From dbf4777414106e8765c02d42e190c0006c75758c Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 15 Dec 2023 13:00:27 +0000 Subject: [PATCH] Auto-Update: 2023-12-15T13:00:24.024152+00:00 --- CVE-2023/CVE-2023-32xx/CVE-2023-3226.json | 4 +- CVE-2023/CVE-2023-332xx/CVE-2023-33217.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-332xx/CVE-2023-33218.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-332xx/CVE-2023-33219.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-332xx/CVE-2023-33220.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-332xx/CVE-2023-33221.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-332xx/CVE-2023-33222.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-458xx/CVE-2023-45866.json | 8 ++- CVE-2023/CVE-2023-470xx/CVE-2023-47064.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-470xx/CVE-2023-47065.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48440.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48441.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48442.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48443.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48444.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48445.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48446.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48447.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48448.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48449.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48450.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48451.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48452.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48453.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48454.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48455.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48456.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48457.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48458.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48459.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48460.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48461.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48462.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48463.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48464.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48465.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48466.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48467.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48468.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48469.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48470.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48471.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48472.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48473.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48474.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48475.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48476.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48477.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48478.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48479.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48480.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48481.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48482.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48483.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48484.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48485.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48486.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48487.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48488.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48489.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48490.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48491.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48492.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48493.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48494.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48495.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48496.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48497.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48498.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-484xx/CVE-2023-48499.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48500.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48501.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48502.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48503.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48504.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48505.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48506.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48507.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48508.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48509.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48510.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48511.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48512.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48513.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48514.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48515.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48516.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48517.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48518.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48519.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48520.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48521.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48522.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48523.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48524.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48525.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48526.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48527.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48528.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48529.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48530.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48531.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48532.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48533.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48534.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48535.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48536.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48537.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48538.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48539.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48540.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48541.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48542.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48543.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48544.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48545.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48546.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48547.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48548.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48549.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48550.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48551.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48552.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48553.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48554.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48555.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48556.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48557.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48558.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48559.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48560.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48561.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48562.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48563.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48564.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48565.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48566.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48567.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48568.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48569.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48570.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48571.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48572.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48573.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48574.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48575.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48576.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48577.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48578.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48579.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48580.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48581.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48582.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48583.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48584.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48585.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48586.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48587.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48588.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48589.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48590.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48591.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48592.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48593.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48594.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48595.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48596.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48597.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48598.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-485xx/CVE-2023-48599.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-486xx/CVE-2023-48600.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-486xx/CVE-2023-48601.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-486xx/CVE-2023-48602.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-486xx/CVE-2023-48603.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-486xx/CVE-2023-48604.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-486xx/CVE-2023-48605.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-486xx/CVE-2023-48606.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-486xx/CVE-2023-48607.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-486xx/CVE-2023-48608.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-486xx/CVE-2023-48609.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-486xx/CVE-2023-48610.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-486xx/CVE-2023-48611.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-486xx/CVE-2023-48612.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-486xx/CVE-2023-48613.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-486xx/CVE-2023-48614.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-486xx/CVE-2023-48615.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-486xx/CVE-2023-48616.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-486xx/CVE-2023-48617.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-486xx/CVE-2023-48618.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-486xx/CVE-2023-48619.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-486xx/CVE-2023-48620.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-486xx/CVE-2023-48621.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-486xx/CVE-2023-48622.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-486xx/CVE-2023-48623.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-486xx/CVE-2023-48624.json | 55 +++++++++++++++++ CVE-2023/CVE-2023-65xx/CVE-2023-6553.json | 67 +++++++++++++++++++++ CVE-2023/CVE-2023-68xx/CVE-2023-6839.json | 55 +++++++++++++++++ README.md | 61 +++++++++++-------- 198 files changed, 10780 insertions(+), 30 deletions(-) create mode 100644 CVE-2023/CVE-2023-332xx/CVE-2023-33217.json create mode 100644 CVE-2023/CVE-2023-332xx/CVE-2023-33218.json create mode 100644 CVE-2023/CVE-2023-332xx/CVE-2023-33219.json create mode 100644 CVE-2023/CVE-2023-332xx/CVE-2023-33220.json create mode 100644 CVE-2023/CVE-2023-332xx/CVE-2023-33221.json create mode 100644 CVE-2023/CVE-2023-332xx/CVE-2023-33222.json create mode 100644 CVE-2023/CVE-2023-470xx/CVE-2023-47064.json create mode 100644 CVE-2023/CVE-2023-470xx/CVE-2023-47065.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48440.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48441.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48442.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48443.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48444.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48445.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48446.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48447.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48448.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48449.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48450.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48451.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48452.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48453.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48454.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48455.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48456.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48457.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48458.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48459.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48460.