From eadd4fdb7ac12356e5a6280b1710a56b63123d67 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 29 Dec 2023 13:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-12-29T13:00:25.164457+00:00 --- CVE-2023/CVE-2023-418xx/CVE-2023-41813.json | 55 ++++++++++++++++ CVE-2023/CVE-2023-418xx/CVE-2023-41814.json | 55 ++++++++++++++++ CVE-2023/CVE-2023-418xx/CVE-2023-41815.json | 55 ++++++++++++++++ CVE-2023/CVE-2023-440xx/CVE-2023-44088.json | 55 ++++++++++++++++ CVE-2023/CVE-2023-440xx/CVE-2023-44089.json | 55 ++++++++++++++++ CVE-2023/CVE-2023-508xx/CVE-2023-50837.json | 55 ++++++++++++++++ CVE-2023/CVE-2023-508xx/CVE-2023-50879.json | 55 ++++++++++++++++ CVE-2023/CVE-2023-508xx/CVE-2023-50880.json | 55 ++++++++++++++++ CVE-2023/CVE-2023-508xx/CVE-2023-50881.json | 55 ++++++++++++++++ CVE-2023/CVE-2023-508xx/CVE-2023-50889.json | 55 ++++++++++++++++ CVE-2023/CVE-2023-508xx/CVE-2023-50891.json | 55 ++++++++++++++++ CVE-2023/CVE-2023-508xx/CVE-2023-50892.json | 55 ++++++++++++++++ CVE-2023/CVE-2023-508xx/CVE-2023-50893.json | 55 ++++++++++++++++ CVE-2023/CVE-2023-508xx/CVE-2023-50896.json | 59 +++++++++++++++++ CVE-2023/CVE-2023-509xx/CVE-2023-50901.json | 59 +++++++++++++++++ CVE-2023/CVE-2023-513xx/CVE-2023-51361.json | 59 +++++++++++++++++ CVE-2023/CVE-2023-513xx/CVE-2023-51371.json | 59 +++++++++++++++++ CVE-2023/CVE-2023-513xx/CVE-2023-51372.json | 59 +++++++++++++++++ CVE-2023/CVE-2023-513xx/CVE-2023-51373.json | 59 +++++++++++++++++ CVE-2023/CVE-2023-513xx/CVE-2023-51374.json | 59 +++++++++++++++++ CVE-2023/CVE-2023-513xx/CVE-2023-51396.json | 59 +++++++++++++++++ CVE-2023/CVE-2023-513xx/CVE-2023-51397.json | 59 +++++++++++++++++ CVE-2023/CVE-2023-513xx/CVE-2023-51399.json | 59 +++++++++++++++++ CVE-2023/CVE-2023-514xx/CVE-2023-51402.json | 55 ++++++++++++++++ CVE-2023/CVE-2023-515xx/CVE-2023-51541.json | 59 +++++++++++++++++ CVE-2023/CVE-2023-521xx/CVE-2023-52135.json | 59 +++++++++++++++++ CVE-2023/CVE-2023-68xx/CVE-2023-6857.json | 12 +++- CVE-2023/CVE-2023-68xx/CVE-2023-6858.json | 8 ++- CVE-2023/CVE-2023-68xx/CVE-2023-6859.json | 12 +++- CVE-2023/CVE-2023-68xx/CVE-2023-6860.json | 12 +++- CVE-2023/CVE-2023-68xx/CVE-2023-6861.json | 12 +++- CVE-2023/CVE-2023-68xx/CVE-2023-6862.json | 12 +++- CVE-2023/CVE-2023-68xx/CVE-2023-6863.json | 8 ++- CVE-2023/CVE-2023-68xx/CVE-2023-6864.json | 8 ++- CVE-2023/CVE-2023-68xx/CVE-2023-6865.json | 8 ++- CVE-2023/CVE-2023-68xx/CVE-2023-6867.json | 8 ++- CVE-2023/CVE-2023-70xx/CVE-2023-7078.json | 59 +++++++++++++++++ CVE-2023/CVE-2023-70xx/CVE-2023-7079.json | 63 ++++++++++++++++++ CVE-2023/CVE-2023-70xx/CVE-2023-7080.json | 71 +++++++++++++++++++++ README.md | 71 ++++++++++++--------- 40 files changed, 1791 insertions(+), 51 deletions(-) create mode 100644 CVE-2023/CVE-2023-418xx/CVE-2023-41813.json create mode 100644 CVE-2023/CVE-2023-418xx/CVE-2023-41814.json create mode 100644 CVE-2023/CVE-2023-418xx/CVE-2023-41815.json create mode 100644 CVE-2023/CVE-2023-440xx/CVE-2023-44088.json create mode 100644 CVE-2023/CVE-2023-440xx/CVE-2023-44089.json create mode 100644 CVE-2023/CVE-2023-508xx/CVE-2023-50837.json create mode 100644 CVE-2023/CVE-2023-508xx/CVE-2023-50879.json create mode 100644 CVE-2023/CVE-2023-508xx/CVE-2023-50880.json create mode 100644 CVE-2023/CVE-2023-508xx/CVE-2023-50881.json create mode 100644 CVE-2023/CVE-2023-508xx/CVE-2023-50889.json create mode 100644 CVE-2023/CVE-2023-508xx/CVE-2023-50891.json create mode 100644 CVE-2023/CVE-2023-508xx/CVE-2023-50892.json create mode 100644 CVE-2023/CVE-2023-508xx/CVE-2023-50893.json create mode 100644 CVE-2023/CVE-2023-508xx/CVE-2023-50896.json create mode 100644 CVE-2023/CVE-2023-509xx/CVE-2023-50901.json create mode 100644 CVE-2023/CVE-2023-513xx/CVE-2023-51361.json create mode 100644 CVE-2023/CVE-2023-513xx/CVE-2023-51371.json create mode 100644 CVE-2023/CVE-2023-513xx/CVE-2023-51372.json create mode 100644 CVE-2023/CVE-2023-513xx/CVE-2023-51373.json create mode 100644 CVE-2023/CVE-2023-513xx/CVE-2023-51374.json create mode 100644 CVE-2023/CVE-2023-513xx/CVE-2023-51396.json create mode 100644 CVE-2023/CVE-2023-513xx/CVE-2023-51397.json create mode 100644 CVE-2023/CVE-2023-513xx/CVE-2023-51399.json create mode 100644 CVE-2023/CVE-2023-514xx/CVE-2023-51402.json create mode 100644 CVE-2023/CVE-2023-515xx/CVE-2023-51541.json create mode 100644 CVE-2023/CVE-2023-521xx/CVE-2023-52135.json create mode 100644 CVE-2023/CVE-2023-70xx/CVE-2023-7078.json create mode 100644 CVE-2023/CVE-2023-70xx/CVE-2023-7079.json create mode 100644 CVE-2023/CVE-2023-70xx/CVE-2023-7080.json diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41813.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41813.json new file mode 100644 index 00000000000..d042f1b318f --- /dev/null +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41813.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-41813", + "sourceIdentifier": "security@pandorafms.com", + "published": "2023-12-29T12:15:43.250", + "lastModified": "2023-12-29T12:15:43.250", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS).\u00a0Allows you to edit the Web Console user notification options.\u00a0This issue affects Pandora FMS: from 700 through 774." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@pandorafms.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.0, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.3, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@pandorafms.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", + "source": "security@pandorafms.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41814.