admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-05T16:00:53.707098+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-05 16:00:57 +00:00
parent 936c64b1a5
commit f5c2b1ab87
44 changed files with 1941 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
CVE-2022/CVE-2022-417xx/CVE-2022-41766.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2022-41766",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-29T21:15:09.757",
"lastModified": "2023-05-30T12:52:56.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-05T14:24:03.163",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when the user has been revision deleted/suppressed)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.35.8",
"matchCriteriaId": "8641E8E6-E89C-4EE1-A4C2-7DB79F8FCF4A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.36.0",
"versionEndExcluding": "1.37.5",
"matchCriteriaId": "44F278DA-D150-4A87-AEE8-82A52D0DFE3B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.38.0",
"versionEndExcluding": "1.38.3",
"matchCriteriaId": "0582934E-BEE2-4D9B-8160-9BF5E1EFD1BF"
}
]
}
]
}
],
"references": [
{
"url": "https://phabricator.wikimedia.org/T307278",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
]
}
]
}

52
CVE-2022/CVE-2022-46xx/CVE-2022-4676.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2022-4676",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-30T08:15:09.307",
"lastModified": "2023-05-30T12:52:56.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-05T14:27:49.883",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The OSM WordPress plugin through 6.01 does not validate and escape some of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openstreetmap:openstreetmap:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "6.01",
"matchCriteriaId": "5CF96C18-0D31-4141-B275-EC1F97B5515D"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/1df3c17c-990d-4074-b1d5-b26da880d88e",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
}
]
}

32
CVE-2022/CVE-2022-49xx/CVE-2022-4946.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2022-4946",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-05T14:15:09.577",
"lastModified": "2023-06-05T14:22:20.397",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/6e222018-a3e0-4af0-846c-6f00b67dfbc0",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-01xx/CVE-2023-0152.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-0152",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-05T14:15:09.660",
"lastModified": "2023-06-05T14:22:20.397",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP Multi Store Locator WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/8281fce2-6f24-4d3f-895f-4d8694806609",
"source": "contact@wpscan.com"
}
]
}

52
CVE-2023/CVE-2023-04xx/CVE-2023-0443.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-0443",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-30T08:15:09.460",
"lastModified": "2023-05-30T12:52:56.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-05T14:29:56.740",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpvibes:anywhere_elementor:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2.8",
"matchCriteriaId": "1347BA0D-58FB-42BB-BA60-5A778E00CF7A"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/471f3226-8f90-43d1-b826-f11ef4bbd602",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
}
]
}

32
CVE-2023/CVE-2023-05xx/CVE-2023-0545.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-0545",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-05T14:15:09.727",
"lastModified": "2023-06-05T14:22:20.397",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/b604afc8-61d0-4e98-8950-f3d29f9e9ee1",
"source": "contact@wpscan.com"
}
]
}

52
CVE-2023/CVE-2023-07xx/CVE-2023-0733.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-0733",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-30T08:15:09.523",
"lastModified": "2023-05-30T12:52:56.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-05T14:44:50.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:newsletter_popup_project:newsletter_popup:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2",
"matchCriteriaId": "E576E32F-C7DC-4B4D-8F09-026DF0BBEF91"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/fed1e184-ff56-44fe-9876-d17c0156447a",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
}
]
}

52
CVE-2023/CVE-2023-07xx/CVE-2023-0766.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-0766",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-30T08:15:09.590",
"lastModified": "2023-05-30T12:52:56.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-05T14:45:46.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Newsletter Popup WordPress plugin through 1.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks as the wp_newsletter_show_localrecord page is not protected with a nonce."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:newsletter_popup_project:newsletter_popup:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2",
"matchCriteriaId": "E576E32F-C7DC-4B4D-8F09-026DF0BBEF91"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/90a1976c-0348-41ea-90b4-f7a5d9306c88",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
}
]
}

