Auto-Update: 2023-11-30T13:00:18.398294+00:00

2025-05-09 03:57:14 +00:00 · 2023-11-30 13:00:22 +00:00 · 2023-11-30 13:00:22 +00:00 · f38fe7dcb2
commit f38fe7dcb2
parent 7072754a36
18 changed files with 874 additions and 16 deletions
--- a/CVE-2022/CVE-2022-451xx/CVE-2022-45135.json
+++ b/CVE-2022/CVE-2022-451xx/CVE-2022-45135.json
@ -2,12 +2,16 @@
  "id": "CVE-2022-45135",
  "sourceIdentifier": "security@apache.org",
  "published": "2023-11-30T08:15:07.063",
-  "lastModified": "2023-11-30T08:15:07.063",
+  "lastModified": "2023-11-30T12:15:07.633",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0.\n\nUsers are recommended to upgrade to version 2.3.0, which fixes the issue.\n\n"
+    },
+    {
+      "lang": "es",
+      "value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyecci\u00f3n SQL') en Apache Cocoon. Este problema afecta a Apache Cocoon: desde 2.2.0 antes de 2.3.0. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.3.0, que soluciona el problema."
    }
  ],
  "metrics": {},
@ -24,6 +28,10 @@
    }
  ],
  "references": [
+    {
+      "url": "http://www.openwall.com/lists/oss-security/2023/11/30/3",
+      "source": "security@apache.org"
+    },
    {
      "url": "https://lists.apache.org/thread/lsvd1hmr2t2q823x21d5ygzgbj9jpvjp",
      "source": "security@apache.org"
--- a/CVE-2023/CVE-2023-411xx/CVE-2023-41136.json
+++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41136.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-41136",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-11-30T12:15:07.773",
+  "lastModified": "2023-11-30T12:15:07.773",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Laurence/OhMyBox.Info Simple Long Form allows Stored XSS.This issue affects Simple Long Form: from n/a through 2.2.2.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 5.9,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.7,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/simple-long-form/wordpress-simple-long-form-plugin-2-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-450xx/CVE-2023-45050.json
+++ b/CVE-2023/CVE-2023-450xx/CVE-2023-45050.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-45050",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-11-30T12:15:07.983",
+  "lastModified": "2023-11-30T12:15:07.983",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack \u2013 WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack \u2013 WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/articles/authenticated-stored-xss-in-woocommerce-and-jetpack-plugin?_s_id=cve",
+      "source": "audit@patchstack.com"
+    },
+    {
+      "url": "https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-8-a-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-475xx/CVE-2023-47505.json
+++ b/CVE-2023/CVE-2023-475xx/CVE-2023-47505.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-47505",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-11-30T12:15:08.180",
+  "lastModified": "2023-11-30T12:15:08.180",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor.Com Elementor allows Cross-Site Scripting (XSS).This issue affects Elementor: from n/a through 3.16.4.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/articles/arbitrary-attachment-render-to-xss-in-elementor-plugin?_s_id=cve",
+      "source": "audit@patchstack.com"
+    },
+    {
+      "url": "https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-16-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-477xx/CVE-2023-47777.json
+++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47777.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2023-47777",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-11-30T12:15:08.370",
+  "lastModified": "2023-11-30T12:15:08.370",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce, Automattic WooCommerce Blocks allows Stored XSS.This issue affects WooCommerce: from n/a through 8.1.1; WooCommerce Blocks: from n/a through 11.1.1.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/articles/authenticated-stored-xss-in-woocommerce-and-jetpack-plugin?_s_id=cve",
+      "source": "audit@patchstack.com"
+    },
+    {
+      "url": "https://patchstack.com/database/vulnerability/woo-gutenberg-products-block/wordpress-woocommerce-blocks-plugin-11-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    },