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41814.json new file mode 100644 index 00000000000..18732df35ad --- /dev/null +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41814.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-41814", + "sourceIdentifier": "security@pandorafms.com", + "published": "2023-12-29T12:15:43.487", + "lastModified": "2023-12-29T12:15:43.487", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Through an HTML payload (iframe tag) it is possible to carry out XSS attacks when the user receiving the messages opens their notifications.\u00a0This issue affects Pandora FMS: from 700 through 774." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@pandorafms.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@pandorafms.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", + "source": "security@pandorafms.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41815.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41815.json new file mode 100644 index 00000000000..3e715840b43 --- /dev/null +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41815.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-41815", + "sourceIdentifier": "security@pandorafms.com", + "published": "2023-12-29T12:15:43.690", + "lastModified": "2023-12-29T12:15:43.690", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS).\u00a0Malicious code could be executed in the File Manager section.\u00a0This issue affects Pandora FMS: from 700 through 774." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@pandorafms.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@pandorafms.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", + "source": "security@pandorafms.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-440xx/CVE-2023-44088.json b/CVE-2023/CVE-2023-440xx/CVE-2023-44088.json new file mode 100644 index 00000000000..d2674156f13 --- /dev/null +++ b/CVE-2023/CVE-2023-440xx/CVE-2023-44088.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44088", + "sourceIdentifier": "security@pandorafms.com", + "published": "2023-12-29T12:15:43.883", + "lastModified": "2023-12-29T12:15:43.883", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection.\u00a0Arbitrary SQL queries were allowed to be executed using any account with low privileges.\u00a0This issue affects Pandora FMS: from 700 through 774." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@pandorafms.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@pandorafms.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", + "source": "security@pandorafms.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-440xx/CVE-2023-44089.json b/CVE-2023/CVE-2023-440xx/CVE-2023-44089.json new file mode 100644 index 00000000000..bff8b3522dc --- /dev/null +++ b/CVE-2023/CVE-2023-440xx/CVE-2023-44089.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44089", + "sourceIdentifier": "security@pandorafms.com", + "published": "2023-12-29T12:15:44.083", + "lastModified": "2023-12-29T12:15:44.083", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS).\u00a0It was possible to execute malicious JS code on Visual Consoles.\u00a0This issue affects Pandora FMS: from 700 through 774." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@pandorafms.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.6, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@pandorafms.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", + "source": "security@pandorafms.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50837.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50837.json new file mode 100644 index 00000000000..3b69b93a9ae --- /dev/null +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50837.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-50837", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-29T12:15:44.290", + "lastModified": "2023-12-29T12:15:44.290", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown \u2013 Protect Login Form.This issue affects Login Lockdown \u2013 Protect Login Form: from n/a through 2.06.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/login-lockdown/wordpress-login-lockdown-protect-login-form-plugin-2-06-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50879.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50879.json new file mode 100644 index 00000000000..9f6863e4748 --- /dev/null +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50879.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-50879", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-29T12:15:44.503", + "lastModified": "2023-12-29T12:15:44.503", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.This issue affects WordPress.Com Editing Toolkit: from n/a through 3.78784.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/full-site-editing/wordpress-wordpress-com-editing-toolkit-plugin-3-78784-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50880.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50880.json new file mode 100644 index 00000000000..6f3bc416e2c --- /dev/null +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50880.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-50880", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-29T12:15:44.717", + "lastModified": "2023-12-29T12:15:44.717", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The BuddyPress Community BuddyPress allows Stored XSS.This issue affects BuddyPress: from n/a through 11.3.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/buddypress/wordpress-buddypress-plugin-11-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50881.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50881.json new file mode 100644 index 00000000000..80f5af51be4 --- /dev/null +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50881.