32
CVE-2023/CVE-2023-09xx/CVE-2023-0900.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-0900",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-05T14:15:09.793",
"lastModified": "2023-06-05T14:22:20.397",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/f601e637-a486-4f3a-9077-4f294ace7ea1",
"source": "contact@wpscan.com"
}
]
}

52
CVE-2023/CVE-2023-15xx/CVE-2023-1524.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-1524",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-30T08:15:09.657",
"lastModified": "2023-05-30T12:52:56.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-05T14:48:29.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any file with the knowledge of any one file's password."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpdownloadmanager:download_manager:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.71",
"matchCriteriaId": "87A3B49E-E8EE-44E0-8216-B895F2263524"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/3802d15d-9bfd-4762-ab8a-04475451868e",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
}
]
}

52
CVE-2023/CVE-2023-19xx/CVE-2023-1938.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-1938",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-30T08:15:09.713",
"lastModified": "2023-05-30T12:52:56.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-05T14:51:30.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP Fastest Cache WordPress plugin before 1.1.5 does not have CSRF check in an AJAX action, and does not validate user input before using it in the wp_remote_get() function, leading to a Blind SSRF issue"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -27,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpfastestcache:wp_fastest_cache:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.1.5",
"matchCriteriaId": "C838E3D4-2F7D-4B34-BE77-1E3AEEC21872"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/92b1c6d8-51db-46aa-bde6-abdfb091aab5",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
}
]
}

64
CVE-2023/CVE-2023-20xx/CVE-2023-2023.json
View File

@ -2,18 +2,41 @@
"id": "CVE-2023-2023",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-30T08:15:09.787",
"lastModified": "2023-05-30T12:52:56.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-05T14:50:11.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -21,12 +44,43 @@
"value": "CWE-79"
}
]
},
{
"source": "contact@wpscan.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:custom_404_pro_project:custom_404_pro:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.7.3",
"matchCriteriaId": "A807E07F-3064-4E3D-82F5-33C7B2ACA0A5"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/8859843a-a8c2-4f7a-8372-67049d6ea317",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
}
]
}

52
CVE-2023/CVE-2023-21xx/CVE-2023-2111.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2111",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-30T08:15:09.837",
"lastModified": "2023-05-30T12:52:56.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-05T14:50:50.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's database."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:groundhogg:hollerbox:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.1.4",
"matchCriteriaId": "FD569333-A885-41BE-BC64-C8AEB8A3FCD1"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/7a0bdd47-c339-489d-9443-f173a83447f2",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
}
]
}

52
CVE-2023/CVE-2023-21xx/CVE-2023-2113.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2113",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-30T08:15:09.900",
"lastModified": "2023-05-30T12:52:56.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-05T14:52:13.103",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Autoptimize WordPress plugin before 3.1.7 does not sanitise and escape the settings imported from a previous export, allowing high privileged users (such as an administrator) to inject arbitrary javascript into the admin panel, even when the unfiltered_html capability is disabled, such as in a multisite setup."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autoptimize:autoptimize:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.1.7",
"matchCriteriaId": "EAC8D23A-6712-41A5-832F-0CAC590533A0"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/ddb4c95d-bbee-4095-aed6-25f6b8e63011",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
}
]
}

52
CVE-2023/CVE-2023-21xx/CVE-2023-2117.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2117",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-30T08:15:09.963",
"lastModified": "2023-05-30T12:52:56.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-05T14:52:52.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the get_subdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:10web:image_optimizer:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.0.27",
"matchCriteriaId": "48C35DA0-C199-4319-A6AB-7EBDB7969E41"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/44024299-ba40-4da7-81e1-bd44d10846f3",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
}
]
}

52
CVE-2023/CVE-2023-22xx/CVE-2023-2223.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2223",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-30T08:15:10.030",
"lastModified": "2023-05-30T12:52:56.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-05T14:53:35.137",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Login rebuilder WordPress plugin before 2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:12net:login_rebuilder:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.8.1",
"matchCriteriaId": "9C06D0D4-92FB-462E-B05C-078A286D3A34"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/7b356b82-5d03-4f70-b4ce-f1405304bb52",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
}
]
}