+    {
+      "url": "https://patchstack.com/database/vulnerability/woocommerce/wordpress-woocommerce-plugin-8-1-1-contributor-cross-site-scripting-xss-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-478xx/CVE-2023-47850.json
+++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47850.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-47850",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-11-30T12:15:08.560",
+  "lastModified": "2023-11-30T12:15:08.560",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles allows Stored XSS.This issue affects Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles: from n/a through 6.2.2.0.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/peepso-core/wordpress-community-by-peepso-plugin-6-2-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-478xx/CVE-2023-47851.json
+++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47851.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-47851",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-11-30T12:15:08.757",
+  "lastModified": "2023-11-30T12:15:08.757",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Akhtarujjaman Shuvo Bootstrap Shortcodes Ultimate allows Stored XSS.This issue affects Bootstrap Shortcodes Ultimate: from n/a through 4.3.1.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/bs-shortcode-ultimate/wordpress-bootstrap-shortcodes-ultimate-plugin-4-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-478xx/CVE-2023-47854.json
+++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47854.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-47854",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-11-30T12:15:08.950",
+  "lastModified": "2023-11-30T12:15:08.950",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Howard Ehrenberg Parallax Image allows Stored XSS.This issue affects Parallax Image: from n/a through 1.7.1.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/parallax-image/wordpress-parallax-image-plugin-1-7-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-482xx/CVE-2023-48289.json
+++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48289.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-48289",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-11-30T12:15:09.140",
+  "lastModified": "2023-11-30T12:15:09.140",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SpreadsheetConverter Import Spreadsheets from Microsoft Excel allows Stored XSS.This issue affects Import Spreadsheets from Microsoft Excel: from n/a through 10.1.3.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/import-spreadsheets-from-microsoft-excel/wordpress-import-spreadsheets-from-microsoft-excel-plugin-10-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-483xx/CVE-2023-48322.json
+++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48322.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-48322",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-11-30T12:15:09.333",
+  "lastModified": "2023-11-30T12:15:09.333",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eDoc Intelligence eDoc Employee Job Application \u2013 Best WordPress Job Manager for Employees allows Reflected XSS.This issue affects eDoc Employee Job Application \u2013 Best WordPress Job Manager for Employees: from n/a through 1.13.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 7.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/edoc-employee-application/wordpress-edoc-employee-job-application-plugin-1-13-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-483xx/CVE-2023-48326.json
+++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48326.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-48326",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-11-30T12:15:09.523",
+  "lastModified": "2023-11-30T12:15:09.523",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixelite Events Manager allows Reflected XSS.This issue affects Events Manager: from n/a through 6.4.5.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 7.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/events-manager/wordpress-events-manager-plugin-6-4-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-483xx/CVE-2023-48329.json