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-50881", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-29T12:15:44.927", + "lastModified": "2023-12-29T12:15:44.927", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.15.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/advanced-access-manager/wordpress-advanced-access-manager-plugin-6-9-15-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50889.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50889.json new file mode 100644 index 00000000000..56c70f7711a --- /dev/null +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50889.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-50889", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-29T12:15:45.170", + "lastModified": "2023-12-29T12:15:45.170", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder \u2013 WordPress Page Builder allows Stored XSS.This issue affects Beaver Builder \u2013 WordPress Page Builder: from n/a through 2.7.2.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/beaver-builder-lite-version/wordpress-beaver-builder-plugin-2-7-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50891.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50891.json new file mode 100644 index 00000000000..514168b0b0c --- /dev/null +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50891.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-50891", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-29T12:15:45.400", + "lastModified": "2023-12-29T12:15:45.400", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress \u2013 Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress \u2013 Zoho Forms: from n/a through 3.0.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/zoho-forms/wordpress-zoho-forms-plugin-3-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50892.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50892.json new file mode 100644 index 00000000000..977b5e0ae9e --- /dev/null +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50892.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-50892", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-29T12:15:45.620", + "lastModified": "2023-12-29T12:15:45.620", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS.This issue affects TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme: from n/a through 5.9.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/thegem/wordpress-thegem-theme-5-9-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50893.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50893.json new file mode 100644 index 00000000000..37c31684b7f --- /dev/null +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50893.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-50893", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-29T12:15:45.837", + "lastModified": "2023-12-29T12:15:45.837", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution Impreza \u2013 WordPress Website and WooCommerce Builder allows Reflected XSS.This issue affects Impreza \u2013 WordPress Website and WooCommerce Builder: from n/a through 8.17.4.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/us-core/wordpress-upsolution-core-plugin-8-17-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-508xx/CVE-2023-50896.json b/CVE-2023/CVE-2023-508xx/CVE-2023-50896.json new file mode 100644 index 00000000000..75474a06872 --- /dev/null +++ b/CVE-2023/CVE-2023-508xx/CVE-2023-50896.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-50896", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-29T11:15:08.363", + "lastModified": "2023-12-29T11:15:08.363", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weForms weForms \u2013 Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS.This issue affects weForms \u2013 Easy Drag & Drop Contact Form Builder For WordPress: from n/a through 1.6.17.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en weForms weForms \u2013 Easy Drag & Drop Contact Form Builder for WordPress permite XSS almacenado. Este problema afecta a weForms \u2013 Easy Drag & Drop Contact Form Builder For WordPress: de n/a hasta el 1.6.17." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/weforms/wordpress-weforms-plugin-1-6-17-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50901.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50901.json new file mode 100644 index 00000000000..d353fa47856 --- /dev/null +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50901.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-50901", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-29T11:15:08.860", + "lastModified": "2023-12-29T11:15:08.860", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega \u2013 Absolute Addons For Elementor allows Reflected XSS.This issue affects HT Mega \u2013 Absolute Addons For Elementor: from n/a through 2.3.8.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Scripting entre sitios') en HasThemes HT Mega \u2013 Absolute Addons For Elementor permite XSS reflejado. Este problema afecta a HT Mega \u2013 Absolute Addons For Elementor: desde n/a hasta 2.3.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-absolute-addons-for-elementor-plugin-2-3-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-513xx/CVE-2023-51361.json b/CVE-2023/CVE-2023-513xx/CVE-2023-51361.json new file mode 100644 index 00000000000..23acc18b153 --- /dev/null +++ b/CVE-2023/CVE-2023-513xx/CVE-2023-51361.