admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-05-06T08:00:39.597154+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-05-06 08:03:30 +00:00
parent ea849515ef
commit 82c2560fa8
15 changed files with 811 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CVE-2024/CVE-2024-09xx/CVE-2024-0904.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-0904",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-06T06:15:06.937",
"lastModified": "2024-05-06T06:15:06.937",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/baf4afc9-c20e-47d6-a798-75e15652d1e3/",
"source": "contact@wpscan.com"
}
]
}

59
CVE-2024/CVE-2024-231xx/CVE-2024-23186.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-23186",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-05-06T07:15:06.450",
"lastModified": "2024-05-06T07:15:06.450",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer methods of handling external content when embedding displayname information to the web interface. No publicly available exploits are known."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@open-xchange.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@open-xchange.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://documentation.open-xchange.com/appsuite/releases/8.22/",
"source": "security@open-xchange.com"
},
{
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2024/oxas-adv-2024-0002.json",
"source": "security@open-xchange.com"
}
]
}

59
CVE-2024/CVE-2024-231xx/CVE-2024-23187.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-23187",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-05-06T07:15:06.850",
"lastModified": "2024-05-06T07:15:06.850",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the \"show more\" option. Attackers could perform malicious API requests or extract information from the users account. Exploiting the vulnerability requires user interaction. Please deploy the provided updates and patch releases. CID replacement has been hardened to omit invalid identifiers. No publicly available exploits are known."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@open-xchange.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@open-xchange.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://documentation.open-xchange.com/appsuite/releases/8.22/",
"source": "security@open-xchange.com"
},
{
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2024/oxas-adv-2024-0002.json",
"source": "security@open-xchange.com"
}
]
}

59
CVE-2024/CVE-2024-231xx/CVE-2024-23188.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-23188",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-05-06T07:15:07.137",
"lastModified": "2024-05-06T07:15:07.137",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to trigger. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer methods of handling external content when embedding attachment information to the web interface. No publicly available exploits are known."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@open-xchange.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@open-xchange.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://documentation.open-xchange.com/appsuite/releases/8.22/",
"source": "security@open-xchange.com"
},
{
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2024/oxas-adv-2024-0002.json",
"source": "security@open-xchange.com"
}
]
}

59
CVE-2024/CVE-2024-231xx/CVE-2024-23193.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-23193",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-05-06T07:15:07.533",
"lastModified": "2024-05-06T07:15:07.533",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation requires good timing and modification of multiple request parameters. Please deploy the provided updates and patch releases. The cache for PDF exports now takes user session information into consideration when performing authorization decisions. No publicly available exploits are known."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@open-xchange.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@open-xchange.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://documentation.open-xchange.com/appsuite/releases/8.22/",
"source": "security@open-xchange.com"
},
{
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2024/oxas-adv-2024-0002.json",
"source": "security@open-xchange.com"
}
]
}

20
CVE-2024/CVE-2024-37xx/CVE-2024-3752.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-3752",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-06T06:15:07.080",
"lastModified": "2024-05-06T06:15:07.080",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/e738540a-2006-4b92-8db1-2476374d35bd/",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2024/CVE-2024-37xx/CVE-2024-3755.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-3755",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-06T06:15:07.140",
"lastModified": "2024-05-06T06:15:07.140",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/d34caeaf-2ecf-44a2-b308-e940bafd402c/",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2024/CVE-2024-37xx/CVE-2024-3756.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-3756",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-06T06:15:07.197",
"lastModified": "2024-05-06T06:15:07.197",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/b28d0dca-2df1-4925-be81-dd9c46859c38/",
"source": "contact@wpscan.com"
}
]
}

92
CVE-2024/CVE-2024-45xx/CVE-2024-4524.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-4524",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-05-06T06:15:07.257",
"lastModified": "2024-05-06T06:15:07.257",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_payment_invoice.php. The manipulation of the argument desc leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263127."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2011.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.263127",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.263127",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.329770",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2024/CVE-2024-45xx/CVE-2024-4525.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-4525",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-05-06T06:15:07.663",
"lastModified": "2024-05-06T06:15:07.663",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/student_payment_details4.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263128."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2012.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.263128",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.263128",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.329771",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2024/CVE-2024-45xx/CVE-2024-4526.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-4526",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-05-06T06:15:08.107",
"lastModified": "2024-05-06T06:15:08.107",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /view/student_payment_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263129 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2013.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.263129",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.263129",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.329772",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2024/CVE-2024-45xx/CVE-2024-4527.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-4527",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-05-06T06:15:08.497",
"lastModified": "2024-05-06T06:15:08.497",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263130 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2014.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.263130",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.263130",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.329773",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2024/CVE-2024-45xx/CVE-2024-4528.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-4528",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-05-06T07:15:07.960",
"lastModified": "2024-05-06T07:15:07.960",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /Admin/user-record.php. The manipulation of the argument txtfullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263131."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 3.3
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/yylmm/CVE/blob/main/Prison%20Management%20System/xss2.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.263131",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.263131",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.329780",
"source": "cna@vuldb.com"
}
]
}