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48461.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48462.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48463.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48464.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48465.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48466.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48467.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48468.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48469.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48470.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48471.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48472.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48473.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48474.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48475.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48476.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48477.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48478.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48479.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48480.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48481.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48482.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48483.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48484.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48485.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48486.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48487.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48488.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48489.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48490.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48491.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48492.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48493.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48494.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48495.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48496.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48497.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48498.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48499.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48500.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48501.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48502.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48503.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48504.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48505.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48506.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48507.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48508.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48509.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48510.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48511.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48512.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48513.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48514.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48515.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48516.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48517.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48518.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48519.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48520.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48521.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48522.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48523.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48524.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48525.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48526.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48527.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48528.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48529.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48530.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48531.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48532.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48533.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48534.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48535.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48536.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48537.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48538.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48539.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48540.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48541.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48542.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48543.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48544.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48545.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48546.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48547.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48548.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48549.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48550.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48551.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48552.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48553.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48554.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48555.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48556.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48557.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48558.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48559.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48560.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48561.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48562.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48563.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48564.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48565.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48566.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48567.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48568.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48569.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48570.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48571.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48572.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48573.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48574.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48575.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48576.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48577.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48578.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48579.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48580.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48581.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48582.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48583.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48584.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48585.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48586.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48587.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48588.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48589.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48590.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48591.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48592.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48593.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48594.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48595.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48596.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48597.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48598.json create mode 100644 CVE-2023/CVE-2023-485xx/CVE-2023-48599.json create mode 100644 CVE-2023/CVE-2023-486xx/CVE-2023-48600.json create mode 100644 CVE-2023/CVE-2023-486xx/CVE-2023-48601.json create mode 100644 CVE-2023/CVE-2023-486xx/CVE-2023-48602.json create mode 100644 CVE-2023/CVE-2023-486xx/CVE-2023-48603.json create mode 100644 CVE-2023/CVE-2023-486xx/CVE-2023-48604.json create mode 100644 CVE-2023/CVE-2023-486xx/CVE-2023-48605.json create mode 100644 CVE-2023/CVE-2023-486xx/CVE-2023-48606.json create mode 100644 CVE-2023/CVE-2023-486xx/CVE-2023-48607.json create mode 100644 CVE-2023/CVE-2023-486xx/CVE-2023-48608.json create mode 100644 CVE-2023/CVE-2023-486xx/CVE-2023-48609.json create mode 100644 CVE-2023/CVE-2023-486xx/CVE-2023-48610.json create mode 100644 CVE-2023/CVE-2023-486xx/CVE-2023-48611.json create mode 100644 CVE-2023/CVE-2023-486xx/CVE-2023-48612.json create mode 100644 CVE-2023/CVE-2023-486xx/CVE-2023-48613.json create mode 100644 CVE-2023/CVE-2023-486xx/CVE-2023-48614.json create mode 100644 CVE-2023/CVE-2023-486xx/CVE-2023-48615.json create mode 100644 CVE-2023/CVE-2023-486xx/CVE-2023-48616.json create mode 100644 CVE-2023/CVE-2023-486xx/CVE-2023-48617.json create mode 100644 CVE-2023/CVE-2023-486xx/CVE-2023-48618.json create mode 100644 CVE-2023/CVE-2023-486xx/CVE-2023-48619.json create mode 100644 CVE-2023/CVE-2023-486xx/CVE-2023-48620.json create mode 100644 CVE-2023/CVE-2023-486xx/CVE-2023-48621.json create mode 100644 CVE-2023/CVE-2023-486xx/CVE-2023-48622.json create mode 100644 CVE-2023/CVE-2023-486xx/CVE-2023-48623.json create mode 100644 CVE-2023/CVE-2023-486xx/CVE-2023-48624.json create mode 100644 CVE-2023/CVE-2023-65xx/CVE-2023-6553.json create mode 100644 CVE-2023/CVE-2023-68xx/CVE-2023-6839.json diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3226.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3226.json index c16f4fee9fc..12c41813520 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3226.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3226.json @@ -2,12 +2,12 @@ "id": "CVE-2023-3226", "sourceIdentifier": "contact@wpscan.com", "published": "2023-09-25T16:15:14.187", - "lastModified": "2023-11-07T04:18:15.467", + "lastModified": "2023-12-15T11:15:09.510", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "The Popup Builder WordPress plugin through 4.1.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." + "value": "The Popup Builder WordPress plugin before 4.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33217.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33217.json new file mode 100644 index 00000000000..87da0052292 --- /dev/null +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33217.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33217", + "sourceIdentifier": "a87f365f-9d39-4848-9b3a-58c7cae69cab", + "published": "2023-12-15T11:15:08.960", + "lastModified": "2023-12-15T11:15:08.960", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nBy abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent \ndenial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf", + "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33218.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33218.json new file mode 100644 index 00000000000..81360894d7b --- /dev/null +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33218.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33218", + "sourceIdentifier": "a87f365f-9d39-4848-9b3a-58c7cae69cab", + "published": "2023-12-15T12:15:43.317", + "lastModified": "2023-12-15T12:15:43.317", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\nThe Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. \nThis could potentially lead to a Remote Code execution on the targeted device.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf", + "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33219.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33219.json new file mode 100644 index 00000000000..0cba2bb4b96 --- /dev/null +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33219.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33219", + "sourceIdentifier": "a87f365f-9d39-4848-9b3a-58c7cae69cab", + "published": "2023-12-15T12:15:43.530", + "lastModified": "2023-12-15T12:15:43.530", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\n\n\nThe handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation \noperations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the \ntargeted device\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf", + "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33220.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33220.json new file mode 100644 index 00000000000..8211a69bada --- /dev/null +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33220.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33220", + "sourceIdentifier": "a87f365f-9d39-4848-9b3a-58c7cae69cab", + "published": "2023-12-15T12:15:43.733", + "lastModified": "2023-12-15T12:15:43.733", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\n\n\n\n\nDuring the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes \nto check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted \ndevice\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf", + "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33221.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33221.json new file mode 100644 index 00000000000..db10209916c --- /dev/null +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33221.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33221", + "sourceIdentifier": "a87f365f-9d39-4848-9b3a-58c7cae69cab", + "published": "2023-12-15T12:15:43.927", + "lastModified": "2023-12-15T12:15:43.927", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\n\n\n\n\n\n\nWhen reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying \ninternally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code \nExecution on the targeted device. This is especially problematic if you use Default DESFire key.