Auto-Update: 2024-09-14T10:00:16.626984+00:00

2025-07-09 16:05:11 +00:00 · 2024-09-14 10:03:15 +00:00 · 2024-09-14 10:03:15 +00:00 · 88281040e7
commit 88281040e7
parent 91d9a26977
3 changed files with 70 additions and 5 deletions
--- a/CVE-2023/CVE-2023-34xx/CVE-2023-3410.json
+++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3410.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2023-3410",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-09-14T09:15:01.943",
+  "lastModified": "2024-09-14T09:15:01.943",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the Bricks Builder (admin-only by default), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This becomes more of an issue when Bricks Builder access is granted to lower-privileged users."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://bricksbuilder.io/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://bricksbuilder.io/release/bricks-1-10-2/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ba5e93a2-8f42-4747-86fa-297ba709be8f?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-09-14T08:00:17.813320+00:00
+2024-09-14T10:00:16.626984+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-09-14T06:15:10.317000+00:00
+2024-09-14T09:15:01.943000+00:00
 ```

 ### Last Data Feed Release
@ -33,14 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-262877
+262878
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `1`

- [CVE-2024-8797](CVE-2024/CVE-2024-87xx/CVE-2024-8797.json) (`2024-09-14T06:15:10.317`)
+- [CVE-2023-3410](CVE-2023/CVE-2023-34xx/CVE-2023-3410.json) (`2024-09-14T09:15:01.943`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -225785,6 +225785,7 @@ CVE-2023-34096,0,0,a7690eebb3bc64442760da7ed701080c41f77033ae0b34a6a91f6ad0d81a8
 CVE-2023-34097,0,0,6b29394d3580120fb1a7c5a38fea249ce4a1b763c7ea32f4e7dbc5873a1f9df0,2023-06-13T17:20:19.417000
 CVE-2023-34098,0,0,c5a8a91b34b516e94baaf6097a90812d9e70f98fadfec216f20d24e25a701dac,2023-07-05T16:25:47.773000
 CVE-2023-34099,0,0,b1df5159c8920200f27f31c41b92b0fb6d8023282833687e4a7aa665b6253580,2023-07-06T15:58:20.110000
+CVE-2023-3410,1,1,e7258aeff834b2e4f769e24669697fc805681e4531bc5919e5fe89fa4d241327,2024-09-14T09:15:01.943000
 CVE-2023-34100,0,0,cc7ac8fd6507b425cd5f13b9db4c9315fd8649bbd1eef955b75034313ab8f832,2023-06-21T13:18:46.317000
 CVE-2023-34101,0,0,67b3988a94e482e2776cf4a140651f0ee77d4af4cf7aa6a15d2f30b3cfc85f3d,2023-06-23T18:18:09.143000
 CVE-2023-34102,0,0,1e279c26e0db6ec4921dd6d242f20193d8a0dd467559b3603450b2787a808fab,2023-06-12T16:46:32.247000
@ -262875,4 +262876,4 @@ CVE-2024-8775,0,0,9c7a2c7607df17819648d9553bf2e2c7ee01c28f4d5223eb962d1525c11206
 CVE-2024-8782,0,0,501c3b3a165d141bbc3bb94c461ca06a9bef3c326910611a1048598228ce7cef,2024-09-13T18:15:07.920000
 CVE-2024-8783,0,0,3a34098c67c08db9d3236f30ec7f0369a15c553a22b6b91542612c74c80835bf,2024-09-13T19:15:18.120000
 CVE-2024-8784,0,0,b8f4f74d0f03db496bcb727221454329f3d27fa057332e76fa82e85a162fa5a3,2024-09-13T19:15:18.430000
-CVE-2024-8797,1,1,9c7380573af7584cf03ebc8b592e2f905402a3fdd9e0a5174462ab620b83641c,2024-09-14T06:15:10.317000
+CVE-2024-8797,0,0,9c7380573af7584cf03ebc8b592e2f905402a3fdd9e0a5174462ab620b83641c,2024-09-14T06:15:10.317000