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-51361", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-29T11:15:09.117", + "lastModified": "2023-12-29T11:15:09.117", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ginger Plugins Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button allows Stored XSS.This issue affects Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button: from n/a through 1.1.8.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Scripting entre sitios') en Ginger Plugins Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button permite XSS almacenado. Este problema afecta a Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button: desde n/a hasta 1.1.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/sticky-chat-widget/wordpress-sticky-chat-widget-plugin-1-1-8-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-513xx/CVE-2023-51371.json b/CVE-2023/CVE-2023-513xx/CVE-2023-51371.json new file mode 100644 index 00000000000..da315265598 --- /dev/null +++ b/CVE-2023/CVE-2023-513xx/CVE-2023-51371.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-51371", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-29T11:15:09.383", + "lastModified": "2023-12-29T11:15:09.383", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget allows Stored XSS.This issue affects Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget: from n/a through 1.1.9.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en el widget de chat Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget permite XSS almacenado. Este problema afecta a Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget: desde n/a hasta 1.1.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/bit-assist/wordpress-chat-button-plugin-1-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-513xx/CVE-2023-51372.json b/CVE-2023/CVE-2023-513xx/CVE-2023-51372.json new file mode 100644 index 00000000000..d6ed9aea21f --- /dev/null +++ b/CVE-2023/CVE-2023-513xx/CVE-2023-51372.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-51372", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-29T11:15:09.607", + "lastModified": "2023-12-29T11:15:09.607", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HashBar \u2013 WordPress Notification Bar allows Stored XSS.This issue affects HashBar \u2013 WordPress Notification Bar: from n/a through 1.4.1.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Scripting entre sitios') en HasThemes HashBar \u2013 WordPress Notification Bar permite XSS almacenado. Este problema afecta a HashBar \u2013 WordPress Notification Bar: desde n/a hasta 1.4.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/hashbar-wp-notification-bar/wordpress-hashbar-wordpress-notification-bar-plugin-1-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-513xx/CVE-2023-51373.json b/CVE-2023/CVE-2023-513xx/CVE-2023-51373.json new file mode 100644 index 00000000000..1f846a90440 --- /dev/null +++ b/CVE-2023/CVE-2023-513xx/CVE-2023-51373.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-51373", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-29T11:15:09.860", + "lastModified": "2023-12-29T11:15:09.860", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ian Kennerley Google Photos Gallery with Shortcodes allows Reflected XSS.This issue affects Google Photos Gallery with Shortcodes: from n/a through 4.0.2.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Ian Kennerley Google Photos Gallery with Shortcodes permite XSS reflejado. Este problema afecta a Google Photos Gallery with Shortcodes: desde n/a hasta 4.0.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/google-picasa-albums-viewer/wordpress-google-photos-gallery-with-shortcodes-plugin-4-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-513xx/CVE-2023-51374.json b/CVE-2023/CVE-2023-513xx/CVE-2023-51374.json new file mode 100644 index 00000000000..200a6018ad7 --- /dev/null +++ b/CVE-2023/CVE-2023-513xx/CVE-2023-51374.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-51374", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-29T11:15:10.093", + "lastModified": "2023-12-29T11:15:10.093", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZeroBounce ZeroBounce Email Verification & Validation allows Stored XSS.This issue affects ZeroBounce Email Verification & Validation: from n/a through 1.0.11.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en ZeroBounce ZeroBounce Email Verification & Validation permite XSS almacenado. Este problema afecta a ZeroBounce Email Verification & Validation: desde n/a hasta 1.0.11." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/zerobounce/wordpress-zerobounce-email-verification-validation-plugin-1-0-11-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-513xx/CVE-2023-51396.json b/CVE-2023/CVE-2023-513xx/CVE-2023-51396.json new file mode 100644 index 00000000000..21e2bfd752b --- /dev/null +++ b/CVE-2023/CVE-2023-513xx/CVE-2023-51396.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-51396", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-29T11:15:10.357", + "lastModified": "2023-12-29T11:15:10.357", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brizy.Io Brizy \u2013 Page Builder allows Stored XSS.This issue affects Brizy \u2013 Page Builder: from n/a through 2.4.29.\n\n" + }, + { + "lang": "es", + "value": "La neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Brizy.Io Brizy \u2013 Page Builder permite XSS almacenado. Este problema afecta a Brizy \u2013 Page Builder: desde n/a hasta 2.4.29." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/brizy/wordpress-brizy-page-builder-plugin-2-4-29-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-513xx/CVE-2023-51397.json b/CVE-2023/CVE-2023-513xx/CVE-2023-51397.json new file mode 100644 index 00000000000..94f4275aee4 --- /dev/null +++ b/CVE-2023/CVE-2023-513xx/CVE-2023-51397.