26
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-05-06T06:00:37.812801+00:00
2024-05-06T08:00:39.597154+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-05-06T05:15:07.083000+00:00
2024-05-06T07:15:07.960000+00:00
```
### Last Data Feed Release
@ -33,18 +33,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
248666
248679
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `13`
- [CVE-2024-4518](CVE-2024/CVE-2024-45xx/CVE-2024-4518.json) (`2024-05-06T04:15:07.487`)
- [CVE-2024-4519](CVE-2024/CVE-2024-45xx/CVE-2024-4519.json) (`2024-05-06T04:15:07.997`)
- [CVE-2024-4521](CVE-2024/CVE-2024-45xx/CVE-2024-4521.json) (`2024-05-06T05:15:06.447`)
- [CVE-2024-4522](CVE-2024/CVE-2024-45xx/CVE-2024-4522.json) (`2024-05-06T05:15:06.807`)
- [CVE-2024-4523](CVE-2024/CVE-2024-45xx/CVE-2024-4523.json) (`2024-05-06T05:15:07.083`)
- [CVE-2024-0904](CVE-2024/CVE-2024-09xx/CVE-2024-0904.json) (`2024-05-06T06:15:06.937`)
- [CVE-2024-23186](CVE-2024/CVE-2024-231xx/CVE-2024-23186.json) (`2024-05-06T07:15:06.450`)
- [CVE-2024-23187](CVE-2024/CVE-2024-231xx/CVE-2024-23187.json) (`2024-05-06T07:15:06.850`)
- [CVE-2024-23188](CVE-2024/CVE-2024-231xx/CVE-2024-23188.json) (`2024-05-06T07:15:07.137`)
- [CVE-2024-23193](CVE-2024/CVE-2024-231xx/CVE-2024-23193.json) (`2024-05-06T07:15:07.533`)
- [CVE-2024-3752](CVE-2024/CVE-2024-37xx/CVE-2024-3752.json) (`2024-05-06T06:15:07.080`)
- [CVE-2024-3755](CVE-2024/CVE-2024-37xx/CVE-2024-3755.json) (`2024-05-06T06:15:07.140`)
- [CVE-2024-3756](CVE-2024/CVE-2024-37xx/CVE-2024-3756.json) (`2024-05-06T06:15:07.197`)
- [CVE-2024-4524](CVE-2024/CVE-2024-45xx/CVE-2024-4524.json) (`2024-05-06T06:15:07.257`)
- [CVE-2024-4525](CVE-2024/CVE-2024-45xx/CVE-2024-4525.json) (`2024-05-06T06:15:07.663`)
- [CVE-2024-4526](CVE-2024/CVE-2024-45xx/CVE-2024-4526.json) (`2024-05-06T06:15:08.107`)
- [CVE-2024-4527](CVE-2024/CVE-2024-45xx/CVE-2024-4527.json) (`2024-05-06T06:15:08.497`)
- [CVE-2024-4528](CVE-2024/CVE-2024-45xx/CVE-2024-4528.json) (`2024-05-06T07:15:07.960`)
### CVEs modified in the last Commit

23
_state.csv
View File

@ -239979,6 +239979,7 @@ CVE-2024-0900,0,0,0df16b48e073462cef0a451a68261119942789edbcc049ef43c079272fea0e
CVE-2024-0901,0,0,8395d055c39a2ded7a6676d9f91e364a6c601b11f066a458c7ff4909044d580a,2024-03-26T12:55:05.010000
CVE-2024-0902,0,0,c022af4b73cd366b52a576af13eecfefbd72fc877962e0376aba015f72537ab5,2024-04-15T13:15:31.997000
CVE-2024-0903,0,0,4e5a944405938a6def0adf008001af709d311e38e0572265081d65abf85ff9fb,2024-02-22T19:07:27.197000
CVE-2024-0904,1,1,dfd35cd843ec283f0a18438031f00310ab3812f99cd3152798deb5c6a1c0f322,2024-05-06T06:15:06.937000
