Auto-Update: 2024-07-07T18:00:42.520950+00:00

2025-07-09 16:05:11 +00:00 · 2024-07-07 18:03:35 +00:00 · 2024-07-07 18:03:35 +00:00 · 75a6d46b9f
commit 75a6d46b9f
parent 0daa3eaba8
3 changed files with 62 additions and 5 deletions
--- a/CVE-2024/CVE-2024-62xx/CVE-2024-6229.json
+++ b/CVE-2024/CVE-2024-62xx/CVE-2024-6229.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-6229",
+  "sourceIdentifier": "security@huntr.dev",
+  "published": "2024-07-07T16:15:02.013",
+  "lastModified": "2024-07-07T16:15:02.013",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A stored cross-site scripting (XSS) vulnerability exists in the 'Upload Knowledge' feature of stangirard/quivr, affecting the latest version. Users can upload files via URL, which allows the insertion of malicious JavaScript payloads. These payloads are stored on the server and executed whenever any user clicks on a link containing the payload, leading to potential data theft, session hijacking, and reputation damage."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "security@huntr.dev",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.8,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 4.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@huntr.dev",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://huntr.com/bounties/2ee71e9e-2cf5-41a4-8440-d75758018786",
+      "source": "security@huntr.dev"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-07-07T16:00:28.387567+00:00
+2024-07-07T18:00:42.520950+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-07-07T15:15:09.923000+00:00
+2024-07-07T16:15:02.013000+00:00
 ```

 ### Last Data Feed Release
@ -33,14 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-255977
+255978
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `1`

- [CVE-2024-40614](CVE-2024/CVE-2024-406xx/CVE-2024-40614.json) (`2024-07-07T15:15:09.923`)
+- [CVE-2024-6229](CVE-2024/CVE-2024-62xx/CVE-2024-6229.json) (`2024-07-07T16:15:02.013`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -254315,7 +254315,7 @@ CVE-2024-40603,0,0,a59eb09c112c52f2f41fff991543251e420e8ed1adcc447fe75b7105e7759
 CVE-2024-40604,0,0,06c9fcfeda33a92aaaf0864f242969e9767dfcef607901c977ee31765ab64188,2024-07-07T00:15:10.690000
 CVE-2024-40605,0,0,63f2796aa96da63d2a64510dcc3ffc1fba4cca74f8258df71034a13d64b69abc,2024-07-07T00:15:10.770000
 CVE-2024-4061,0,0,731822e6f24cd811e7f06812f39ade81c9a66c6b1046f4d45903066a1f181f99,2024-05-21T12:37:59.687000
-CVE-2024-40614,1,1,a58e68ff975dc388908772a166ffcb41c50e83a7ba383078526a5a88e8f6baf7,2024-07-07T15:15:09.923000
+CVE-2024-40614,0,0,a58e68ff975dc388908772a166ffcb41c50e83a7ba383078526a5a88e8f6baf7,2024-07-07T15:15:09.923000
 CVE-2024-4062,0,0,7fcbe6e50148b9b5e05d3025a893191a4aca3bb309243ec182c3df8f6e2a0587,2024-06-04T19:20:29.007000
 CVE-2024-4063,0,0,10c24a204d439c4cd3340a486d9bc67fc982c548c71c2d3a385738d7e6499dc1,2024-06-04T19:20:29.120000
 CVE-2024-4064,0,0,0a357968458dd966b7a4969f86556627b0af0220edbb91249e767e6972ab2a17,2024-05-17T02:40:14.223000
@ -255866,6 +255866,7 @@ CVE-2024-6216,0,0,163aaa10da8fbd3f1a722ddf5828825abea50c90fd2d9b89c4bf2c73ab93f6
 CVE-2024-6217,0,0,3711ed31aaa9f7586428ac093ba9118453625e92a316540d8e0c90d5655ba292,2024-06-21T11:22:01.687000
 CVE-2024-6218,0,0,080145c08c5ffaf1b0f4fe61601c30772836ccbea26d111bc22bd57681c581e7,2024-06-21T15:15:16.547000
 CVE-2024-6225,0,0,05da1495d7d116987721ea4d8dad783669e833db8afd42c6e9b9d7b36358250e,2024-06-24T19:21:28.450000
+CVE-2024-6229,1,1,f1f054c8daa5ac2c46672d5a0f53c7a9d2a940a35470133039aaba3576e253b3,2024-07-07T16:15:02.013000
 CVE-2024-6238,0,0,01bce4fcd5bf21099e3fa29fb7e34bf0d2a461d152d0ae3d9b913c1fb46d1451,2024-06-25T18:50:42.040000
 CVE-2024-6239,0,0,4d98a21d53ef2e5917897cadc254a12ee654ff1e3575a82a15151981272f61b5,2024-06-24T19:06:27.537000
 CVE-2024-6240,0,0,3ba60659d5977ed2c81ae70dc02c754f9eebbd14309190bebb86d2a019bd47a8,2024-06-24T19:10:38.983000