+++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48329.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-48329",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-11-30T12:15:09.713",
+  "lastModified": "2023-11-30T12:15:09.713",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeBard Fast Custom Social Share by CodeBard allows Stored XSS.This issue affects Fast Custom Social Share by CodeBard: from n/a through 1.1.1.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 5.9,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.7,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/fast-custom-social-share-by-codebard/wordpress-fast-custom-social-share-by-codebard-plugin-1-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-483xx/CVE-2023-48336.json
+++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48336.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-48336",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-11-30T11:15:12.907",
+  "lastModified": "2023-11-30T11:15:12.907",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cybernetikz Easy Social Icons allows Stored XSS.This issue affects Easy Social Icons: from n/a through 3.2.4.\n\n"
+    },
+    {
+      "lang": "es",
+      "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-Site Scripting') en cybernetikz Easy Social Icons permite almacenar XSS. Este problema afecta a Easy Social Icons: desde n/a hasta 3.2.4."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/easy-social-icons/wordpress-easy-social-icons-plugin-3-2-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-487xx/CVE-2023-48737.json
+++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48737.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-48737",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-11-30T11:15:13.760",
+  "lastModified": "2023-11-30T11:15:13.760",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PT Trijaya Digital Grup TriPay Payment Gateway allows Stored XSS.This issue affects TriPay Payment Gateway: from n/a through 3.2.7.\n\n"
+    },
+    {
+      "lang": "es",
+      "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-Site Scripting') en PT Trijaya Digital Grup TriPay Payment Gateway permite almacenar XSS. Este problema afecta a TriPay Payment Gateway: desde n/a hasta 3.2.7."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 5.9,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.7,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/tripay-payment-gateway/wordpress-tripay-payment-gateway-plugin-3-2-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-487xx/CVE-2023-48743.json
+++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48743.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-48743",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-11-30T11:15:14.023",
+  "lastModified": "2023-11-30T11:15:14.023",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Menard Simply Exclude allows Reflected XSS.This issue affects Simply Exclude: from n/a through 2.0.6.6.\n\n"
+    },
+    {
+      "lang": "es",
+      "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-Site Scripting') en Paul Menard Simply Exclude permite XSS Reflejado. Este problema afecta a Simply Exclude: desde n/a hasta 2.0.6.6."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 5.8,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.6,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/simply-exclude/wordpress-simply-exclude-plugin-2-0-6-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-496xx/CVE-2023-49620.json
+++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49620.json
@ -2,12 +2,16 @@
  "id": "CVE-2023-49620",
  "sourceIdentifier": "security@apache.org",
  "published": "2023-11-30T09:15:07.227",
-  "lastModified": "2023-11-30T09:15:07.227",
+  "lastModified": "2023-11-30T12:15:09.900",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with\u00a0unauthorized\u00a0access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires user login to operate, please upgrade to version 3.1.0 to avoid this\u00a0vulnerability"
+    },
+    {
+      "lang": "es",
+      "value": "Antes de la versi\u00f3n 3.1.0 de DolphinScheduler, el usuario que iniciaba sesi\u00f3n pod\u00eda eliminar la funci\u00f3n UDF en el centro de recursos sin autorizaci\u00f3n (que casi se usaba en tareas SQL), con vulnerabilidad de acceso no autorizado (IDOR), pero despu\u00e9s de la versi\u00f3n 3.1.0 solucionamos este problema. Marcamos esta cve como nivel moderado porque todav\u00eda requiere el inicio de sesi\u00f3n del usuario para funcionar. Actualice a la versi\u00f3n 3.1.0 para evitar esta vulnerabilidad."
