47ffed9c743bca75989a5c2d940c73903d22d68b79,2024-06-17T12:42:04.623000
 CVE-2024-3978,0,0,338ec55d360d0ecf1dfe595690a2d37e24aa4129fa5a75aae324bfa31cd2fe9a,2024-06-17T12:42:04.623000
 CVE-2024-3979,0,0,4ac2126fe63098861061c1ed3772b0712449f42e64a5481492de94fd61a5b947,2024-06-06T20:15:14.127000
-CVE-2024-39828,0,1,31eb2167fecbbda5642dedf4e55fff8a0662863869bac939f242b14fecd9254f,2024-06-30T02:15:02.267000
+CVE-2024-39828,0,0,31eb2167fecbbda5642dedf4e55fff8a0662863869bac939f242b14fecd9254f,2024-06-30T02:15:02.267000
 CVE-2024-3984,0,0,bee410e9bf0342c5ecf3886d76050e2314329db97e17f53f9285ff32a0d9ee8f,2024-06-20T12:44:01.637000
 CVE-2024-39840,0,0,047d979b2fcf1a9830727be1cf5cfab778c9f98b8c6748424d91100231c8b67f,2024-06-29T17:15:09.857000
 CVE-2024-39846,0,0,cffd1230dd7435c26d95c325c5366a1ccd985a2f9e414d529e3af68882ee9e83,2024-06-29T21:15:09.917000
@ -255497,4 +255497,5 @@ CVE-2024-6388,0,0,e641c9d869769d4291da87145b48d15b4f200c046d6b100142bc686375a847
 CVE-2024-6402,0,0,4ab71895b3368bd1544211088d3abf700d4f701c214f7ecf3c60b7d176fc2603,2024-06-28T17:15:03.810000
 CVE-2024-6403,0,0,429dfb36ed402b9131ff77942437fb1a517bdb7d9c4bc0d98800d5561627779c,2024-06-28T17:15:04.140000
 CVE-2024-6405,0,0,038b14279ce0315b7a8980b7821f46591d9e467d7f65f841d288ca599d5003a6,2024-06-29T02:15:02.223000
-CVE-2024-6414,1,1,70b26d50e267b67a07d9bb4b9f1c84966b1a8bfb20d759370cc1a093ba5f1259,2024-06-30T03:15:02.223000
+CVE-2024-6414,0,0,70b26d50e267b67a07d9bb4b9f1c84966b1a8bfb20d759370cc1a093ba5f1259,2024-06-30T03:15:02.223000
 CVE-2024-6415,1,1,62e9973ee32aafad192ff857247035567ab1ac1ef13febe846fa28737426c3a2,2024-06-30T04:15:02.250000