CVE-2024-0905,0,0,b09c0148d010492e0c5e8dbd61aa5f1ad2339578863cbfd2ea25aae7129ad665,2024-04-26T12:58:17.720000
CVE-2024-0906,0,0,2cb73c39a2e6fe8ef5222442ed25db55924374576f26540dbc47cb2f830bdc5d,2024-03-12T12:40:13.500000
CVE-2024-0907,0,0,736d9a373e93547114922fac343df53c487c280e59648bef9a3cecc6379f908e,2024-02-29T13:49:29.390000
@ -242517,11 +242518,15 @@ CVE-2024-23180,0,0,e1d7dd545ba9f64a187a87150c5e0980c64760319d7ec16ab7d59d98e268c
CVE-2024-23181,0,0,1670ba0f025ea5af6bb232b7859412796f7e598981dee961828ca2057439dfe0,2024-01-29T22:55:15.377000
CVE-2024-23182,0,0,f1264713bd57ef4128de6f3045f4c61bebd1bad343f929e4484b785773092265,2024-01-29T22:55:36.183000
CVE-2024-23183,0,0,93cf9ba468f15615134365f0103ab70e70069d42361d31f584c40ec201d8a9a2,2024-01-29T22:55:48.787000
CVE-2024-23186,1,1,61e6f25cd446807f5bc5d06cd0b0848836a794ec44bc49794f9c2d2c183f2206,2024-05-06T07:15:06.450000
CVE-2024-23187,1,1,52a94a703073727e185665d6d458e041e46564d6d6c647d17f03e1fe611fba29,2024-05-06T07:15:06.850000
CVE-2024-23188,1,1,d7428d06eabc11fcd98ccb6e504932a193cf5c478c2fef0dc9eeb5f485f3554f,2024-05-06T07:15:07.137000
CVE-2024-23189,0,0,38105a286e29ba4aeb2b7f55c2818d00acb37082743b2ce1bce1b1cce9e3180d,2024-04-11T11:15:48.320000
CVE-2024-2319,0,0,7c418d002244d51b00ca2fafa0c8e14c5cc40641054fa1d4dc85ce7d77674499,2024-03-08T21:19:43.127000
CVE-2024-23190,0,0,add17161c7c8505b6ba715b4898e70540bf15ecced41ee84c2b2e0388a683985,2024-04-11T11:15:48.423000
CVE-2024-23191,0,0,459948535d54516570f8d837aea6f84683ce700a59124af1293fdc8518256e81,2024-04-11T11:15:48.497000
CVE-2024-23192,0,0,ddfbef4409196a7a3eeb03bbc2422d0e54ca57b797a5b47e231d14cc76bbe3c5,2024-04-11T11:15:48.570000
CVE-2024-23193,1,1,903df0b0cee2a02963b4b02144e3c002b4d7cffe0a91928c2d90680c1e7e26cd,2024-05-06T07:15:07.533000
CVE-2024-23196,0,0,916695e8de6ad88a7eb739e09a11651ad9458fb3044e054e85a4e9fe2ce054c9,2024-02-10T04:06:14.577000
CVE-2024-23201,0,0,0f8fb4c7d86a834d8d9bd84c59d7ac097591ba1ab57e91c147b21ce025d3951c,2024-03-13T23:15:45.840000
CVE-2024-23203,0,0,a7d3b9c842d401a26cd60b5363d9fd931ec7b6ace08dfe359efc5de9e4d5324f,2024-03-13T22:15:09.117000
@ -248379,6 +248384,9 @@ CVE-2024-3742,0,0,4b3ada4ba8a852763747bd8b7f375d88aab1b05d8dd7734620799c1f9021e3
CVE-2024-3743,0,0,9a6b7afd101828429fd2b5882bd6b803486dae9e648fa6bf8396ec85d32ed0d8,2024-05-02T18:00:37.360000
CVE-2024-3746,0,0,ab6567509a82c4f0182861199dbafd1145e3e92d047a264ff58554ba2ee7e5b2,2024-05-01T13:02:20.750000
CVE-2024-3747,0,0,7d9f76a0b00dda2450be7453047de386dc88bdd58855be8a05089d3c9c6f1ff8,2024-05-02T18:00:37.360000
CVE-2024-3752,1,1,3a0acbe533232d11cd8368d6ae3d4d1e5be588e2f9666d02d6c82d75c89cc4a4,2024-05-06T06:15:07.080000
