Auto-Update: 2024-09-21T10:00:17.307669+00:00

2025-07-11 16:13:34 +00:00 · 2024-09-21 10:03:18 +00:00 · 2024-09-21 10:03:18 +00:00 · c58f9d282c
commit c58f9d282c
parent 8ca30bea94
4 changed files with 223 additions and 7 deletions
--- a/CVE-2024/CVE-2024-86xx/CVE-2024-8680.json
+++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8680.json
@ -0,0 +1,72 @@
 {
  "id": "CVE-2024-8680",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-09-21T09:15:02.590",
  "lastModified": "2024-09-21T09:15:02.590",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@wordfence.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-80"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/ibericode/mailchimp-for-wordpress/blob/main/includes/views/parts/lists-overview-details.php",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://github.com/ibericode/mailchimp-for-wordpress/commit/60c6bfc260a7974f791af1d4ad4a032a3e0bdd3c",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/browser/mailchimp-for-wp/trunk/includes/views/parts/lists-overview-details.php",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3153075%40mailchimp-for-wp%2Ftrunk&old=3149806%40mailchimp-for-wp%2Ftrunk&sfp_email=&sfph_mail=",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aa464547-0380-4b91-a5ea-0cd9a66da7a7?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-90xx/CVE-2024-9048.json
+++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9048.json
@ -0,0 +1,141 @@
 {
  "id": "CVE-2024-9048",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2024-09-21T09:15:04.660",
  "lastModified": "2024-09-21T09:15:04.660",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability was found in y_project RuoYi up to 4.7.9. It has been declared as problematic. Affected by this vulnerability is the function SysUserServiceImpl of the file ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java of the component Backend User Import. The manipulation of the argument loginName leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The patch is named 9b68013b2af87b9c809c4637299abd929bc73510. It is recommended to apply a patch to fix this issue."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "attackRequirements": "NONE",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "vulnerableSystemConfidentiality": "NONE",
          "vulnerableSystemIntegrity": "LOW",
          "vulnerableSystemAvailability": "NONE",
          "subsequentSystemConfidentiality": "NONE",
          "subsequentSystemIntegrity": "NONE",
          "subsequentSystemAvailability": "NONE",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirements": "NOT_DEFINED",
          "integrityRequirements": "NOT_DEFINED",
          "availabilityRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
          "safety": "NOT_DEFINED",
          "automatable": "NOT_DEFINED",
          "recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM"
        }
      }
    ],
    "cvssMetricV31": [
      {
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 3.1,
          "baseSeverity": "LOW"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 1.4
      }
    ],
    "cvssMetricV2": [
      {
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "HIGH",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 2.6
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "cna@vuldb.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://gitee.com/y_project/RuoYi/commit/9b68013b2af87b9c809c4637299abd929bc73510",
      "source": "cna@vuldb.com"
    },
    {
      "url": "https://gitee.com/y_project/RuoYi/issues/IAR6Q3",
      "source": "cna@vuldb.com"
    },
    {