32
CVE-2023/CVE-2023-22xx/CVE-2023-2224.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-2224",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-05T14:15:09.977",
"lastModified": "2023-06-05T14:22:20.397",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/a76b6d22-1e00-428a-8a04-12162bd0d992",
"source": "contact@wpscan.com"
}
]
}

52
CVE-2023/CVE-2023-22xx/CVE-2023-2256.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2256",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-30T08:15:10.097",
"lastModified": "2023-05-30T12:52:56.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-05T14:53:59.733",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.7 does not sanitize and escape some URL parameters, leading to Reflected Cross-Site Scripting."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themeisle:product_addons_\\&_fields_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "32.0.7",
"matchCriteriaId": "3C3C9605-32E3-499F-9BBC-E4E92BFBC741"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/1187e041-3be2-4613-8d56-c2394fcc75fb",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
}
]
}

52
CVE-2023/CVE-2023-22xx/CVE-2023-2287.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2287",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-30T08:15:10.157",
"lastModified": "2023-05-30T12:52:56.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-05T14:55:48.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themeisle:orbitfox:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.10.24",
"matchCriteriaId": "B83C4892-D1BB-4408-8A25-EDCA9D7E2CD9"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/1b36a184-2138-4a65-8940-07e7764669bb",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
}
]
}

64
CVE-2023/CVE-2023-22xx/CVE-2023-2288.json
View File

@ -2,18 +2,41 @@
"id": "CVE-2023-2288",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-30T08:15:10.217",
"lastModified": "2023-05-30T12:52:56.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-05T14:57:07.243",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP < 8.0 using the phar:// stream wrapper."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -21,12 +44,43 @@
"value": "CWE-502"
}
]
},
{
"source": "contact@wpscan.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themeisle:otter:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.2.6",
"matchCriteriaId": "8EA26D1F-4E7C-4C53-9132-22838DB5F877"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/93acb4ee-1053-48e1-8b69-c09dc3b2f302",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
}
]
}

52
CVE-2023/CVE-2023-22xx/CVE-2023-2296.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2296",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-30T08:15:10.280",
"lastModified": "2023-05-30T12:52:56.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-05T14:57:38.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Loginizer WordPress plugin before 1.7.9 does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:loginizer:loginizer:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.7.9",
"matchCriteriaId": "A221A5D9-7826-4564-959A-E796928B70B1"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/8126ff73-c0e5-4c1b-ba10-2e51f690521e",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
}
]
}

10
CVE-2023/CVE-2023-236xx/CVE-2023-23694.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23694",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-05-23T07:15:10.317",
"lastModified": "2023-06-01T20:44:36.253",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-05T14:15:09.860",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -56,7 +56,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
@ -66,12 +66,12 @@
]
},
{
"source": "security_alert@emc.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
"value": "CWE-78"
}
]
}

32
CVE-2023/CVE-2023-23xx/CVE-2023-2337.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-2337",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-05T14:15:10.040",
"lastModified": "2023-06-05T14:22:20.397",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/e5a6f834-80a4-406b-acae-57ffeec2e689",
"source": "contact@wpscan.com"
}
]
}

52
CVE-2023/CVE-2023-24xx/CVE-2023-2470.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2470",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-30T08:15:10.337",
"lastModified": "2023-05-30T12:52:56.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-05T14:58:04.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Add to Feedly WordPress plugin through 1.2.11 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:add_to_feedly_project:add_to_feedly:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.11",
"matchCriteriaId": "C15E89AC-EFA0-4B4E-ACB7-E91D7DF27B0A"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/de0adf26-8a0b-4b90-96d5-4bec6e770e04",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
}
]
}