\n\n\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf", + "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33222.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33222.json new file mode 100644 index 00000000000..07c265648e5 --- /dev/null +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33222.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-33222", + "sourceIdentifier": "a87f365f-9d39-4848-9b3a-58c7cae69cab", + "published": "2023-12-15T12:15:44.130", + "lastModified": "2023-12-15T12:15:44.130", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\n\n\n\n\n\n\nWhen handling contactless cards, usage of a specific function to get additional information from the card which doesn't \ncheck the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a \npotential Remote Code Execution on the targeted device\n\n\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf", + "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45866.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45866.json index 779010c45ad..e782fb0284c 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45866.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45866.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45866", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-08T06:15:45.690", - "lastModified": "2023-12-14T14:47:57.930", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-15T11:15:09.683", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -403,6 +403,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html", + "source": "cve@mitre.org" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47064.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47064.json new file mode 100644 index 00000000000..e55ea2bab1a --- /dev/null +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47064.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-47064", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:09.817", + "lastModified": "2023-12-15T11:15:09.817", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47065.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47065.json new file mode 100644 index 00000000000..5938b5125f8 --- /dev/null +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47065.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-47065", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:10.050", + "lastModified": "2023-12-15T11:15:10.050", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48440.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48440.json new file mode 100644 index 00000000000..3204f471295 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48440.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48440", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:10.260", + "lastModified": "2023-12-15T11:15:10.260", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48441.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48441.json new file mode 100644 index 00000000000..ecb5d6b7850 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48441.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48441", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:10.463", + "lastModified": "2023-12-15T11:15:10.463", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Access Control vulnerability. An attacker could leverage this vulnerability to achieve a low-confidentiality impact within the application. Exploitation of this issue does not require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48442.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48442.json new file mode 100644 index 00000000000..5f5505f8ce6 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48442.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48442", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:10.673", + "lastModified": "2023-12-15T11:15:10.673", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48443.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48443.json new file mode 100644 index 00000000000..df55b55c63a --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48443.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48443", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:10.870", + "lastModified": "2023-12-15T11:15:10.870", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48444.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48444.json new file mode 100644 index 00000000000..8e954a0e78d --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48444.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48444", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:11.080", + "lastModified": "2023-12-15T11:15:11.080", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48445.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48445.json new file mode 100644 index 00000000000..12ee6e49629 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48445.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48445", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:11.280", + "lastModified": "2023-12-15T11:15:11.280", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48446.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48446.json new file mode 100644 index 00000000000..fa90c506a9b --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48446.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48446", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:11.530", + "lastModified": "2023-12-15T11:15:11.530", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48447.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48447.json new file mode 100644 index 00000000000..4811fd43879 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48447.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48447", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:11.750", + "lastModified": "2023-12-15T11:15:11.750", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48448.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48448.json new file mode 100644 index 00000000000..acfdbec25eb --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48448.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48448", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:11.947", + "lastModified": "2023-12-15T11:15:11.947", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48449.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48449.json new file mode 100644 index 00000000000..b1b22f836c5 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48449.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48449", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:12.150", + "lastModified": "2023-12-15T11:15:12.150", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48450.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48450.json new file mode 100644 index 00000000000..386e2af9836 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48450.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48450", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:12.350", + "lastModified": "2023-12-15T11:15:12.350", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48451.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48451.json new file mode 100644 index 00000000000..c5b8b0d5268 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48451.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48451", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:12.550", + "lastModified": "2023-12-15T11:15:12.550", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48452.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48452.json new file mode 100644 index 00000000000..2703301e9a9 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48452.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48452", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:12.740", + "lastModified": "2023-12-15T11:15:12.740", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48453.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48453.json new file mode 100644 index 00000000000..0fceea33735 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48453.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48453", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:12.943", + "lastModified": "2023-12-15T11:15:12.943", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48454.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48454.json new file mode 100644 index 00000000000..10c81636d13 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48454.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48454", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:13.147", + "lastModified": "2023-12-15T11:15:13.147", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48455.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48455.json new file mode 100644 index 00000000000..153c3d0e71c --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48455.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48455", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:13.343", + "lastModified": "2023-12-15T11:15:13.343", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48456.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48456.json new file mode 100644 index 00000000000..d2502f55222 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48456.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48456", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:13.540", + "lastModified": "2023-12-15T11:15:13.540", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48457.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48457.json new file mode 100644 index 00000000000..cdb673bddd0 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48457.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48457", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:13.737", + "lastModified": "2023-12-15T11:15:13.737", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48458.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48458.json new file mode 100644 index 00000000000..18b74684b61 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48458.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48458", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:13.937", + "lastModified": "2023-12-15T11:15:13.937", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48459.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48459.json new file mode 100644 index 00000000000..3ecb253eaae --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48459.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48459", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:14.143", + "lastModified": "2023-12-15T11:15:14.143", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48460.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48460.json new file mode 100644 index 00000000000..4affbee8e80 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48460.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48460", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:14.337", + "lastModified": "2023-12-15T11:15:14.337", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48461.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48461.json new file mode 100644 index 00000000000..3b3cb9857c0 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48461.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48461", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:14.550", + "lastModified": "2023-12-15T11:15:14.550", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48462.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48462.json new file mode 100644 index 00000000000..312aa40c5cf --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48462.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48462", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:14.747", + "lastModified": "2023-12-15T11:15:14.747", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48463.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48463.json new file mode 100644 index 00000000000..1b7931850fb --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48463.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48463", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:14.947", + "lastModified": "2023-12-15T11:15:14.947", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48464.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48464.json new file mode 100644 index 00000000000..eb6e18f0979 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48464.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48464", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:15.150", + "lastModified": "2023-12-15T11:15:15.150", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48465.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48465.json new file mode 100644 index 00000000000..6fd50d7d8cf --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48465.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48465", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:15.350", + "lastModified": "2023-12-15T11:15:15.350", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48466.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48466.json new file mode 100644 index 00000000000..ef1df91be8c --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48466.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48466", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:15.560", + "lastModified": "2023-12-15T11:15:15.560", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48467.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48467.json new file mode 100644 index 00000000000..7947a0404db --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48467.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48467", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:15.763", + "lastModified": "2023-12-15T11:15:15.763", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48468.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48468.json new file mode 100644 index 00000000000..3b408d58a1e --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48468.