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-51397", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-29T11:15:10.600", + "lastModified": "2023-12-29T11:15:10.600", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force WP Remote Site Search allows Stored XSS.This issue affects WP Remote Site Search: from n/a through 1.0.4.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Brainstorm Force WP Remote Site Search permite XSS almacenado. Este problema afecta a WP Remote Site Search: desde n/a hasta 1.0.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-remote-site-search/wordpress-wp-remote-site-search-plugin-1-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-513xx/CVE-2023-51399.json b/CVE-2023/CVE-2023-513xx/CVE-2023-51399.json new file mode 100644 index 00000000000..e4813dfc9b5 --- /dev/null +++ b/CVE-2023/CVE-2023-513xx/CVE-2023-51399.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-51399", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-29T11:15:10.830", + "lastModified": "2023-12-29T11:15:10.830", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Back Button Widget allows Stored XSS.This issue affects Back Button Widget: from n/a through 1.6.3.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Scripting entre sitios') en WPFactory Back Button Widget permite XSS almacenado. Este problema afecta a Back Button Widget: desde n/a hasta 1.6.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/back-button-widget/wordpress-back-button-widget-plugin-1-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51402.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51402.json new file mode 100644 index 00000000000..0277e70c41a --- /dev/null +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51402.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51402", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-29T12:15:46.043", + "lastModified": "2023-12-29T12:15:46.043", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Brain Storm Force Ultimate Addons for WPBakery Page Builder.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.19.17.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/ultimate_vc_addons/wordpress-ultimate-addons-for-wpbakery-page-builder-plugin-3-19-17-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51541.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51541.json new file mode 100644 index 00000000000..30417ee8e6a --- /dev/null +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51541.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-51541", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-29T11:15:11.090", + "lastModified": "2023-12-29T11:15:11.090", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Uro\u0161evi\u0107 Stock Ticker allows Stored XSS.This issue affects Stock Ticker: from n/a through 3.23.4.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Aleksandar Uro\u0161evi? Stock Ticker permite almacenar XSS. Este problema afecta a Stock Ticker: desde n/a hasta 3.23.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/stock-ticker/wordpress-stock-ticker-plugin-3-23-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52135.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52135.json new file mode 100644 index 00000000000..40d8f6a3fdb --- /dev/null +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52135.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-52135", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-29T11:15:11.337", + "lastModified": "2023-12-29T11:15:11.337", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WS Form WS Form LITE \u2013 Drag & Drop Contact Form Builder for WordPress.This issue affects WS Form LITE \u2013 Drag & Drop Contact Form Builder for WordPress: from n/a through 1.9.170.\n\n" + }, + { + "lang": "es", + "value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyecci\u00f3n SQL') en WS Form WS Form LITE \u2013 Drag & Drop Contact Form Builder for WordPress. Este problema afecta a WS Form LITE \u2013 Drag & Drop Contact Form Builder for WordPress: de n/a hasta 1.9.170." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/ws-form/wordpress-ws-form-lite-drag-drop-contact-form-builder-for-wordpress-plugin-1-9-170-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6857.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6857.json index 641fd91bf06..67b5b1a5edc 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6857.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6857.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6857", "sourceIdentifier": "security@mozilla.org", "published": "2023-12-19T14:15:07.377", - "lastModified": "2023-12-22T11:09:51.217", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T12:15:46.270", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -131,6 +131,14 @@ "Permissions Required" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html", + "source": "security@mozilla.org" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html", + "source": "security@mozilla.org" + }, { "url": "https://www.debian.org/security/2023/dsa-5581", "source": "security@mozilla.org", diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6858.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6858.json index 647b9d47534..8502f6f5f8b 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6858.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6858.