32
CVE-2023/CVE-2023-24xx/CVE-2023-2472.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-2472",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-05T14:15:10.110",
"lastModified": "2023-06-05T14:22:20.397",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.61 does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/b0e7665a-c8c3-4132-b8d7-8677a90118df",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-24xx/CVE-2023-2488.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-2488",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-05T14:15:10.173",
"lastModified": "2023-06-05T14:22:20.397",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/60226669-0b7b-441f-93d4-b5933e69478f",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-24xx/CVE-2023-2489.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-2489",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-05T14:15:10.243",
"lastModified": "2023-06-05T14:22:20.397",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/dcbe3334-357a-4744-b50c-309d10cca30d",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-25xx/CVE-2023-2503.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-2503",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-05T14:15:10.300",
"lastModified": "2023-06-05T14:22:20.397",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The 10Web Social Post Feed WordPress plugin before 1.2.9 does not sanitise and escape some parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/07b1caf1-d00b-4075-b71a-0516d5604286",
"source": "contact@wpscan.com"
}
]
}

52
CVE-2023/CVE-2023-25xx/CVE-2023-2518.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-2518",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-30T08:15:10.390",
"lastModified": "2023-05-30T12:52:56.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-05T14:59:11.307",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Easy Forms for Mailchimp WordPress plugin through 6.8.8 does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +46,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yikesinc:easy_forms_for_mailchimp:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "6.8.8",
"matchCriteriaId": "E2382E30-4FA0-4B0E-B3E2-0942C2BC17BD"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/ca120255-2c50-4906-97f3-ea660486db4c",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit"
]
}
]
}

32
CVE-2023/CVE-2023-25xx/CVE-2023-2571.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-2571",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-05T14:15:10.363",
"lastModified": "2023-06-05T14:22:20.397",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Quiz Maker WordPress plugin before 6.4.2.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/2dc02e5c-1c89-4053-a6a7-29ee7b996183",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-25xx/CVE-2023-2572.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-2572",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-05T14:15:10.423",
"lastModified": "2023-06-05T14:22:20.397",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/2f7fe6e6-c3d0-4e27-8222-572d7a420153",
"source": "contact@wpscan.com"
}
]
}

32
CVE-2023/CVE-2023-26xx/CVE-2023-2634.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-2634",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-05T14:15:10.483",
"lastModified": "2023-06-05T14:22:20.397",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Get your number WordPress plugin through 1.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/1df111aa-6057-47a2-8e8b-9ef5ec3bb472",
"source": "contact@wpscan.com"
}
]
}

61
CVE-2023/CVE-2023-29xx/CVE-2023-2973.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2973",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-30T11:15:09.457",
"lastModified": "2023-05-30T12:52:56.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-05T14:59:58.683",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:students_online_internship_timesheet_system_project:students_online_internship_timesheet_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52811AC6-44E2-4C1E-9C7A-4545CC7A71C5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ShallowDream888/VulnerabilityReport/blob/main/XSS.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.230204",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.230204",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