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48468", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:15.960", + "lastModified": "2023-12-15T11:15:15.960", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48469.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48469.json new file mode 100644 index 00000000000..90ae6864c90 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48469.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48469", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:16.173", + "lastModified": "2023-12-15T11:15:16.173", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48470.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48470.json new file mode 100644 index 00000000000..5539d7fdceb --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48470.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48470", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:16.373", + "lastModified": "2023-12-15T11:15:16.373", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48471.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48471.json new file mode 100644 index 00000000000..544e810e8ed --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48471.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48471", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:16.610", + "lastModified": "2023-12-15T11:15:16.610", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48472.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48472.json new file mode 100644 index 00000000000..0d465f8279a --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48472.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48472", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:16.830", + "lastModified": "2023-12-15T11:15:16.830", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48473.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48473.json new file mode 100644 index 00000000000..1b7689d207d --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48473.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48473", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:17.037", + "lastModified": "2023-12-15T11:15:17.037", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48474.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48474.json new file mode 100644 index 00000000000..d62ace26894 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48474.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48474", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:17.243", + "lastModified": "2023-12-15T11:15:17.243", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48475.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48475.json new file mode 100644 index 00000000000..595c669ad45 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48475.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48475", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:17.447", + "lastModified": "2023-12-15T11:15:17.447", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48476.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48476.json new file mode 100644 index 00000000000..5dddcc42097 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48476.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48476", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:17.650", + "lastModified": "2023-12-15T11:15:17.650", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48477.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48477.json new file mode 100644 index 00000000000..cfbfc5f5ef8 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48477.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48477", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:17.843", + "lastModified": "2023-12-15T11:15:17.843", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48478.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48478.json new file mode 100644 index 00000000000..4e66c06adbd --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48478.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48478", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:18.040", + "lastModified": "2023-12-15T11:15:18.040", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48479.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48479.json new file mode 100644 index 00000000000..b14a9d3010e --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48479.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48479", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:18.240", + "lastModified": "2023-12-15T11:15:18.240", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48480.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48480.json new file mode 100644 index 00000000000..f708520aec0 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48480.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48480", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:18.433", + "lastModified": "2023-12-15T11:15:18.433", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48481.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48481.json new file mode 100644 index 00000000000..e23650325fc --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48481.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48481", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:18.633", + "lastModified": "2023-12-15T11:15:18.633", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48482.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48482.json new file mode 100644 index 00000000000..44eab8bd52f --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48482.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48482", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:18.827", + "lastModified": "2023-12-15T11:15:18.827", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48483.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48483.json new file mode 100644 index 00000000000..8c6fcb85f3b --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48483.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48483", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:19.017", + "lastModified": "2023-12-15T11:15:19.017", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48484.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48484.json new file mode 100644 index 00000000000..69e4fa5850b --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48484.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48484", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:19.220", + "lastModified": "2023-12-15T11:15:19.220", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48485.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48485.json new file mode 100644 index 00000000000..65ae41908fe --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48485.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48485", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:19.413", + "lastModified": "2023-12-15T11:15:19.413", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48486.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48486.json new file mode 100644 index 00000000000..b4d70269570 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48486.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48486", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:19.620", + "lastModified": "2023-12-15T11:15:19.620", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48487.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48487.json new file mode 100644 index 00000000000..d76d0de7861 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48487.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48487", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:19.817", + "lastModified": "2023-12-15T11:15:19.817", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48488.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48488.json new file mode 100644 index 00000000000..0a6ee7f0eaf --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48488.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48488", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:20.023", + "lastModified": "2023-12-15T11:15:20.023", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48489.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48489.json new file mode 100644 index 00000000000..af80a25f20c --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48489.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48489", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:20.233", + "lastModified": "2023-12-15T11:15:20.233", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48490.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48490.json new file mode 100644 index 00000000000..96b2b84d52b --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48490.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48490", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:20.450", + "lastModified": "2023-12-15T11:15:20.450", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48491.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48491.json new file mode 100644 index 00000000000..fa0b82d63d1 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48491.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48491", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:20.660", + "lastModified": "2023-12-15T11:15:20.660", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48492.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48492.json new file mode 100644 index 00000000000..4081b7c2abc --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48492.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48492", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:20.863", + "lastModified": "2023-12-15T11:15:20.863", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48493.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48493.json new file mode 100644 index 00000000000..0efa947f349 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48493.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48493", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:21.063", + "lastModified": "2023-12-15T11:15:21.063", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48494.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48494.json new file mode 100644 index 00000000000..8f3e45a86f5 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48494.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48494", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:21.260", + "lastModified": "2023-12-15T11:15:21.260", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48495.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48495.json new file mode 100644 index 00000000000..bf6764668d7 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48495.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48495", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:21.467", + "lastModified": "2023-12-15T11:15:21.467", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48496.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48496.json new file mode 100644 index 00000000000..dd5d712d167 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48496.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48496", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:21.667", + "lastModified": "2023-12-15T11:15:21.667", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48497.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48497.json new file mode 100644 index 00000000000..2f706ec7fc7 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48497.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48497", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:21.867", + "lastModified": "2023-12-15T11:15:21.867", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48498.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48498.json new file mode 100644 index 00000000000..f993030c571 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48498.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48498", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:22.073", + "lastModified": "2023-12-15T11:15:22.073", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48499.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48499.json new file mode 100644 index 00000000000..1a876563da4 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48499.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48499", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:22.290", + "lastModified": "2023-12-15T11:15:22.290", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48500.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48500.json new file mode 100644 index 00000000000..2b5dbdd1569 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48500.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48500", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:22.493", + "lastModified": "2023-12-15T11:15:22.493", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48501.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48501.json new file mode 100644 index 00000000000..3a8b733f3b3 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48501.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48501", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:22.687", + "lastModified": "2023-12-15T11:15:22.687", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48502.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48502.json new file mode 100644 index 00000000000..5b9ebafe9b4 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48502.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48502", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:22.887", + "lastModified": "2023-12-15T11:15:22.887", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48503.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48503.json new file mode 100644 index 00000000000..5b70c5bb381 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48503.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48503", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:23.083", + "lastModified": "2023-12-15T11:15:23.083", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48504.