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6858", "sourceIdentifier": "security@mozilla.org", "published": "2023-12-19T14:15:07.420", - "lastModified": "2023-12-22T11:09:35.557", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T12:15:46.440", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -109,6 +109,10 @@ "Permissions Required" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html", + "source": "security@mozilla.org" + }, { "url": "https://www.debian.org/security/2023/dsa-5581", "source": "security@mozilla.org", diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6859.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6859.json index b5da78ec212..2bc721b51e2 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6859.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6859.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6859", "sourceIdentifier": "security@mozilla.org", "published": "2023-12-19T14:15:07.467", - "lastModified": "2023-12-22T11:08:51.047", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T12:15:46.510", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -109,6 +109,14 @@ "Permissions Required" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html", + "source": "security@mozilla.org" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html", + "source": "security@mozilla.org" + }, { "url": "https://www.debian.org/security/2023/dsa-5581", "source": "security@mozilla.org", diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6860.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6860.json index e3e2e667488..d1af1f811a3 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6860.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6860.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6860", "sourceIdentifier": "security@mozilla.org", "published": "2023-12-19T14:15:07.510", - "lastModified": "2023-12-22T11:07:50.290", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T12:15:46.590", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -109,6 +109,14 @@ "Permissions Required" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html", + "source": "security@mozilla.org" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html", + "source": "security@mozilla.org" + }, { "url": "https://www.debian.org/security/2023/dsa-5581", "source": "security@mozilla.org", diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6861.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6861.json index ac1987ffdf0..bf9a76af034 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6861.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6861.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6861", "sourceIdentifier": "security@mozilla.org", "published": "2023-12-19T14:15:07.560", - "lastModified": "2023-12-22T11:07:37.827", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T12:15:46.757", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -109,6 +109,14 @@ "Permissions Required" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html", + "source": "security@mozilla.org" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html", + "source": "security@mozilla.org" + }, { "url": "https://www.debian.org/security/2023/dsa-5581", "source": "security@mozilla.org", diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6862.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6862.json index d5c89321e79..e3a4f2e40e5 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6862.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6862.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6862", "sourceIdentifier": "security@mozilla.org", "published": "2023-12-19T14:15:07.603", - "lastModified": "2023-12-22T11:04:17.070", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T12:15:46.900", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -103,6 +103,14 @@ "Permissions Required" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html", + "source": "security@mozilla.org" + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html", + "source": "security@mozilla.org" + }, { "url": "https://www.debian.org/security/2023/dsa-5581", "source": "security@mozilla.org", diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6863.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6863.json index 5445658d408..f7ea703bfb3 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6863.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6863.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6863", "sourceIdentifier": "security@mozilla.org", "published": "2023-12-19T14:15:07.650", - "lastModified": "2023-12-22T11:03:59.953", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T12:15:46.990", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -108,6 +108,10 @@ "Issue Tracking" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html", + "source": "security@mozilla.org" + }, { "url": "https://www.debian.org/security/2023/dsa-5581", "source": "security@mozilla.org", diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6864.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6864.json index b30c5c8656e..ca50fa77f21 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6864.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6864.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6864", "sourceIdentifier": "security@mozilla.org", "published": "2023-12-19T14:15:07.707", - "lastModified": "2023-12-22T10:59:57.740", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T12:15:47.177", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -108,6 +108,10 @@ "Broken Link" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html", + "source": "security@mozilla.org" + }, { "url": "https://www.debian.org/security/2023/dsa-5581", "source": "security@mozilla.org", diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6865.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6865.json index 6d486a37d0d..00bd5a088df 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6865.