75
CVE-2023/CVE-2023-302xx/CVE-2023-30253.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30253",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-29T21:15:09.813",
"lastModified": "2023-05-30T12:52:56.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-05T14:26:28.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,82 @@
"value": "En la versiones anteriores a Dolibarr v17.0.1 se permite la ejecuci\u00f3n remota de c\u00f3digo por un usuario autenticado a trav\u00e9s de una manipulaci\u00f3n de may\u00fasculas, por ejemplo: \""
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.1",
"matchCriteriaId": "80E252F5-C5B9-4A86-9A43-2E1C474C6005"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Dolibarr/dolibarr",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.swascan.com/blog/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.swascan.com/security-advisory-dolibarr-17-0-0/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-311xx/CVE-2023-31128.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31128",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-26T22:15:14.797",
"lastModified": "2023-05-28T02:28:04.970",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-05T14:15:52.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,26 +76,61 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:cookbook:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.9.0",
"versionEndExcluding": "0.9.19",
"matchCriteriaId": "191FEC7E-1FA0-4040-A961-BF2BB5FB726E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/cookbook/blob/a14d6ffc4d45e1447556f68606129dfd6c1505cf/.github/workflows/pull-checks.yml#L67",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/nextcloud/cookbook/commit/489bb744",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/nextcloud/cookbook/commit/a46d98559e2c64292da9ffb06138cccc2e50ae1b",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/nextcloud/cookbook/security/advisories/GHSA-c5pc-mf2f-xq8h",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://securitylab.github.com/research/github-actions-untrusted-input/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-320xx/CVE-2023-32072.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32072",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-29T21:15:09.893",
"lastModified": "2023-05-30T12:52:56.613",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-05T15:42:16.773",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,22 +80,65 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "14.7-7",
"matchCriteriaId": "0C6D58F3-A54E-4B32-93A9-C8D93855586F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:community:*:*:*",
"versionEndExcluding": "14.8.99.60",
"matchCriteriaId": "24769828-A1C7-457C-B409-E0BCEE39CBDD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enalean:tuleap:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "14.8",
"versionEndExcluding": "14.8-3",
"matchCriteriaId": "171202C5-61A2-42C5-9A9E-505E2C29FB6D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Enalean/tuleap/commit/6840529def97f564844e810e5a7c5bf837cf58d5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-6prc-j58r-fmjq",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=6840529def97f564844e810e5a7c5bf837cf58d5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://tuleap.net/plugins/tracker/?aid=31929",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-326xx/CVE-2023-32676.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32676",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-26T23:15:18.647",
"lastModified": "2023-05-28T02:28:04.970",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-05T15:30:07.343",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +76,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autolabproject:autolab:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.11.0",
"matchCriteriaId": "F025235E-3D41-4053-8167-1D8D94A645FF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/autolab/Autolab/commit/14f508484a8323eceb0cf3a128573b43eabbc80d",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/autolab/Autolab/security/advisories/GHSA-x9hj-r9q4-832c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-326xx/CVE-2023-32695.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32695",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-27T16:15:09.433",
"lastModified": "2023-05-28T02:28:04.970",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-05T15:54:48.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,22 +76,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:socket:socket.io-parser:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "3.4.0",
"versionEndExcluding": "3.4.3",
"matchCriteriaId": "1DC31C5F-524B-478D-A85F-0D4F4DCCFF28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:socket:socket.io-parser:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "4.0.4",
"versionEndExcluding": "4.2.3",
"matchCriteriaId": "994E08C3-8408-4FA3-AA7A-A2C13CD20AC9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/socketio/socket.io-parser/releases/tag/4.2.3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

40
CVE-2023/CVE-2023-327xx/CVE-2023-32766.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-32766",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-05T15:15:09.143",
"lastModified": "2023-06-05T15:15:09.143",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three (vscode: vscode-insiders: jetbrains-gateway:)."
}
],
"metrics": {},
"references": [
{
"url": "https://app.safebase.io/portal/71ccd717-aa2d-4a1e-942e-c768d37e9e0c/preview?product=default&tcuUid=1d505bda-9a38-4ca5-8724-052e6337f34d",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/gitpod-io/gitpod/commit/6771283c3406586e352337675b79ff2ca50f191b",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/gitpod-io/gitpod/compare/release-2022.11.2...2022.11.3",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/gitpod-io/gitpod/pull/17559",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/gitpod-io/gitpod/releases/tag/2022.11.3",
"source": "cve@mitre.org"
},
{
"url": "https://www.gitpod.io",
"source": "cve@mitre.org"
}
]
}

62
CVE-2023/CVE-2023-331xx/CVE-2023-33199.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33199",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-26T23:15:18.960",
"lastModified": "2023-05-28T02:28:04.970",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-06-05T14:21:25.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-617"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +76,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:rekor:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.0",
"matchCriteriaId": "1C1976D1-6EB8-47F7-B8B9-DBBA7223E2C4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sigstore/rekor/commit/140c5add105179e5ffd9e3e114fd1b6b93aebbd4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/sigstore/rekor/security/advisories/GHSA-frqx-jfcm-6jjr",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-333xx/CVE-2023-33386.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-33386",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-05T15:15:09.197",
"lastModified": "2023-06-05T15:15:09.197",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interface for uploading attachments in the background."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/b1ackc4t/MarsCTF/blob/V1.2.1/src/main/java/com/b1ackc4t/marsctfserver/service/impl/CTFFileServiceImpl.java#L46",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/b1ackc4t/MarsCTF/issues/10",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-335xx/CVE-2023-33518.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-33518",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-05T15:15:09.247",
"lastModified": "2023-06-05T15:15:09.247",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/emoncms/emoncms/issues/1856",
"source": "cve@mitre.org"
}
]
}