CVE-2024-3755,1,1,ed94857e2c2c70f94475f023acf570e5817164d001c0d5eeda257607ae251182,2024-05-06T06:15:07.140000
CVE-2024-3756,1,1,27ca0b6f820dc345d73223105677ce14f495b8180fc4b5f2e3542fa717791ed3,2024-05-06T06:15:07.197000
CVE-2024-3762,0,0,8786cfd326f85cef30984c56459dfc9fe93a76e6338c27d090dd8d173488b8b0,2024-04-15T13:15:31.997000
CVE-2024-3763,0,0,1eebac5877c8c886e0c3f8814e0dc9f66bf992c6afa583c2dc485461fb17eebd,2024-04-15T13:15:31.997000
CVE-2024-3764,0,0,bc0166392f0fa682ac423224b68b272d1fbe64e8573563127fc316656ba68a89,2024-04-16T07:15:13.437000
@ -248660,8 +248668,13 @@ CVE-2024-4514,0,0,522446172f3e83c661a56623f55e450ca3ff2610acf1a3661fab994672e158
CVE-2024-4515,0,0,cb1bc49ea16630c7e503e775ec35e0d9cb10a3be51d75a0dfe5736378dc75c25,2024-05-06T02:15:07.633000
CVE-2024-4516,0,0,6ab30f6ba571cf289c105cc23dd47eb794b77e91a4e8781e2238f1d97b117a0c,2024-05-06T03:15:10.063000
CVE-2024-4517,0,0,77ca2b5ac579746ef96a6eb405440d4d9600375b3d91a8b8e91e385d9199272b,2024-05-06T03:15:10.347000
CVE-2024-4518,1,1,560593b63b163371401bb7602a5e3fbed496cd72cc97d4f3d14609af6817728c,2024-05-06T04:15:07.487000
CVE-2024-4519,1,1,2a79b3eb95e2c3a2767de7388481f1453382c2f0796b6cb7f352417448f0808c,2024-05-06T04:15:07.997000
CVE-2024-4521,1,1,9658e5cf99e04dd5586315713e05e3d850ce098c57178665ca4ba6d6b2e58a64,2024-05-06T05:15:06.447000
CVE-2024-4522,1,1,7bdcd36b7695661d67670f012f4c81bf65f3c46e18707bbd3e7e86e8f99867aa,2024-05-06T05:15:06.807000
CVE-2024-4523,1,1,fc6543bd7eda088751563f03d4bbaaae00e21ae29ea1371740691a49debb4f18,2024-05-06T05:15:07.083000
CVE-2024-4518,0,0,560593b63b163371401bb7602a5e3fbed496cd72cc97d4f3d14609af6817728c,2024-05-06T04:15:07.487000
CVE-2024-4519,0,0,2a79b3eb95e2c3a2767de7388481f1453382c2f0796b6cb7f352417448f0808c,2024-05-06T04:15:07.997000
CVE-2024-4521,0,0,9658e5cf99e04dd5586315713e05e3d850ce098c57178665ca4ba6d6b2e58a64,2024-05-06T05:15:06.447000
CVE-2024-4522,0,0,7bdcd36b7695661d67670f012f4c81bf65f3c46e18707bbd3e7e86e8f99867aa,2024-05-06T05:15:06.807000
CVE-2024-4523,0,0,fc6543bd7eda088751563f03d4bbaaae00e21ae29ea1371740691a49debb4f18,2024-05-06T05:15:07.083000
CVE-2024-4524,1,1,38cb46fe98151aa43fe2730b6eddf3b55b5b0e25ecec952823268565abd540dd,2024-05-06T06:15:07.257000
CVE-2024-4525,1,1,7a33147f5fa7b44b9eac4eed83ef36fe47e925a2181eb2fbd293d897b87fcc54,2024-05-06T06:15:07.663000
CVE-2024-4526,1,1,81947aca9fb09c7aa44c914492c86c6841d3c7a92d91963a5531bcae5c06b1aa,2024-05-06T06:15:08.107000
CVE-2024-4527,1,1,82b8c1fe091562880be111a3ac168f700620c9c8b726288b1f4290c26bb16086,2024-05-06T06:15:08.497000
CVE-2024-4528,1,1,11fe5473a1af10879558be293d9b6bf35f72de7a7b13306a34909f46872ffdda,2024-05-06T07:15:07.960000

Can't render this file because it is too large.