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6865.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6865", "sourceIdentifier": "security@mozilla.org", "published": "2023-12-19T14:15:07.777", - "lastModified": "2023-12-22T10:59:40.403", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T12:15:47.270", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -103,6 +103,10 @@ "Permissions Required" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html", + "source": "security@mozilla.org" + }, { "url": "https://www.debian.org/security/2023/dsa-5581", "source": "security@mozilla.org", diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6867.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6867.json index f901185c2b9..ed89fc87a31 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6867.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6867.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6867", "sourceIdentifier": "security@mozilla.org", "published": "2023-12-19T14:15:07.933", - "lastModified": "2023-12-22T10:53:35.230", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T12:15:47.417", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -103,6 +103,10 @@ "Permissions Required" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html", + "source": "security@mozilla.org" + }, { "url": "https://www.debian.org/security/2023/dsa-5581", "source": "security@mozilla.org", diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7078.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7078.json new file mode 100644 index 00000000000..1b0ec6ff3f7 --- /dev/null +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7078.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-7078", + "sourceIdentifier": "cna@cloudflare.com", + "published": "2023-12-29T12:15:47.537", + "lastModified": "2023-12-29T12:15:47.537", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler\u00a0until 3.19.0), an attacker on the local network could access other local servers.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@cloudflare.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "cna@cloudflare.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/cloudflare/workers-sdk/pull/4532", + "source": "cna@cloudflare.com" + }, + { + "url": "https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7", + "source": "cna@cloudflare.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7079.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7079.json new file mode 100644 index 00000000000..f780367e5bb --- /dev/null +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7079.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-7079", + "sourceIdentifier": "cna@cloudflare.com", + "published": "2023-12-29T12:15:47.763", + "lastModified": "2023-12-29T12:15:47.763", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@cloudflare.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "cna@cloudflare.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/cloudflare/workers-sdk/pull/4532", + "source": "cna@cloudflare.com" + }, + { + "url": "https://github.com/cloudflare/workers-sdk/pull/4535", + "source": "cna@cloudflare.com" + }, + { + "url": "https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-cfph-4qqh-w828", + "source": "cna@cloudflare.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7080.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7080.json new file mode 100644 index 00000000000..4996a6f6f5d --- /dev/null +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7080.json @@ -0,0 +1,71 @@ +{ + "id": "CVE-2023-7080", + "sourceIdentifier": "cna@cloudflare.com", + "published": "2023-12-29T12:15:47.970", + "lastModified": "2023-12-29T12:15:47.970", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate Origin/Host headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If wrangler dev --remote was being used, an attacker could access production resources if they were bound to the worker.\n\nThis issue was fixed in wrangler@3.19.0 and wrangler@2.20.2. Whilst wrangler dev's inspector server listens on local interfaces by default as of wrangler@3.16.0, an SSRF vulnerability in miniflare https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7 \u00a0(CVE-2023-7078) allowed access from the local network until wrangler@3.18.0. wrangler@3.19.0 and wrangler@2.20.2 introduced validation for the Origin/Host headers.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@cloudflare.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "cna@cloudflare.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/cloudflare/workers-sdk/issues/4430", + "source": "cna@cloudflare.com" + }, + { + "url": "https://github.com/cloudflare/workers-sdk/pull/4437", + "source": "cna@cloudflare.com" + }, + { + "url": "https://github.com/cloudflare/workers-sdk/pull/4535", + "source": "cna@cloudflare.com" + }, + { + "url": "https://github.com/cloudflare/workers-sdk/pull/4550", + "source": "cna@cloudflare.com" + }, + { + "url": "https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-f8mp-x433-5wpf", + "source": "cna@cloudflare.