12
CVE-2023/CVE-2023-342xx/CVE-2023-34256.json
View File

@ -2,16 +2,24 @@
"id": "CVE-2023-34256",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T20:15:10.817",
"lastModified": "2023-06-01T01:17:03.663",
"lastModified": "2023-06-05T14:15:10.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset."
"value": "** DISPUTED ** An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated \"When modifying the block device while it is mounted by the filesystem\" access."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en el kernel de Linux en las versiones anteriores a 6.3.3. Hay una lectura fuera de l\u00edmites en crc16 en \"lib/crc16.c\" cuando se llama dese \"fs/ext4/super.c\" porque \"ext4_group_desc_csum\" no comprueba correctamente un desplazamiento. "
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1211895",
"source": "cve@mitre.org"
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.3",
"source": "cve@mitre.org"

77
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-06-05T14:00:28.217196+00:00
2023-06-05T16:00:53.707098+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-06-05T13:50:24.813000+00:00
2023-06-05T15:54:48.487000+00:00
```
### Last Data Feed Release
@ -29,45 +29,60 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
216845
216861
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `16`
* [CVE-2023-27989](CVE-2023/CVE-2023-279xx/CVE-2023-27989.json) (`2023-06-05T12:15:09.360`)
* [CVE-2022-4946](CVE-2022/CVE-2022-49xx/CVE-2022-4946.json) (`2023-06-05T14:15:09.577`)
* [CVE-2023-0152](CVE-2023/CVE-2023-01xx/CVE-2023-0152.json) (`2023-06-05T14:15:09.660`)
* [CVE-2023-0545](CVE-2023/CVE-2023-05xx/CVE-2023-0545.json) (`2023-06-05T14:15:09.727`)
* [CVE-2023-0900](CVE-2023/CVE-2023-09xx/CVE-2023-0900.json) (`2023-06-05T14:15:09.793`)
* [CVE-2023-2224](CVE-2023/CVE-2023-22xx/CVE-2023-2224.json) (`2023-06-05T14:15:09.977`)
* [CVE-2023-2337](CVE-2023/CVE-2023-23xx/CVE-2023-2337.json) (`2023-06-05T14:15:10.040`)
* [CVE-2023-2472](CVE-2023/CVE-2023-24xx/CVE-2023-2472.json) (`2023-06-05T14:15:10.110`)
* [CVE-2023-2488](CVE-2023/CVE-2023-24xx/CVE-2023-2488.json) (`2023-06-05T14:15:10.173`)
* [CVE-2023-2489](CVE-2023/CVE-2023-24xx/CVE-2023-2489.json) (`2023-06-05T14:15:10.243`)
* [CVE-2023-2503](CVE-2023/CVE-2023-25xx/CVE-2023-2503.json) (`2023-06-05T14:15:10.300`)
* [CVE-2023-2571](CVE-2023/CVE-2023-25xx/CVE-2023-2571.json) (`2023-06-05T14:15:10.363`)
* [CVE-2023-2572](CVE-2023/CVE-2023-25xx/CVE-2023-2572.json) (`2023-06-05T14:15:10.423`)
