Auto-Update: 2023-10-14T14:00:24.873392+00:00

2025-07-09 16:05:11 +00:00 · 2023-10-14 14:00:28 +00:00 · 2023-10-14 14:00:28 +00:00 · 9213f4aed2
commit 9213f4aed2
parent 65efaf42a7
6 changed files with 338 additions and 11 deletions
--- a/CVE-2023/CVE-2023-12xx/CVE-2023-1259.json
+++ b/CVE-2023/CVE-2023-12xx/CVE-2023-1259.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-1259",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-10-14T12:15:09.897",
+  "lastModified": "2023-10-14T12:15:09.897",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Hotjar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the hotjar_site_id in versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.3,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/hotjar/tags/1.0.14/includes/class-hotjar.php#L40",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9c640bcb-b6bf-4865-b713-32ca846e4ed9?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-49xx/CVE-2023-4911.json
+++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4911.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-4911",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2023-10-03T18:15:10.463",
-  "lastModified": "2023-10-14T00:15:10.243",
+  "lastModified": "2023-10-14T12:15:10.007",
  "vulnStatus": "Undergoing Analysis",
  "descriptions": [
    {
@ -174,6 +174,10 @@
      "url": "http://www.openwall.com/lists/oss-security/2023/10/13/11",
      "source": "secalert@redhat.com"
    },
+    {
+      "url": "http://www.openwall.com/lists/oss-security/2023/10/14/3",
+      "source": "secalert@redhat.com"
+    },
    {
      "url": "https://access.redhat.com/errata/RHSA-2023:5453",
      "source": "secalert@redhat.com",
--- a/CVE-2023/CVE-2023-55xx/CVE-2023-5579.json
+++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5579.json
@ -0,0 +1,88 @@
+{
+  "id": "CVE-2023-5579",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2023-10-14T12:15:10.277",
+  "lastModified": "2023-10-14T12:15:10.277",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in yhz66 Sandbox 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /im/user/ of the component User Data Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-242144."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 3.5,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 1.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
+          "accessVector": "ADJACENT_NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 2.7
+        },
+        "baseSeverity": "LOW",
+        "exploitabilityScore": 5.1,
+        "impactScore": 2.9,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-200"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/cojoben/Sendbox/blob/main/README.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.242144",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.242144",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-55xx/CVE-2023-5580.json
+++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5580.json
@ -0,0 +1,88 @@
+{
+  "id": "CVE-2023-5580",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2023-10-14T12:15:10.353",
+  "lastModified": "2023-10-14T12:15:10.353",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability classified as critical has been found in SourceCodester Library System 1.0. This affects an unknown part of the file index.php. The manipulation of the argument category leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-242145 was assigned to this vulnerability."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL",
+          "baseScore": 6.5
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/GodRone/CVE/blob/main/SerBermz_SQL%20injection.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.242145",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.242145",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-55xx/CVE-2023-5581.json
+++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5581.json
@ -0,0 +1,88 @@
+{
+  "id": "CVE-2023-5581",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2023-10-14T13:15:09.743",
+  "lastModified": "2023-10-14T13:15:09.743",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability classified as problematic was found in SourceCodester Medicine Tracker System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-242146 is the identifier assigned to this vulnerability."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 3.5,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 1.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.0
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 2.9,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/GodRone/MedicineTrackerSystem/blob/main/Medicine%20Tracker%20System_XSS.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.242146",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.242146",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-10-14T12:00:24.611700+00:00
+2023-10-14T14:00:24.873392+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-10-14T11:15:45.800000+00:00
+2023-10-14T13:15:09.743000+00:00
 ```

 ### Last Data Feed Release
@ -29,24 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-227797
+227801
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `5`
+Recently added CVEs: `4`

-* [CVE-2023-42663](CVE-2023/CVE-2023-426xx/CVE-2023-42663.json) (`2023-10-14T10:15:09.940`)
-* [CVE-2023-42780](CVE-2023/CVE-2023-427xx/CVE-2023-42780.json) (`2023-10-14T10:15:10.303`)
-* [CVE-2023-42792](CVE-2023/CVE-2023-427xx/CVE-2023-42792.json) (`2023-10-14T10:15:10.377`)
-* [CVE-2023-45348](CVE-2023/CVE-2023-453xx/CVE-2023-45348.json) (`2023-10-14T10:15:10.473`)
-* [CVE-2023-5578](CVE-2023/CVE-2023-55xx/CVE-2023-5578.json) (`2023-10-14T11:15:45.800`)
+* [CVE-2023-1259](CVE-2023/CVE-2023-12xx/CVE-2023-1259.json) (`2023-10-14T12:15:09.897`)
+* [CVE-2023-5579](CVE-2023/CVE-2023-55xx/CVE-2023-5579.json) (`2023-10-14T12:15:10.277`)
+* [CVE-2023-5580](CVE-2023/CVE-2023-55xx/CVE-2023-5580.json) (`2023-10-14T12:15:10.353`)
+* [CVE-2023-5581](CVE-2023/CVE-2023-55xx/CVE-2023-5581.json) (`2023-10-14T13:15:09.743`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `1`

+* [CVE-2023-4911](CVE-2023/CVE-2023-49xx/CVE-2023-4911.json) (`2023-10-14T12:15:10.007`)


 ## Download and Usage