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48504.json new file mode 100644 index 00000000000..181a1cfb56d --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48504.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48504", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:23.280", + "lastModified": "2023-12-15T11:15:23.280", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48505.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48505.json new file mode 100644 index 00000000000..f8d2747b13c --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48505.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48505", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:23.480", + "lastModified": "2023-12-15T11:15:23.480", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48506.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48506.json new file mode 100644 index 00000000000..443cb5555ad --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48506.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48506", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:23.673", + "lastModified": "2023-12-15T11:15:23.673", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48507.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48507.json new file mode 100644 index 00000000000..549268d79f0 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48507.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48507", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:23.870", + "lastModified": "2023-12-15T11:15:23.870", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48508.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48508.json new file mode 100644 index 00000000000..c136eab3b07 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48508.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48508", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:24.063", + "lastModified": "2023-12-15T11:15:24.063", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48509.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48509.json new file mode 100644 index 00000000000..f1454f5fe0a --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48509.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48509", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:24.267", + "lastModified": "2023-12-15T11:15:24.267", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48510.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48510.json new file mode 100644 index 00000000000..a1746b0b97d --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48510.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48510", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:24.470", + "lastModified": "2023-12-15T11:15:24.470", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48511.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48511.json new file mode 100644 index 00000000000..dacb996d7a1 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48511.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48511", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:24.670", + "lastModified": "2023-12-15T11:15:24.670", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48512.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48512.json new file mode 100644 index 00000000000..adc7898243f --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48512.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48512", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:24.863", + "lastModified": "2023-12-15T11:15:24.863", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48513.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48513.json new file mode 100644 index 00000000000..93689692018 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48513.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48513", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:25.057", + "lastModified": "2023-12-15T11:15:25.057", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48514.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48514.json new file mode 100644 index 00000000000..f6ac3c5e48a --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48514.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48514", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:25.267", + "lastModified": "2023-12-15T11:15:25.267", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48515.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48515.json new file mode 100644 index 00000000000..6c871d6ea42 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48515.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48515", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:25.460", + "lastModified": "2023-12-15T11:15:25.460", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48516.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48516.json new file mode 100644 index 00000000000..4417764984c --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48516.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48516", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:25.677", + "lastModified": "2023-12-15T11:15:25.677", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48517.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48517.json new file mode 100644 index 00000000000..d4aef84f09b --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48517.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48517", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:25.880", + "lastModified": "2023-12-15T11:15:25.880", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48518.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48518.json new file mode 100644 index 00000000000..ad7ce097af1 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48518.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48518", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:26.090", + "lastModified": "2023-12-15T11:15:26.090", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48519.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48519.json new file mode 100644 index 00000000000..9db6be26cdb --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48519.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48519", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:26.293", + "lastModified": "2023-12-15T11:15:26.293", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48520.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48520.json new file mode 100644 index 00000000000..4e589c197c4 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48520.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48520", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:26.500", + "lastModified": "2023-12-15T11:15:26.500", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48521.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48521.json new file mode 100644 index 00000000000..291178b28b7 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48521.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48521", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:26.690", + "lastModified": "2023-12-15T11:15:26.690", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48522.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48522.json new file mode 100644 index 00000000000..5a7b4433490 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48522.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48522", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:26.947", + "lastModified": "2023-12-15T11:15:26.947", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48523.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48523.json new file mode 100644 index 00000000000..872f7566806 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48523.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48523", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:27.143", + "lastModified": "2023-12-15T11:15:27.143", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48524.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48524.json new file mode 100644 index 00000000000..e8b3b96b186 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48524.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48524", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:27.350", + "lastModified": "2023-12-15T11:15:27.350", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48525.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48525.json new file mode 100644 index 00000000000..be8accb1513 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48525.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48525", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:27.577", + "lastModified": "2023-12-15T11:15:27.577", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48526.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48526.json new file mode 100644 index 00000000000..9178d2f695f --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48526.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48526", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:27.810", + "lastModified": "2023-12-15T11:15:27.810", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48527.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48527.json new file mode 100644 index 00000000000..c4f7d30d70c --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48527.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48527", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:28.017", + "lastModified": "2023-12-15T11:15:28.017", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48528.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48528.json new file mode 100644 index 00000000000..2ba0b4269b5 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48528.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48528", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:28.210", + "lastModified": "2023-12-15T11:15:28.210", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48529.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48529.json new file mode 100644 index 00000000000..c6c58c0f0f5 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48529.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48529", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:28.410", + "lastModified": "2023-12-15T11:15:28.410", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48530.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48530.json new file mode 100644 index 00000000000..8aa0f1a9570 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48530.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48530", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:28.607", + "lastModified": "2023-12-15T11:15:28.607", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48531.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48531.json new file mode 100644 index 00000000000..b2308430ab4 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48531.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48531", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:28.810", + "lastModified": "2023-12-15T11:15:28.810", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48532.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48532.json new file mode 100644 index 00000000000..a0d7e63d4c5 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48532.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48532", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:28.997", + "lastModified": "2023-12-15T11:15:28.997", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48533.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48533.json new file mode 100644 index 00000000000..0d72cfc63a4 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48533.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48533", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:29.197", + "lastModified": "2023-12-15T11:15:29.197", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48534.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48534.json new file mode 100644 index 00000000000..6ec0486c85d --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48534.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48534", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:29.393", + "lastModified": "2023-12-15T11:15:29.393", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48535.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48535.json new file mode 100644 index 00000000000..211f34d71c5 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48535.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48535", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:29.600", + "lastModified": "2023-12-15T11:15:29.600", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48536.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48536.json new file mode 100644 index 00000000000..1755a9d8011 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48536.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48536", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:29.797", + "lastModified": "2023-12-15T11:15:29.797", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48537.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48537.json new file mode 100644 index 00000000000..03a829e2164 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48537.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48537", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:29.993", + "lastModified": "2023-12-15T11:15:29.993", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48538.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48538.json new file mode 100644 index 00000000000..a8fe67ef43f --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48538.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48538", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:30.193", + "lastModified": "2023-12-15T11:15:30.193", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48539.