From be6a126dd97e959de2ae47527a3e7f00242bc121 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 3 Sep 2023 14:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-09-03T14:00:24.668166+00:00 --- CVE-2023/CVE-2023-383xx/CVE-2023-38387.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-384xx/CVE-2023-38476.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-384xx/CVE-2023-38482.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-385xx/CVE-2023-38516.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-385xx/CVE-2023-38517.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-385xx/CVE-2023-38518.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-385xx/CVE-2023-38521.json | 55 +++++++++++++++++++++ README.md | 18 ++++--- 8 files changed, 397 insertions(+), 6 deletions(-) create mode 100644 CVE-2023/CVE-2023-383xx/CVE-2023-38387.json create mode 100644 CVE-2023/CVE-2023-384xx/CVE-2023-38476.json create mode 100644 CVE-2023/CVE-2023-384xx/CVE-2023-38482.json create mode 100644 CVE-2023/CVE-2023-385xx/CVE-2023-38516.json create mode 100644 CVE-2023/CVE-2023-385xx/CVE-2023-38517.json create mode 100644 CVE-2023/CVE-2023-385xx/CVE-2023-38518.json create mode 100644 CVE-2023/CVE-2023-385xx/CVE-2023-38521.json diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38387.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38387.json new file mode 100644 index 00000000000..c48f5e7f312 --- /dev/null +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38387.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-38387", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-09-03T12:15:41.077", + "lastModified": "2023-09-03T12:15:41.077", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Elastic Email Sender plugin <=\u00a01.2.6 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/elastic-email-sender/wordpress-elastic-email-sender-plugin-1-2-6-cross-site-scripting-xss?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38476.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38476.json new file mode 100644 index 00000000000..3bfe02fde80 --- /dev/null +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38476.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-38476", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-09-03T12:15:42.053", + "lastModified": "2023-09-03T12:15:42.053", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SuiteDash :: ONE Dashboard\u00ae Client Portal : SuiteDash Direct Login plugin <=\u00a01.7.6 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/client-portal-suitedash-login/wordpress-client-portal-suitedash-direct-login-plugin-1-7-3-cross-site-scripting-xss?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38482.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38482.json new file mode 100644 index 00000000000..c635764f579 --- /dev/null +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38482.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-38482", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-09-03T12:15:42.140", + "lastModified": "2023-09-03T12:15:42.140", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QualityUnit Post Affiliate Pro plugin <=\u00a01.25.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/postaffiliatepro/wordpress-post-affiliate-pro-plugin-1-24-9-cross-site-scripting-xss?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38516.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38516.json new file mode 100644 index 00000000000..2772f53b74b --- /dev/null +++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38516.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-38516", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-09-03T12:15:42.227", + "lastModified": "2023-09-03T12:15:42.227", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WP OnlineSupport, Essential Plugin Audio Player with Playlist Ultimate plugin <=\u00a01.2.2 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/audio-player-with-playlist-ultimate/wordpress-audio-player-with-playlist-ultimate-plugin-1-2-2-cross-site-scripting-xss?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38517.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38517.json new file mode 100644 index 00000000000..b936381242a --- /dev/null +++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38517.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-38517", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-09-03T12:15:42.317", + "lastModified": "2023-09-03T12:15:42.317", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Realwebcare WRC Pricing Tables plugin <=\u00a02.3.7 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wrc-pricing-tables/wordpress-wrc-pricing-tables-plugin-2-3-4-cross-site-scripting-xss?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38518.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38518.json new file mode 100644 index 00000000000..e986dd38892 --- /dev/null +++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38518.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-38518", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-09-03T12:15:42.403", + "lastModified": "2023-09-03T12:15:42.403", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Visualmodo Borderless plugin <=\u00a01.4.8 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/borderless/wordpress-borderless-plugin-1-4-7-cross-site-scripting-xss?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38521.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38521.json new file mode 100644 index 00000000000..9da64106a98 --- /dev/null +++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38521.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-38521", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-09-03T12:15:42.483", + "lastModified": "2023-09-03T12:15:42.483", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Exifography plugin <=\u00a01.3.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/thesography/wordpress-exifography-plugin-1-3-1-cross-site-scripting-xss?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 1fe61a6ca3a..08b5729d7d0 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-02T22:00:24.976749+00:00 +2023-09-03T14:00:24.668166+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-02T20:15:07.413000+00:00 +2023-09-03T12:15:42.483000+00:00 ``` ### Last Data Feed Release @@ -23,20 +23,26 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-09-02T00:00:13.549287+00:00 +2023-09-03T00:00:13.565976+00:00 ``` ### Total Number of included CVEs ```plain -223955 +223962 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `7` -* [CVE-2023-4738](CVE-2023/CVE-2023-47xx/CVE-2023-4738.json) (`2023-09-02T20:15:07.413`) +* [CVE-2023-38387](CVE-2023/CVE-2023-383xx/CVE-2023-38387.json) (`2023-09-03T12:15:41.077`) +* [CVE-2023-38476](CVE-2023/CVE-2023-384xx/CVE-2023-38476.json) (`2023-09-03T12:15:42.053`) +* [CVE-2023-38482](CVE-2023/CVE-2023-384xx/CVE-2023-38482.json) (`2023-09-03T12:15:42.140`) +* [CVE-2023-38516](CVE-2023/CVE-2023-385xx/CVE-2023-38516.json) (`2023-09-03T12:15:42.227`) +* [CVE-2023-38517](CVE-2023/CVE-2023-385xx/CVE-2023-38517.json) (`2023-09-03T12:15:42.317`) +* [CVE-2023-38518](CVE-2023/CVE-2023-385xx/CVE-2023-38518.json) (`2023-09-03T12:15:42.403`) +* [CVE-2023-38521](CVE-2023/CVE-2023-385xx/CVE-2023-38521.json) (`2023-09-03T12:15:42.483`) ### CVEs modified in the last Commit