      "url": "https://gitee.com/y_project/RuoYi/issues/IAR6Q3#note_31993641_link",
      "source": "cna@vuldb.com"
    },
    {
      "url": "https://vuldb.com/?ctiid.278215",
      "source": "cna@vuldb.com"
    },
    {
      "url": "https://vuldb.com/?id.278215",
      "source": "cna@vuldb.com"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 ```plain
-2024-09-21T08:00:17.720594+00:00
+2024-09-21T10:00:17.307669+00:00
 ```
 ### Most recent CVE Modification Timestamp synchronized with NVD
 ```plain
-2024-09-21T06:15:02.330000+00:00
+2024-09-21T09:15:04.660000+00:00
 ```
 ### Last Data Feed Release
@ -33,20 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 ```plain
-263522
+263524
 ```
 ### CVEs added in the last Commit
-Recently added CVEs: `0`
+Recently added CVEs: `2`
 - [CVE-2024-8680](CVE-2024/CVE-2024-86xx/CVE-2024-8680.json) (`2024-09-21T09:15:02.590`)
 - [CVE-2024-9048](CVE-2024/CVE-2024-90xx/CVE-2024-9048.json) (`2024-09-21T09:15:04.660`)
 ### CVEs modified in the last Commit
-Recently modified CVEs: `1`
+Recently modified CVEs: `0`
 - [CVE-2024-27185](CVE-2024/CVE-2024-271xx/CVE-2024-27185.json) (`2024-09-21T06:15:02.330`)
 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -248118,7 +248118,7 @@ CVE-2024-27181,0,0,21e26148840b13fc3c6737fbae62d8da3122fe005206d34756c4a69e36306
 CVE-2024-27182,0,0,3745db63e259cb2e1fbe54f15ae0e0f8afab0bc93a91d91e5de7d932d84971e0,2024-08-16T16:55:10.923000
 CVE-2024-27183,0,0,73875a696a64d9ddbd95175557e5ab869a14de50e9906db42e11184efe06e929,2024-07-12T17:13:30.700000
 CVE-2024-27184,0,0,d27258a08ec723a941addb4bb2a2c30ae14dda17a55ede0aef2dc950361ddede,2024-08-21T12:30:33.697000
-CVE-2024-27185,0,1,d6e64a73dec8fb116f5bde2ae739cbe723482fbf59c925ca706ccfea64eb953c,2024-09-21T06:15:02.330000
+CVE-2024-27185,0,0,d6e64a73dec8fb116f5bde2ae739cbe723482fbf59c925ca706ccfea64eb953c,2024-09-21T06:15:02.330000
 CVE-2024-27186,0,0,f7fe08e5f4b7d5180c79088df80bd67536777321be61e31aba4444583ba7c65a,2024-08-21T12:30:33.697000
 CVE-2024-27187,0,0,32158e2082b18c6d5d5bddb28bf354f8353016a3e995123bcfaff2f5ad6259ca,2024-08-21T12:30:33.697000
 CVE-2024-27188,0,0,def19a2058b71e528abca5da80971f2d008d715cb853d3ea2c84141e42391a01,2024-03-27T12:29:30.307000
@ -263410,6 +263410,7 @@ CVE-2024-8663,0,0,95df1e4ddd212aa242aadc3c7cf5dbe906cc5735393ec0be59f396093ac78f
 CVE-2024-8664,0,0,2555823c9f06fc746960b11f9d47a03631001b4434e03f9cf5f8083f2818653d,2024-09-13T14:06:04.777000
 CVE-2024-8665,0,0,09ab15f5f9bd70753d6f594bff7ff364c9764fb90e308cd08c47d778b9a8291f,2024-09-13T14:06:04.777000
 CVE-2024-8669,0,0,4012df98e02ac5b9e6718466b80370dcc6e97ff4393f6afedefd27e9f80bb4ac,2024-09-14T11:47:14.677000
 CVE-2024-8680,1,1,b331324c2577289b77cd963c7051c5c6908a6bc3843fbe5a7cad425c09bae8a9,2024-09-21T09:15:02.590000
 CVE-2024-8686,0,0,ede88dcdbc0e792bd803e1f16895e5a739a1631453b49ef7e6a4fb82c32bd0dd,2024-09-12T12:35:54.013000
 CVE-2024-8687,0,0,113cfff3abfee2dabf4872656a1085a998928e6c5f0a4785deb63af7b2621db8,2024-09-12T12:35:54.013000
 CVE-2024-8688,0,0,622feee60e16c8839b74efa94c0181d710fda4c1e7dbcb6de36b0dc3a1f1b61b,2024-09-12T12:35:54.013000
@ -263521,3 +263522,4 @@ CVE-2024-9039,0,0,087cac0290e47165349fcc9b25a216fd7a16ea1bb358d6d78a77dd7b638c92
 CVE-2024-9040,0,0,b2e6ba9f70727fa0a7ad666e492a886dd19e8c26da377d2d82938ce54a27f8e4,2024-09-20T17:15:15.240000
 CVE-2024-9041,0,0,9b2bb47050dcdd44edd27fd4fde021bb936ec7198fce2f08f9ad2c86bf8bcde4,2024-09-20T17:15:15.507000
 CVE-2024-9043,0,0,8dd475426653f7d07aa5f325730a5d6c66debac84ef1209cdf6fa14cde3c264c,2024-09-20T12:30:17.483000
 CVE-2024-9048,1,1,913e9b0e4b91d6981c8b5bd62134205df1942a32410b4410b939157a5d95c26c,2024-09-21T09:15:04.660000