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48539.json new file mode 100644 index 00000000000..9f01bad3d53 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48539.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48539", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:30.417", + "lastModified": "2023-12-15T11:15:30.417", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48540.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48540.json new file mode 100644 index 00000000000..c8d8a90888a --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48540.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48540", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:30.633", + "lastModified": "2023-12-15T11:15:30.633", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48541.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48541.json new file mode 100644 index 00000000000..a4579a6ba0c --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48541.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48541", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:30.823", + "lastModified": "2023-12-15T11:15:30.823", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48542.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48542.json new file mode 100644 index 00000000000..476bb506a1a --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48542.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48542", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:31.010", + "lastModified": "2023-12-15T11:15:31.010", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48543.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48543.json new file mode 100644 index 00000000000..d23c29c9c57 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48543.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48543", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:31.210", + "lastModified": "2023-12-15T11:15:31.210", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48544.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48544.json new file mode 100644 index 00000000000..732555ad1ca --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48544.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48544", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:31.417", + "lastModified": "2023-12-15T11:15:31.417", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48545.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48545.json new file mode 100644 index 00000000000..3ba5cb949e8 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48545.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48545", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:31.617", + "lastModified": "2023-12-15T11:15:31.617", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48546.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48546.json new file mode 100644 index 00000000000..41d4a56cf47 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48546.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48546", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:31.813", + "lastModified": "2023-12-15T11:15:31.813", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48547.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48547.json new file mode 100644 index 00000000000..550c2008af3 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48547.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48547", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:32.023", + "lastModified": "2023-12-15T11:15:32.023", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48548.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48548.json new file mode 100644 index 00000000000..f3459b3c0b1 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48548.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48548", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:32.217", + "lastModified": "2023-12-15T11:15:32.217", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48549.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48549.json new file mode 100644 index 00000000000..a4e9881a98f --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48549.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48549", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:32.413", + "lastModified": "2023-12-15T11:15:32.413", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48550.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48550.json new file mode 100644 index 00000000000..b80f4eb09d9 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48550.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48550", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:32.627", + "lastModified": "2023-12-15T11:15:32.627", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48551.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48551.json new file mode 100644 index 00000000000..d007883433f --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48551.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48551", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:32.840", + "lastModified": "2023-12-15T11:15:32.840", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48552.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48552.json new file mode 100644 index 00000000000..3f8a47e76b4 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48552.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48552", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:33.037", + "lastModified": "2023-12-15T11:15:33.037", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48553.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48553.json new file mode 100644 index 00000000000..737318ef114 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48553.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48553", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:33.237", + "lastModified": "2023-12-15T11:15:33.237", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48554.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48554.json new file mode 100644 index 00000000000..ab397453dbf --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48554.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48554", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:33.437", + "lastModified": "2023-12-15T11:15:33.437", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48555.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48555.json new file mode 100644 index 00000000000..b59d1cebb8f --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48555.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48555", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:33.630", + "lastModified": "2023-12-15T11:15:33.630", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48556.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48556.json new file mode 100644 index 00000000000..99a6331e9f2 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48556.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48556", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:33.827", + "lastModified": "2023-12-15T11:15:33.827", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48557.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48557.json new file mode 100644 index 00000000000..14000519186 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48557.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48557", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:34.017", + "lastModified": "2023-12-15T11:15:34.017", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48558.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48558.json new file mode 100644 index 00000000000..70430c5f1cf --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48558.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48558", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:34.210", + "lastModified": "2023-12-15T11:15:34.210", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48559.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48559.json new file mode 100644 index 00000000000..91122d9b4d0 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48559.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48559", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:34.417", + "lastModified": "2023-12-15T11:15:34.417", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48560.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48560.json new file mode 100644 index 00000000000..10bafc3223f --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48560.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48560", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:34.613", + "lastModified": "2023-12-15T11:15:34.613", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48561.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48561.json new file mode 100644 index 00000000000..04a10f8e158 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48561.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48561", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:34.820", + "lastModified": "2023-12-15T11:15:34.820", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48562.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48562.json new file mode 100644 index 00000000000..c3766de6635 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48562.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48562", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:35.027", + "lastModified": "2023-12-15T11:15:35.027", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48563.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48563.json new file mode 100644 index 00000000000..810fe4643f6 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48563.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48563", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:35.227", + "lastModified": "2023-12-15T11:15:35.227", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48564.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48564.json new file mode 100644 index 00000000000..b68e21fa4a5 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48564.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48564", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:35.430", + "lastModified": "2023-12-15T11:15:35.430", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48565.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48565.json new file mode 100644 index 00000000000..4695eddf6c6 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48565.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48565", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:35.663", + "lastModified": "2023-12-15T11:15:35.663", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48566.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48566.json new file mode 100644 index 00000000000..f18c4e1e820 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48566.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48566", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:35.870", + "lastModified": "2023-12-15T11:15:35.870", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48567.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48567.json new file mode 100644 index 00000000000..daec3495ab9 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48567.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48567", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:36.063", + "lastModified": "2023-12-15T11:15:36.063", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48568.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48568.json new file mode 100644 index 00000000000..6e657e2d447 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48568.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48568", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:36.253", + "lastModified": "2023-12-15T11:15:36.253", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48569.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48569.json new file mode 100644 index 00000000000..9ca8a49066d --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48569.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48569", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:36.467", + "lastModified": "2023-12-15T11:15:36.467", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48570.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48570.json new file mode 100644 index 00000000000..9f68f46fedc --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48570.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48570", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:36.667", + "lastModified": "2023-12-15T11:15:36.667", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48571.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48571.json new file mode 100644 index 00000000000..bd37194baa3 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48571.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48571", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:36.867", + "lastModified": "2023-12-15T11:15:36.867", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48572.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48572.json new file mode 100644 index 00000000000..91c6e800b6b --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48572.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48572", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:37.123", + "lastModified": "2023-12-15T11:15:37.123", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48573.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48573.json new file mode 100644 index 00000000000..aa2bdebf357 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48573.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48573", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:37.317", + "lastModified": "2023-12-15T11:15:37.317", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48574.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48574.json new file mode 100644 index 00000000000..7b1db19177f --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48574.