* [CVE-2023-2634](CVE-2023/CVE-2023-26xx/CVE-2023-2634.json) (`2023-06-05T14:15:10.483`)
* [CVE-2023-32766](CVE-2023/CVE-2023-327xx/CVE-2023-32766.json) (`2023-06-05T15:15:09.143`)
* [CVE-2023-33386](CVE-2023/CVE-2023-333xx/CVE-2023-33386.json) (`2023-06-05T15:15:09.197`)
* [CVE-2023-33518](CVE-2023/CVE-2023-335xx/CVE-2023-33518.json) (`2023-06-05T15:15:09.247`)
### CVEs modified in the last Commit
Recently modified CVEs: `57`
Recently modified CVEs: `27`
* [CVE-2023-32582](CVE-2023/CVE-2023-325xx/CVE-2023-32582.json) (`2023-06-05T13:03:03.327`)
* [CVE-2023-3086](CVE-2023/CVE-2023-30xx/CVE-2023-3086.json) (`2023-06-05T13:03:03.327`)
* [CVE-2023-3091](CVE-2023/CVE-2023-30xx/CVE-2023-3091.json) (`2023-06-05T13:03:03.327`)
* [CVE-2023-3094](CVE-2023/CVE-2023-30xx/CVE-2023-3094.json) (`2023-06-05T13:03:03.327`)
* [CVE-2023-3095](CVE-2023/CVE-2023-30xx/CVE-2023-3095.json) (`2023-06-05T13:03:03.327`)
* [CVE-2023-22862](CVE-2023/CVE-2023-228xx/CVE-2023-22862.json) (`2023-06-05T13:03:03.327`)
* [CVE-2023-27285](CVE-2023/CVE-2023-272xx/CVE-2023-27285.json) (`2023-06-05T13:03:03.327`)
* [CVE-2023-1297](CVE-2023/CVE-2023-12xx/CVE-2023-1297.json) (`2023-06-05T13:03:17.903`)
* [CVE-2023-2816](CVE-2023/CVE-2023-28xx/CVE-2023-2816.json) (`2023-06-05T13:03:17.903`)
* [CVE-2023-3044](CVE-2023/CVE-2023-30xx/CVE-2023-3044.json) (`2023-06-05T13:03:17.903`)
* [CVE-2023-2781](CVE-2023/CVE-2023-27xx/CVE-2023-2781.json) (`2023-06-05T13:03:17.903`)
* [CVE-2023-3051](CVE-2023/CVE-2023-30xx/CVE-2023-3051.json) (`2023-06-05T13:03:17.903`)
* [CVE-2023-3052](CVE-2023/CVE-2023-30xx/CVE-2023-3052.json) (`2023-06-05T13:03:17.903`)
* [CVE-2023-3053](CVE-2023/CVE-2023-30xx/CVE-2023-3053.json) (`2023-06-05T13:03:17.903`)
* [CVE-2023-3055](CVE-2023/CVE-2023-30xx/CVE-2023-3055.json) (`2023-06-05T13:03:17.903`)
* [CVE-2023-33143](CVE-2023/CVE-2023-331xx/CVE-2023-33143.json) (`2023-06-05T13:03:17.903`)
* [CVE-2023-0583](CVE-2023/CVE-2023-05xx/CVE-2023-0583.json) (`2023-06-05T13:03:17.903`)
* [CVE-2023-0584](CVE-2023/CVE-2023-05xx/CVE-2023-0584.json) (`2023-06-05T13:03:17.903`)
* [CVE-2023-2298](CVE-2023/CVE-2023-22xx/CVE-2023-2298.json) (`2023-06-05T13:03:17.903`)
* [CVE-2023-2299](CVE-2023/CVE-2023-22xx/CVE-2023-2299.json) (`2023-06-05T13:03:17.903`)
* [CVE-2023-2300](CVE-2023/CVE-2023-23xx/CVE-2023-2300.json) (`2023-06-05T13:03:17.903`)
* [CVE-2023-2301](CVE-2023/CVE-2023-23xx/CVE-2023-2301.json) (`2023-06-05T13:03:17.903`)
* [CVE-2023-2302](CVE-2023/CVE-2023-23xx/CVE-2023-2302.json) (`2023-06-05T13:03:17.903`)