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 302099d1b23..4c87d68468a 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-29T11:00:25.168811+00:00 +2023-12-29T13:00:25.164457+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-29T10:15:13.890000+00:00 +2023-12-29T12:15:47.970000+00:00 ``` ### Last Data Feed Release @@ -29,45 +29,54 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -234465 +234494 ``` ### CVEs added in the last Commit -Recently added CVEs: `26` +Recently added CVEs: `29` -* [CVE-2023-22676](CVE-2023/CVE-2023-226xx/CVE-2023-22676.json) (`2023-12-29T09:15:08.057`) -* [CVE-2023-22677](CVE-2023/CVE-2023-226xx/CVE-2023-22677.json) (`2023-12-29T09:15:08.300`) -* [CVE-2023-25054](CVE-2023/CVE-2023-250xx/CVE-2023-25054.json) (`2023-12-29T09:15:08.523`) -* [CVE-2023-32095](CVE-2023/CVE-2023-320xx/CVE-2023-32095.json) (`2023-12-29T09:15:08.750`) -* [CVE-2023-40606](CVE-2023/CVE-2023-406xx/CVE-2023-40606.json) (`2023-12-29T09:15:08.977`) -* [CVE-2023-45751](CVE-2023/CVE-2023-457xx/CVE-2023-45751.json) (`2023-12-29T09:15:09.197`) -* [CVE-2023-46623](CVE-2023/CVE-2023-466xx/CVE-2023-46623.json) (`2023-12-29T09:15:09.410`) -* [CVE-2023-47840](CVE-2023/CVE-2023-478xx/CVE-2023-47840.json) (`2023-12-29T09:15:09.637`) -* [CVE-2023-7166](CVE-2023/CVE-2023-71xx/CVE-2023-7166.json) (`2023-12-29T09:15:09.973`) -* [CVE-2023-28786](CVE-2023/CVE-2023-287xx/CVE-2023-28786.json) (`2023-12-29T10:15:08.973`) -* [CVE-2023-31095](CVE-2023/CVE-2023-310xx/CVE-2023-31095.json) (`2023-12-29T10:15:09.260`) -* [CVE-2023-31229](CVE-2023/CVE-2023-312xx/CVE-2023-31229.json) (`2023-12-29T10:15:09.490`) -* [CVE-2023-31237](CVE-2023/CVE-2023-312xx/CVE-2023-31237.json) (`2023-12-29T10:15:09.813`) -* [CVE-2023-32101](CVE-2023/CVE-2023-321xx/CVE-2023-32101.json) (`2023-12-29T10:15:10.080`) -* [CVE-2023-32517](CVE-2023/CVE-2023-325xx/CVE-2023-32517.json) (`2023-12-29T10:15:10.390`) -* [CVE-2023-49830](CVE-2023/CVE-2023-498xx/CVE-2023-49830.json) (`2023-12-29T10:15:10.783`) -* [CVE-2023-4462](CVE-2023/CVE-2023-44xx/CVE-2023-4462.json) (`2023-12-29T10:15:11.100`) -* [CVE-2023-4463](CVE-2023/CVE-2023-44xx/CVE-2023-4463.json) (`2023-12-29T10:15:11.413`) -* [CVE-2023-4464](CVE-2023/CVE-2023-44xx/CVE-2023-4464.json) (`2023-12-29T10:15:11.750`) -* [CVE-2023-4465](CVE-2023/CVE-2023-44xx/CVE-2023-4465.json) (`2023-12-29T10:15:12.133`) -* [CVE-2023-4466](CVE-2023/CVE-2023-44xx/CVE-2023-4466.json) (`2023-12-29T10:15:12.470`) -* [CVE-2023-4467](CVE-2023/CVE-2023-44xx/CVE-2023-4467.json) (`2023-12-29T10:15:12.783`) -* [CVE-2023-4468](CVE-2023/CVE-2023-44xx/CVE-2023-4468.json) (`2023-12-29T10:15:13.140`) -* [CVE-2023-51420](CVE-2023/CVE-2023-514xx/CVE-2023-51420.json) (`2023-12-29T10:15:13.527`) -* [CVE-2023-7104](CVE-2023/CVE-2023-71xx/CVE-2023-7104.json) (`2023-12-29T10:15:13.890`) +* [CVE-2023-51372](CVE-2023/CVE-2023-513xx/CVE-2023-51372.json) (`2023-12-29T11:15:09.607`) +* [CVE-2023-51373](CVE-2023/CVE-2023-513xx/CVE-2023-51373.json) (`2023-12-29T11:15:09.860`) +* [CVE-2023-51374](CVE-2023/CVE-2023-513xx/CVE-2023-51374.json) (`2023-12-29T11:15:10.093`) +* [CVE-2023-51396](CVE-2023/CVE-2023-513xx/CVE-2023-51396.json) (`2023-12-29T11:15:10.357`) +* [CVE-2023-51397](CVE-2023/CVE-2023-513xx/CVE-2023-51397.json) (`2023-12-29T11:15:10.600`) +* [CVE-2023-51399](CVE-2023/CVE-2023-513xx/CVE-2023-51399.json) (`2023-12-29T11:15:10.830`) +* [CVE-2023-51541](CVE-2023/CVE-2023-515xx/CVE-2023-51541.json) (`2023-12-29T11:15:11.090`) +* [CVE-2023-52135](CVE-2023/CVE-2023-521xx/CVE-2023-52135.json) (`2023-12-29T11:15:11.337`) +* [CVE-2023-41813](CVE-2023/CVE-2023-418xx/CVE-2023-41813.json) (`2023-12-29T12:15:43.250`) +* [CVE-2023-41814](CVE-2023/CVE-2023-418xx/CVE-2023-41814.json) (`2023-12-29T12:15:43.487`) +* [CVE-2023-41815](CVE-2023/CVE-2023-418xx/CVE-2023-41815.json) (`2023-12-29T12:15:43.690`) +* [CVE-2023-44088](CVE-2023/CVE-2023-440xx/CVE-2023-44088.json) (`2023-12-29T12:15:43.883`) +* [CVE-2023-44089](CVE-2023/CVE-2023-440xx/CVE-2023-44089.json) (`2023-12-29T12:15:44.083`) +* [CVE-2023-50837](CVE-2023/CVE-2023-508xx/CVE-2023-50837.json) (`2023-12-29T12:15:44.290`) +* [CVE-2023-50879](CVE-2023/CVE-2023-508xx/CVE-2023-50879.json) (`2023-12-29T12:15:44.503`) +* [CVE-2023-50880](CVE-2023/CVE-2023-508xx/CVE-2023-50880.json) (`2023-12-29T12:15:44.717`) +* [CVE-2023-50881](CVE-2023/CVE-2023-508xx/CVE-2023-50881.json) (`2023-12-29T12:15:44.927`) +* [CVE-2023-50889](CVE-2023/CVE-2023-508xx/CVE-2023-50889.json) (`2023-12-29T12:15:45.170`) +* [CVE-2023-50891](CVE-2023/CVE-2023-508xx/CVE-2023-50891.json) (`2023-12-29T12:15:45.400`) +* [CVE-2023-50892](CVE-2023/CVE-2023-508xx/CVE-2023-50892.json) (`2023-12-29T12:15:45.620`) +* [CVE-2023-50893](CVE-2023/CVE-2023-508xx/CVE-2023-50893.json) (`2023-12-29T12:15:45.837`) +* [CVE-2023-51402](CVE-2023/CVE-2023-514xx/CVE-2023-51402.json) (`2023-12-29T12:15:46.043`) +* [CVE-2023-7078](CVE-2023/CVE-2023-70xx/CVE-2023-7078.json) (`2023-12-29T12:15:47.537`) +* [CVE-2023-7079](CVE-2023/CVE-2023-70xx/CVE-2023-7079.json) (`2023-12-29T12:15:47.763`) +* [CVE-2023-7080](CVE-2023/CVE-2023-70xx/CVE-2023-7080.json) (`2023-12-29T12:15:47.970`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `10` -* [CVE-2023-7152](CVE-2023/CVE-2023-71xx/CVE-2023-7152.json) (`2023-12-29T09:15:09.873`) +* [CVE-2023-6857](CVE-2023/CVE-2023-68xx/CVE-2023-6857.json) (`2023-12-29T12:15:46.270`) +* [CVE-2023-6858](CVE-2023/CVE-2023-68xx/CVE-2023-6858.json) (`2023-12-29T12:15:46.440`) +* [CVE-2023-6859](CVE-2023/CVE-2023-68xx/CVE-2023-6859.json) (`2023-12-29T12:15:46.510`) +* [CVE-2023-6860](CVE-2023/CVE-2023-68xx/CVE-2023-6860.json) (`2023-12-29T12:15:46.590`) +* [CVE-2023-6861](CVE-2023/CVE-2023-68xx/CVE-2023-6861.json) (`2023-12-29T12:15:46.757`) +* [CVE-2023-6862](CVE-2023/CVE-2023-68xx/CVE-2023-6862.json) (`2023-12-29T12:15:46.900`) +* [CVE-2023-6863](CVE-2023/CVE-2023-68xx/CVE-2023-6863.json) (`2023-12-29T12:15:46.990`) +* [CVE-2023-6864](CVE-2023/CVE-2023-68xx/CVE-2023-6864.json) (`2023-12-29T12:15:47.177`) +* [CVE-2023-6865](CVE-2023/CVE-2023-68xx/CVE-2023-6865.json) (`2023-12-29T12:15:47.270`) +* [CVE-2023-6867](CVE-2023/CVE-2023-68xx/CVE-2023-6867.json) (`2023-12-29T12:15:47.417`) ## Download and Usage