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48574", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:37.517", + "lastModified": "2023-12-15T11:15:37.517", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48575.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48575.json new file mode 100644 index 00000000000..661fd460d5c --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48575.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48575", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:37.720", + "lastModified": "2023-12-15T11:15:37.720", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48576.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48576.json new file mode 100644 index 00000000000..2e0fef3be3a --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48576.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48576", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:37.960", + "lastModified": "2023-12-15T11:15:37.960", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48577.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48577.json new file mode 100644 index 00000000000..599b4086b57 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48577.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48577", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:38.163", + "lastModified": "2023-12-15T11:15:38.163", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48578.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48578.json new file mode 100644 index 00000000000..52f256d3fe6 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48578.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48578", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:38.360", + "lastModified": "2023-12-15T11:15:38.360", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48579.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48579.json new file mode 100644 index 00000000000..e82fc476918 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48579.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48579", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:38.567", + "lastModified": "2023-12-15T11:15:38.567", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48580.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48580.json new file mode 100644 index 00000000000..09a83fac6a2 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48580.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48580", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:38.760", + "lastModified": "2023-12-15T11:15:38.760", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48581.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48581.json new file mode 100644 index 00000000000..1963f08e0b6 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48581.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48581", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:38.953", + "lastModified": "2023-12-15T11:15:38.953", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48582.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48582.json new file mode 100644 index 00000000000..a7b828ec06e --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48582.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48582", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:39.150", + "lastModified": "2023-12-15T11:15:39.150", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48583.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48583.json new file mode 100644 index 00000000000..39b4ab74f68 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48583.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48583", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:39.343", + "lastModified": "2023-12-15T11:15:39.343", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48584.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48584.json new file mode 100644 index 00000000000..ad5895f0e4e --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48584.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48584", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:39.540", + "lastModified": "2023-12-15T11:15:39.540", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48585.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48585.json new file mode 100644 index 00000000000..00acfd6d438 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48585.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48585", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:39.760", + "lastModified": "2023-12-15T11:15:39.760", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48586.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48586.json new file mode 100644 index 00000000000..809554b6ae8 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48586.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48586", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:39.947", + "lastModified": "2023-12-15T11:15:39.947", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48587.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48587.json new file mode 100644 index 00000000000..e2ea513f8a6 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48587.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48587", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:40.143", + "lastModified": "2023-12-15T11:15:40.143", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48588.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48588.json new file mode 100644 index 00000000000..2b09a5bd8da --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48588.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48588", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:40.330", + "lastModified": "2023-12-15T11:15:40.330", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48589.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48589.json new file mode 100644 index 00000000000..4db95cf551f --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48589.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48589", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:40.540", + "lastModified": "2023-12-15T11:15:40.540", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48590.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48590.json new file mode 100644 index 00000000000..980add3d084 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48590.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48590", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:40.747", + "lastModified": "2023-12-15T11:15:40.747", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48591.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48591.json new file mode 100644 index 00000000000..a89ae1109a9 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48591.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48591", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:40.953", + "lastModified": "2023-12-15T11:15:40.953", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48592.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48592.json new file mode 100644 index 00000000000..22bdb366bd5 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48592.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48592", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:41.157", + "lastModified": "2023-12-15T11:15:41.157", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48593.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48593.json new file mode 100644 index 00000000000..a0d93715c97 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48593.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48593", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:41.347", + "lastModified": "2023-12-15T11:15:41.347", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48594.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48594.json new file mode 100644 index 00000000000..538ce0ee066 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48594.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48594", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:41.557", + "lastModified": "2023-12-15T11:15:41.557", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48595.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48595.json new file mode 100644 index 00000000000..479e75b68ef --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48595.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48595", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:41.750", + "lastModified": "2023-12-15T11:15:41.750", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48596.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48596.json new file mode 100644 index 00000000000..30aa8ba65c1 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48596.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48596", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:41.950", + "lastModified": "2023-12-15T11:15:41.950", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48597.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48597.json new file mode 100644 index 00000000000..4bedbc08fd9 --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48597.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48597", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:42.150", + "lastModified": "2023-12-15T11:15:42.150", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48598.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48598.json new file mode 100644 index 00000000000..14b461c4e0a --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48598.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48598", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:42.343", + "lastModified": "2023-12-15T11:15:42.343", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-485xx/CVE-2023-48599.json b/CVE-2023/CVE-2023-485xx/CVE-2023-48599.json new file mode 100644 index 00000000000..011a9b4067f --- /dev/null +++ b/CVE-2023/CVE-2023-485xx/CVE-2023-48599.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48599", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:42.540", + "lastModified": "2023-12-15T11:15:42.540", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48600.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48600.json new file mode 100644 index 00000000000..5cfacf4c5af --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48600.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48600", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:42.737", + "lastModified": "2023-12-15T11:15:42.737", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48601.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48601.json new file mode 100644 index 00000000000..72a8bac1829 --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48601.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48601", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:42.937", + "lastModified": "2023-12-15T11:15:42.937", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48602.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48602.json new file mode 100644 index 00000000000..5462126f6fa --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48602.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48602", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:43.133", + "lastModified": "2023-12-15T11:15:43.133", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48603.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48603.json new file mode 100644 index 00000000000..0b60209c907 --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48603.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48603", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:43.330", + "lastModified": "2023-12-15T11:15:43.330", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48604.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48604.json new file mode 100644 index 00000000000..596a3ddecff --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48604.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48604", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:43.543", + "lastModified": "2023-12-15T11:15:43.543", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48605.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48605.json new file mode 100644 index 00000000000..503a065a2d7 --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48605.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48605", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:43.743", + "lastModified": "2023-12-15T11:15:43.743", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48606.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48606.json new file mode 100644 index 00000000000..4ff0916e205 --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48606.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48606", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:43.930", + "lastModified": "2023-12-15T11:15:43.930", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48607.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48607.json new file mode 100644 index 00000000000..96f3ba99b8d --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48607.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48607", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:44.123", + "lastModified": "2023-12-15T11:15:44.123", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48608.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48608.json new file mode 100644 index 00000000000..64c872ac89f --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48608.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48608", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:44.327", + "lastModified": "2023-12-15T11:15:44.327", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Input Validation vulnerability. A low-privileged attacker could leverage this vulnerability to achieve a low-integrity impact within the application. Exploitation of this issue requires user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48609.