* [CVE-2023-2303](CVE-2023/CVE-2023-23xx/CVE-2023-2303.json) (`2023-06-05T13:03:17.903`)
* [CVE-2023-33187](CVE-2023/CVE-2023-331xx/CVE-2023-33187.json) (`2023-06-05T13:50:24.813`)
* [CVE-2023-23694](CVE-2023/CVE-2023-236xx/CVE-2023-23694.json) (`2023-06-05T14:15:09.860`)
* [CVE-2023-34256](CVE-2023/CVE-2023-342xx/CVE-2023-34256.json) (`2023-06-05T14:15:10.550`)
* [CVE-2023-31128](CVE-2023/CVE-2023-311xx/CVE-2023-31128.json) (`2023-06-05T14:15:52.127`)
* [CVE-2023-33199](CVE-2023/CVE-2023-331xx/CVE-2023-33199.json) (`2023-06-05T14:21:25.877`)
* [CVE-2023-30253](CVE-2023/CVE-2023-302xx/CVE-2023-30253.json) (`2023-06-05T14:26:28.600`)
* [CVE-2023-0443](CVE-2023/CVE-2023-04xx/CVE-2023-0443.json) (`2023-06-05T14:29:56.740`)
* [CVE-2023-0733](CVE-2023/CVE-2023-07xx/CVE-2023-0733.json) (`2023-06-05T14:44:50.077`)
* [CVE-2023-0766](CVE-2023/CVE-2023-07xx/CVE-2023-0766.json) (`2023-06-05T14:45:46.990`)
* [CVE-2023-1524](CVE-2023/CVE-2023-15xx/CVE-2023-1524.json) (`2023-06-05T14:48:29.007`)
* [CVE-2023-2023](CVE-2023/CVE-2023-20xx/CVE-2023-2023.json) (`2023-06-05T14:50:11.437`)
* [CVE-2023-2111](CVE-2023/CVE-2023-21xx/CVE-2023-2111.json) (`2023-06-05T14:50:50.937`)
* [CVE-2023-1938](CVE-2023/CVE-2023-19xx/CVE-2023-1938.json) (`2023-06-05T14:51:30.440`)
* [CVE-2023-2113](CVE-2023/CVE-2023-21xx/CVE-2023-2113.json) (`2023-06-05T14:52:13.103`)
* [CVE-2023-2117](CVE-2023/CVE-2023-21xx/CVE-2023-2117.json) (`2023-06-05T14:52:52.937`)
* [CVE-2023-2223](CVE-2023/CVE-2023-22xx/CVE-2023-2223.json) (`2023-06-05T14:53:35.137`)
* [CVE-2023-2256](CVE-2023/CVE-2023-22xx/CVE-2023-2256.json) (`2023-06-05T14:53:59.733`)
* [CVE-2023-2287](CVE-2023/CVE-2023-22xx/CVE-2023-2287.json) (`2023-06-05T14:55:48.680`)
* [CVE-2023-2288](CVE-2023/CVE-2023-22xx/CVE-2023-2288.json) (`2023-06-05T14:57:07.243`)
* [CVE-2023-2296](CVE-2023/CVE-2023-22xx/CVE-2023-2296.json) (`2023-06-05T14:57:38.170`)
* [CVE-2023-2470](CVE-2023/CVE-2023-24xx/CVE-2023-2470.json) (`2023-06-05T14:58:04.267`)
* [CVE-2023-2518](CVE-2023/CVE-2023-25xx/CVE-2023-2518.json) (`2023-06-05T14:59:11.307`)
* [CVE-2023-2973](CVE-2023/CVE-2023-29xx/CVE-2023-2973.json) (`2023-06-05T14:59:58.683`)
* [CVE-2023-32676](CVE-2023/CVE-2023-326xx/CVE-2023-32676.json) (`2023-06-05T15:30:07.343`)
* [CVE-2023-32072](CVE-2023/CVE-2023-320xx/CVE-2023-32072.json) (`2023-06-05T15:42:16.773`)
* [CVE-2023-32695](CVE-2023/CVE-2023-326xx/CVE-2023-32695.json) (`2023-06-05T15:54:48.487`)
## Download and Usage