    }
  ],
  "metrics": {},
@ -24,6 +28,10 @@
    }
  ],
  "references": [
+    {
+      "url": "http://www.openwall.com/lists/oss-security/2023/11/30/4",
+      "source": "security@apache.org"
+    },
    {
      "url": "https://github.com/apache/dolphinscheduler/pull/10307",
      "source": "security@apache.org"
--- a/CVE-2023/CVE-2023-497xx/CVE-2023-49733.json
+++ b/CVE-2023/CVE-2023-497xx/CVE-2023-49733.json
@ -0,0 +1,36 @@
+{
+  "id": "CVE-2023-49733",
+  "sourceIdentifier": "security@apache.org",
+  "published": "2023-11-30T12:15:09.963",
+  "lastModified": "2023-11-30T12:15:09.963",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0.\n\nUsers are recommended to upgrade to version 2.3.0, which fixes the issue.\n\n"
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@apache.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-611"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "http://www.openwall.com/lists/oss-security/2023/11/30/5",
+      "source": "security@apache.org"
+    },
+    {
+      "url": "https://lists.apache.org/thread/t87nntzt6dxw354zbqr9k7l7o1x8gq11",
+      "source": "security@apache.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-11-30T11:00:17.590698+00:00
+2023-11-30T13:00:18.398294+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-11-30T10:15:07.410000+00:00
+2023-11-30T12:15:09.963000+00:00
 ```

 ### Last Data Feed Release
@ -29,28 +29,36 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-231744
+231759
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `2`
+Recently added CVEs: `15`

-* [CVE-2021-36806](CVE-2021/CVE-2021-368xx/CVE-2021-36806.json) (`2023-11-30T10:15:07.183`)
-* [CVE-2023-49620](CVE-2023/CVE-2023-496xx/CVE-2023-49620.json) (`2023-11-30T09:15:07.227`)
+* [CVE-2023-48336](CVE-2023/CVE-2023-483xx/CVE-2023-48336.json) (`2023-11-30T11:15:12.907`)
+* [CVE-2023-48737](CVE-2023/CVE-2023-487xx/CVE-2023-48737.json) (`2023-11-30T11:15:13.760`)
+* [CVE-2023-48743](CVE-2023/CVE-2023-487xx/CVE-2023-48743.json) (`2023-11-30T11:15:14.023`)
+* [CVE-2023-41136](CVE-2023/CVE-2023-411xx/CVE-2023-41136.json) (`2023-11-30T12:15:07.773`)
+* [CVE-2023-45050](CVE-2023/CVE-2023-450xx/CVE-2023-45050.json) (`2023-11-30T12:15:07.983`)
+* [CVE-2023-47505](CVE-2023/CVE-2023-475xx/CVE-2023-47505.json) (`2023-11-30T12:15:08.180`)
+* [CVE-2023-47777](CVE-2023/CVE-2023-477xx/CVE-2023-47777.json) (`2023-11-30T12:15:08.370`)
+* [CVE-2023-47850](CVE-2023/CVE-2023-478xx/CVE-2023-47850.json) (`2023-11-30T12:15:08.560`)
+* [CVE-2023-47851](CVE-2023/CVE-2023-478xx/CVE-2023-47851.json) (`2023-11-30T12:15:08.757`)
+* [CVE-2023-47854](CVE-2023/CVE-2023-478xx/CVE-2023-47854.json) (`2023-11-30T12:15:08.950`)
+* [CVE-2023-48289](CVE-2023/CVE-2023-482xx/CVE-2023-48289.json) (`2023-11-30T12:15:09.140`)
+* [CVE-2023-48322](CVE-2023/CVE-2023-483xx/CVE-2023-48322.json) (`2023-11-30T12:15:09.333`)
+* [CVE-2023-48326](CVE-2023/CVE-2023-483xx/CVE-2023-48326.json) (`2023-11-30T12:15:09.523`)
+* [CVE-2023-48329](CVE-2023/CVE-2023-483xx/CVE-2023-48329.json) (`2023-11-30T12:15:09.713`)
+* [CVE-2023-49733](CVE-2023/CVE-2023-497xx/CVE-2023-49733.json) (`2023-11-30T12:15:09.963`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `7`
+Recently modified CVEs: `2`

-* [CVE-2023-42502](CVE-2023/CVE-2023-425xx/CVE-2023-42502.json) (`2023-11-30T09:15:07.123`)
-* [CVE-2023-4664](CVE-2023/CVE-2023-46xx/CVE-2023-4664.json) (`2023-11-30T09:15:07.313`)
-* [CVE-2023-4702](CVE-2023/CVE-2023-47xx/CVE-2023-4702.json) (`2023-11-30T09:15:07.560`)
-* [CVE-2023-4972](CVE-2023/CVE-2023-49xx/CVE-2023-4972.json) (`2023-11-30T09:15:07.753`)
-* [CVE-2023-5045](CVE-2023/CVE-2023-50xx/CVE-2023-5045.json) (`2023-11-30T09:15:07.950`)
-* [CVE-2023-5046](CVE-2023/CVE-2023-50xx/CVE-2023-5046.json) (`2023-11-30T09:15:08.153`)
-* [CVE-2023-6019](CVE-2023/CVE-2023-60xx/CVE-2023-6019.json) (`2023-11-30T10:15:07.410`)
+* [CVE-2022-45135](CVE-2022/CVE-2022-451xx/CVE-2022-45135.json) (`2023-11-30T12:15:07.633`)
+* [CVE-2023-49620](CVE-2023/CVE-2023-496xx/CVE-2023-49620.json) (`2023-11-30T12:15:09.900`)


 ## Download and Usage