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48609.json new file mode 100644 index 00000000000..27f651881c6 --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48609.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48609", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:44.533", + "lastModified": "2023-12-15T11:15:44.533", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48610.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48610.json new file mode 100644 index 00000000000..f4732ffc5e9 --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48610.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48610", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:44.723", + "lastModified": "2023-12-15T11:15:44.723", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48611.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48611.json new file mode 100644 index 00000000000..33f66e9d10a --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48611.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48611", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:44.927", + "lastModified": "2023-12-15T11:15:44.927", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48612.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48612.json new file mode 100644 index 00000000000..04c9004a734 --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48612.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48612", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:45.120", + "lastModified": "2023-12-15T11:15:45.120", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48613.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48613.json new file mode 100644 index 00000000000..23060b3e685 --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48613.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48613", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:45.310", + "lastModified": "2023-12-15T11:15:45.310", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48614.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48614.json new file mode 100644 index 00000000000..8285adf3278 --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48614.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48614", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:45.510", + "lastModified": "2023-12-15T11:15:45.510", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48615.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48615.json new file mode 100644 index 00000000000..a1d369a6e10 --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48615.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48615", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:45.710", + "lastModified": "2023-12-15T11:15:45.710", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48616.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48616.json new file mode 100644 index 00000000000..c4899c9bd65 --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48616.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48616", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:45.930", + "lastModified": "2023-12-15T11:15:45.930", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48617.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48617.json new file mode 100644 index 00000000000..f07d8965be7 --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48617.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48617", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:46.137", + "lastModified": "2023-12-15T11:15:46.137", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48618.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48618.json new file mode 100644 index 00000000000..48f8dd02b20 --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48618.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48618", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:46.333", + "lastModified": "2023-12-15T11:15:46.333", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48619.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48619.json new file mode 100644 index 00000000000..1fbff9e8fee --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48619.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48619", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:46.533", + "lastModified": "2023-12-15T11:15:46.533", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48620.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48620.json new file mode 100644 index 00000000000..204c8c8812e --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48620.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48620", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:46.740", + "lastModified": "2023-12-15T11:15:46.740", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48621.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48621.json new file mode 100644 index 00000000000..1645a341edd --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48621.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48621", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:46.930", + "lastModified": "2023-12-15T11:15:46.930", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48622.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48622.json new file mode 100644 index 00000000000..4a81d595815 --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48622.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48622", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:47.167", + "lastModified": "2023-12-15T11:15:47.167", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48623.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48623.json new file mode 100644 index 00000000000..8e241fc6e2e --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48623.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48623", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:47.393", + "lastModified": "2023-12-15T11:15:47.393", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48624.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48624.json new file mode 100644 index 00000000000..92b078ca5f9 --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48624.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48624", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-12-15T11:15:47.630", + "lastModified": "2023-12-15T11:15:47.630", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6553.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6553.json new file mode 100644 index 00000000000..e1676e08098 --- /dev/null +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6553.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-6553", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-12-15T11:15:47.837", + "lastModified": "2023-12-15T11:15:47.837", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L118", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L38", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L62", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L64", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3006541%40backup-backup&new=3006541%40backup-backup&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.synacktiv.com/en/publications/php-filters-chain-what-is-it-and-how-to-use-it", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3511ba64-56a3-43d7-8ab8-c6e40e3b686e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6839.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6839.json new file mode 100644 index 00000000000..ba994682b33 --- /dev/null +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6839.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6839", + "sourceIdentifier": "ed10eef1-636d-4fbe-9993-6890dfa878f8", + "published": "2023-12-15T11:15:48.003", + "lastModified": "2023-12-15T11:15:48.003", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ed10eef1-636d-4fbe-9993-6890dfa878f8", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "ed10eef1-636d-4fbe-9993-6890dfa878f8", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + } + ], + "references": [ + { + "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1334/", + "source": "ed10eef1-636d-4fbe-9993-6890dfa878f8" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index ee980ed86eb..9ac873885ca 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # nvd-json-data-feeds -Community reconstruction of the soon-to-be deprecated JSON NVD Data Feeds. +Community reconstruction of the deprecated JSON NVD Data Feeds. [Releases](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) each day at 00:00 AM UTC. Repository synchronizes with the NVD every 2 hours. @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-15T11:00:24.169129+00:00 +2023-12-15T13:00:24.024152+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-15T10:15:10+00:00 +2023-12-15T12:15:44.130000+00:00 ``` ### Last Data Feed Release @@ -23,43 +23,52 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-12-14T16:00:10.769732+00:00 +2023-12-15T12:45:17.724282+00:00 ``` ### Total Number of included CVEs ```plain -233272 +233467 ``` ### CVEs added in the last Commit -Recently added CVEs: `18` +Recently added CVEs: `195` -* [CVE-2023-29234](CVE-2023/CVE-2023-292xx/CVE-2023-29234.json) (`2023-12-15T09:15:07.380`) -* [CVE-2023-46279](CVE-2023/CVE-2023-462xx/CVE-2023-46279.json) (`2023-12-15T09:15:07.490`) -* [CVE-2023-48380](CVE-2023/CVE-2023-483xx/CVE-2023-48380.json) (`2023-12-15T09:15:07.577`) -* [CVE-2023-48381](CVE-2023/CVE-2023-483xx/CVE-2023-48381.json) (`2023-12-15T09:15:07.773`) -* [CVE-2023-48382](CVE-2023/CVE-2023-483xx/CVE-2023-48382.json) (`2023-12-15T09:15:07.967`) -* [CVE-2023-48384](CVE-2023/CVE-2023-483xx/CVE-2023-48384.json) (`2023-12-15T09:15:08.160`) -* [CVE-2023-48387](CVE-2023/CVE-2023-483xx/CVE-2023-48387.json) (`2023-12-15T09:15:08.357`) -* [CVE-2023-48388](CVE-2023/CVE-2023-483xx/CVE-2023-48388.json) (`2023-12-15T09:15:08.550`) -* [CVE-2023-48389](CVE-2023/CVE-2023-483xx/CVE-2023-48389.json) (`2023-12-15T09:15:08.760`) -* [CVE-2023-48390](CVE-2023/CVE-2023-483xx/CVE-2023-48390.json) (`2023-12-15T09:15:08.950`) -* [CVE-2023-48392](CVE-2023/CVE-2023-483xx/CVE-2023-48392.json) (`2023-12-15T10:15:07.590`) -* [CVE-2023-48393](CVE-2023/CVE-2023-483xx/CVE-2023-48393.json) (`2023-12-15T10:15:07.927`) -* [CVE-2023-48394](CVE-2023/CVE-2023-483xx/CVE-2023-48394.json) (`2023-12-15T10:15:08.237`) -* [CVE-2023-48395](CVE-2023/CVE-2023-483xx/CVE-2023-48395.json) (`2023-12-15T10:15:08.590`) -* [CVE-2023-6835](CVE-2023/CVE-2023-68xx/CVE-2023-6835.json) (`2023-12-15T10:15:09.043`) -* [CVE-2023-6836](CVE-2023/CVE-2023-68xx/CVE-2023-6836.json) (`2023-12-15T10:15:09.407`) -* [CVE-2023-6837](CVE-2023/CVE-2023-68xx/CVE-2023-6837.json) (`2023-12-15T10:15:09.767`) -* [CVE-2023-6838](CVE-2023/CVE-2023-68xx/CVE-2023-6838.json) (`2023-12-15T10:15:10.000`) +* [CVE-2023-48607](CVE-2023/CVE-2023-486xx/CVE-2023-48607.json) (`2023-12-15T11:15:44.123`) +* [CVE-2023-48608](CVE-2023/CVE-2023-486xx/CVE-2023-48608.json) (`2023-12-15T11:15:44.327`) +* [CVE-2023-48609](CVE-2023/CVE-2023-486xx/CVE-2023-48609.json) (`2023-12-15T11:15:44.533`) +* [CVE-2023-48610](CVE-2023/CVE-2023-486xx/CVE-2023-48610.json) (`2023-12-15T11:15:44.723`) +* [CVE-2023-48611](CVE-2023/CVE-2023-486xx/CVE-2023-48611.json) (`2023-12-15T11:15:44.927`) +* [CVE-2023-48612](CVE-2023/CVE-2023-486xx/CVE-2023-48612.json) (`2023-12-15T11:15:45.120`) +* [CVE-2023-48613](CVE-2023/CVE-2023-486xx/CVE-2023-48613.json) (`2023-12-15T11:15:45.310`) +* [CVE-2023-48614](CVE-2023/CVE-2023-486xx/CVE-2023-48614.json) (`2023-12-15T11:15:45.510`) +* [CVE-2023-48615](CVE-2023/CVE-2023-486xx/CVE-2023-48615.json) (`2023-12-15T11:15:45.710`) +* [CVE-2023-48616](CVE-2023/CVE-2023-486xx/CVE-2023-48616.json) (`2023-12-15T11:15:45.930`) +* [CVE-2023-48617](CVE-2023/CVE-2023-486xx/CVE-2023-48617.json) (`2023-12-15T11:15:46.137`) +* [CVE-2023-48618](CVE-2023/CVE-2023-486xx/CVE-2023-48618.json) (`2023-12-15T11:15:46.333`) +* [CVE-2023-48619](CVE-2023/CVE-2023-486xx/CVE-2023-48619.json) (`2023-12-15T11:15:46.533`) +* [CVE-2023-48620](CVE-2023/CVE-2023-486xx/CVE-2023-48620.json) (`2023-12-15T11:15:46.740`) +* [CVE-2023-48621](CVE-2023/CVE-2023-486xx/CVE-2023-48621.json) (`2023-12-15T11:15:46.930`) +* [CVE-2023-48622](CVE-2023/CVE-2023-486xx/CVE-2023-48622.json) (`2023-12-15T11:15:47.167`) +* [CVE-2023-48623](CVE-2023/CVE-2023-486xx/CVE-2023-48623.json) (`2023-12-15T11:15:47.393`) +* [CVE-2023-48624](CVE-2023/CVE-2023-486xx/CVE-2023-48624.json) (`2023-12-15T11:15:47.630`) +* [CVE-2023-6553](CVE-2023/CVE-2023-65xx/CVE-2023-6553.json) (`2023-12-15T11:15:47.837`) +* [CVE-2023-6839](CVE-2023/CVE-2023-68xx/CVE-2023-6839.json) (`2023-12-15T11:15:48.003`) +* [CVE-2023-33218](CVE-2023/CVE-2023-332xx/CVE-2023-33218.json) (`2023-12-15T12:15:43.317`) +* [CVE-2023-33219](CVE-2023/CVE-2023-332xx/CVE-2023-33219.json) (`2023-12-15T12:15:43.530`) +* [CVE-2023-33220](CVE-2023/CVE-2023-332xx/CVE-2023-33220.json) (`2023-12-15T12:15:43.733`) +* [CVE-2023-33221](CVE-2023/CVE-2023-332xx/CVE-2023-33221.json) (`2023-12-15T12:15:43.927`) +* [CVE-2023-33222](CVE-2023/CVE-2023-332xx/CVE-2023-33222.json) (`2023-12-15T12:15:44.130`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `2` +* [CVE-2023-3226](CVE-2023/CVE-2023-32xx/CVE-2023-3226.json) (`2023-12-15T11:15:09.510`) +* [CVE-2023-45866](CVE-2023/CVE-2023-458xx/CVE-2023-45866.json) (`2023-12-15T11:15:09.683`) ## Download and Usage @@ -160,7 +169,7 @@ git clone --depth 1 -b main https://github.com/fkie-cad/nvd-json-data-feeds.git ## Motivation -As of September 2023, the NIST will retire all [JSON-based NVD Data Feeds](https://nvd.nist.gov/vuln/data-feeds#divRetirementBanner-1). +On 2023-12-15, the NIST deprecated all [JSON-based NVD Data Feeds](https://nvd.nist.gov/vuln/data-feeds#divRetirementBanner-1). The new [NVD CVE API 2.0](https://nvd.nist.gov/developers/vulnerabilities) is, without a doubt, a great way to obtain CVE information. However, we from [Fraunhofer FKIE - Cyber Analysis and Defense](https://www.fkie.fraunhofer.de/en/departments/cad.html) believe that the API does not cover a variety of use cases.