From a7dfcb47a28ac0ca0be01344a08715d472c3e0b8 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 16 Aug 2023 12:00:32 +0000 Subject: [PATCH] Auto-Update: 2023-08-16T12:00:29.517485+00:00 --- CVE-2023/CVE-2023-304xx/CVE-2023-30473.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-307xx/CVE-2023-30779.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-307xx/CVE-2023-30782.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-307xx/CVE-2023-30784.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-307xx/CVE-2023-30785.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-307xx/CVE-2023-30786.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-308xx/CVE-2023-30871.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-42xx/CVE-2023-4241.json | 55 +++++++++++++++++++++ README.md | 28 +++++------ 9 files changed, 453 insertions(+), 15 deletions(-) create mode 100644 CVE-2023/CVE-2023-304xx/CVE-2023-30473.json create mode 100644 CVE-2023/CVE-2023-307xx/CVE-2023-30779.json create mode 100644 CVE-2023/CVE-2023-307xx/CVE-2023-30782.json create mode 100644 CVE-2023/CVE-2023-307xx/CVE-2023-30784.json create mode 100644 CVE-2023/CVE-2023-307xx/CVE-2023-30785.json create mode 100644 CVE-2023/CVE-2023-307xx/CVE-2023-30786.json create mode 100644 CVE-2023/CVE-2023-308xx/CVE-2023-30871.json create mode 100644 CVE-2023/CVE-2023-42xx/CVE-2023-4241.json diff --git a/CVE-2023/CVE-2023-304xx/CVE-2023-30473.json b/CVE-2023/CVE-2023-304xx/CVE-2023-30473.json new file mode 100644 index 00000000000..c04ae70d84a --- /dev/null +++ b/CVE-2023/CVE-2023-304xx/CVE-2023-30473.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30473", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-08-16T10:15:18.813", + "lastModified": "2023-08-16T10:15:18.813", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maxim Glazunov YML for Yandex Market plugin <=\u00a03.10.7 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/yml-for-yandex-market/wordpress-yml-for-yandex-market-plugin-3-10-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30779.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30779.json new file mode 100644 index 00000000000..6e42f6aec42 --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30779.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30779", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-08-16T11:15:10.617", + "lastModified": "2023-08-16T11:15:10.617", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jonathan Daggerhart Query Wrangler plugin <=\u00a01.5.51 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/query-wrangler/wordpress-query-wrangler-plugin-1-5-51-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30782.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30782.json new file mode 100644 index 00000000000..8fc81f13cca --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30782.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30782", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-08-16T10:15:20.897", + "lastModified": "2023-08-16T10:15:20.897", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <=\u00a03.7.5 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-3-7-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30784.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30784.json new file mode 100644 index 00000000000..ce0ce61469b --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30784.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30784", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-08-16T10:15:21.073", + "lastModified": "2023-08-16T10:15:21.073", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kaya Studio Kaya QR Code Generator plugin <=\u00a01.5.2 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/kaya-qr-code-generator/wordpress-kaya-qr-code-generator-plugin-1-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30785.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30785.json new file mode 100644 index 00000000000..8354d7f943f --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30785.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30785", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-08-16T10:15:21.230", + "lastModified": "2023-08-16T10:15:21.230", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Video Grid plugin <=\u00a01.21 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/video-grid/wordpress-video-grid-plugin-1-21-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30786.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30786.json new file mode 100644 index 00000000000..174170d43e2 --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30786.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30786", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-08-16T10:15:21.380", + "lastModified": "2023-08-16T10:15:21.380", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Benjamin Guy Captcha Them All plugin <=\u00a01.3.3 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/captcha-them-all/wordpress-captcha-them-all-plugin-1-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30871.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30871.json new file mode 100644 index 00000000000..04a9162a628 --- /dev/null +++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30871.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-30871", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-08-16T11:15:11.100", + "lastModified": "2023-08-16T11:15:11.100", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PT Woo Plugins (by Webdados) Stock Exporter for WooCommerce plugin <=\u00a01.1.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/stock-exporter-for-woocommerce/wordpress-stock-exporter-for-woocommerce-plugin-1-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4241.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4241.json new file mode 100644 index 00000000000..1f0b17ff53f --- /dev/null +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4241.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4241", + "sourceIdentifier": "cna@cloudflare.com", + "published": "2023-08-16T11:15:11.377", + "lastModified": "2023-08-16T11:15:11.377", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@cloudflare.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cna@cloudflare.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/cloudflare/lol-html/security/advisories/GHSA-c3x7-354f-4p2x", + "source": "cna@cloudflare.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 18676a00516..38d02094b51 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-16T10:00:30.633672+00:00 +2023-08-16T12:00:29.517485+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-16T09:15:11.793000+00:00 +2023-08-16T11:15:11.377000+00:00 ``` ### Last Data Feed Release @@ -29,29 +29,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -222771 +222779 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `8` -* [CVE-2023-39507](CVE-2023/CVE-2023-395xx/CVE-2023-39507.json) (`2023-08-16T09:15:11.793`) +* [CVE-2023-30473](CVE-2023/CVE-2023-304xx/CVE-2023-30473.json) (`2023-08-16T10:15:18.813`) +* [CVE-2023-30782](CVE-2023/CVE-2023-307xx/CVE-2023-30782.json) (`2023-08-16T10:15:20.897`) +* [CVE-2023-30784](CVE-2023/CVE-2023-307xx/CVE-2023-30784.json) (`2023-08-16T10:15:21.073`) +* [CVE-2023-30785](CVE-2023/CVE-2023-307xx/CVE-2023-30785.json) (`2023-08-16T10:15:21.230`) +* [CVE-2023-30786](CVE-2023/CVE-2023-307xx/CVE-2023-30786.json) (`2023-08-16T10:15:21.380`) +* [CVE-2023-30779](CVE-2023/CVE-2023-307xx/CVE-2023-30779.json) (`2023-08-16T11:15:10.617`) +* [CVE-2023-30871](CVE-2023/CVE-2023-308xx/CVE-2023-30871.json) (`2023-08-16T11:15:11.100`) +* [CVE-2023-4241](CVE-2023/CVE-2023-42xx/CVE-2023-4241.json) (`2023-08-16T11:15:11.377`) ### CVEs modified in the last Commit -Recently modified CVEs: `9` +Recently modified CVEs: `0` -* [CVE-2023-2330](CVE-2023/CVE-2023-23xx/CVE-2023-2330.json) (`2023-08-16T08:15:39.860`) -* [CVE-2023-2886](CVE-2023/CVE-2023-28xx/CVE-2023-2886.json) (`2023-08-16T08:15:40.977`) -* [CVE-2023-2959](CVE-2023/CVE-2023-29xx/CVE-2023-2959.json) (`2023-08-16T08:15:41.177`) -* [CVE-2023-35067](CVE-2023/CVE-2023-350xx/CVE-2023-35067.json) (`2023-08-16T08:15:41.300`) -* [CVE-2023-3446](CVE-2023/CVE-2023-34xx/CVE-2023-3446.json) (`2023-08-16T08:15:41.420`) -* [CVE-2023-3632](CVE-2023/CVE-2023-36xx/CVE-2023-3632.json) (`2023-08-16T08:15:41.550`) -* [CVE-2023-3653](CVE-2023/CVE-2023-36xx/CVE-2023-3653.json) (`2023-08-16T08:15:41.653`) -* [CVE-2023-3817](CVE-2023/CVE-2023-38xx/CVE-2023-3817.json) (`2023-08-16T08:15:41.760`) -* [CVE-2023-37581](CVE-2023/CVE-2023-375xx/CVE-2023-37581.json) (`2023-08-16T09:15:11.027`) ## Download and Usage