admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-30T14:00:25.016726+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-30 14:00:28 +00:00
parent 0bb5f5266a
commit f7aad534e9
40 changed files with 1507 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2023/CVE-2023-250xx/CVE-2023-25019.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25019",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-30T12:15:08.213",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premio Chaty plugin <=\u00a03.0.9 versions"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/chaty/wordpress-chaty-plugin-3-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-254xx/CVE-2023-25462.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25462",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-30T13:15:10.557",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP htaccess Control plugin <=\u00a03.5.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-htaccess-control/wordpress-wp-htaccess-control-plugin-3-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-274xx/CVE-2023-27426.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-27426",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-30T13:15:11.453",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Notifyvisitors NotifyVisitors plugin <=\u00a01.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/notifyvisitors-lead-form/wordpress-notify-visitors-lead-form-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-31xx/CVE-2023-3136.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3136",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-30T09:15:08.207",
"lastModified": "2023-08-30T09:15:08.207",
"vulnStatus": "Received",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-325xx/CVE-2023-32597.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32597",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-30T12:15:08.507",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Video Gallery plugin <=\u00a01.0.10 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/video-slider-with-thumbnails/wordpress-video-gallery-plugin-1-0-10-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

4
CVE-2023/CVE-2023-327xx/CVE-2023-32740.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32740",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-30T11:15:40.287",
"lastModified": "2023-08-30T11:15:40.287",
"vulnStatus": "Received",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-327xx/CVE-2023-32742.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32742",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-30T12:15:08.680",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in VeronaLabs WP SMS plugin <=\u00a06.1.4 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-sms/wordpress-wp-sms-plugin-6-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-327xx/CVE-2023-32746.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32746",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-30T12:15:08.867",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Brands plugin <=\u00a01.6.45 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-brands/wordpress-woocommerce-brands-plugin-1-6-45-contributor-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-327xx/CVE-2023-32793.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32793",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-30T12:15:09.040",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <=\u00a02.0.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-pre-orders/wordpress-woocommerce-pre-orders-plugin-2-0-0-contributor-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-328xx/CVE-2023-32801.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32801",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-30T12:15:09.233",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Composite Products plugin <=\u00a08.7.5 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-composite-products/wordpress-woocommerce-composite-products-plugin-8-7-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-328xx/CVE-2023-32802.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32802",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-30T12:15:09.383",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <=\u00a01.9.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-pre-orders/wordpress-woocommerce-pre-orders-plugin-1-9-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-329xx/CVE-2023-32962.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32962",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-30T12:15:09.557",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in HasTheme WishSuite \u2013 Wishlist for WooCommerce plugin <=\u00a01.3.4 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wishsuite/wordpress-wishsuite-wishlist-for-woocommerce-plugin-1-3-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-332xx/CVE-2023-33208.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-33208",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-30T13:15:11.657",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gsmith Cookie Monster plugin <=\u00a01.51 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cookiemonster/wordpress-cookie-monster-plugin-1-51-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-332xx/CVE-2023-33210.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-33210",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-30T13:15:11.957",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nuajik plugin <=\u00a00.1.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/nuajik-cdn/wordpress-nuajik-cdn-plugin-0-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-333xx/CVE-2023-33317.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-33317",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-30T13:15:12.100",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Returns and Warranty Requests plugin <=\u00a02.1.6 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-warranty/wordpress-woocommerce-warranty-requests-plugin-2-1-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-333xx/CVE-2023-33320.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-33320",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-30T13:15:12.247",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mohammad I. Okfie WP-Hijri plugin <=\u00a01.5.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-hijri/wordpress-wp-hijri-plugin-1-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-333xx/CVE-2023-33325.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-33325",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-30T13:15:12.373",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <=\u00a03.30.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/leyka/wordpress-leyka-plugin-3-29-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-339xx/CVE-2023-33929.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-33929",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-30T13:15:12.677",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joaqu\u00edn Ruiz Easy Admin Menu plugin <=\u00a01.3 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/easy-admin-menu/wordpress-easy-admin-menu-plugin-1-3-cross-site-scripting-xss?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

73
CVE-2023/CVE-2023-407xx/CVE-2023-40710.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40710",
"sourceIdentifier": "ot-cert@dragos.com",
"published": "2023-08-24T17:15:09.253",
"lastModified": "2023-08-24T19:55:57.347",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-30T13:37:34.677",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "ot-cert@dragos.com",
"type": "Secondary",
@ -35,6 +55,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
},
{
"source": "ot-cert@dragos.com",
"type": "Secondary",
@ -46,10 +76,43 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02",
"source": "ot-cert@dragos.com"
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:opto22:snap_pac_s1_firmware:r10.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "98B7A05C-5A8D-4AA5-ADCF-9F23CCBB8DEB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:opto22:snap_pac_s1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2315B03D-3FA8-4C03-B1C0-867CB370D869"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02",
"source": "ot-cert@dragos.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

80
CVE-2023/CVE-2023-409xx/CVE-2023-40902.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-40902",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-24T18:15:08.280",
"lastModified": "2023-08-24T19:55:57.347",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-30T13:49:58.793",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/ac10/SetIpMacBind/1.md",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac10v4_firmware:16.03.10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C271BB10-1525-45C4-B7D2-C7D303ABE7BB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac10v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B17FBE-ABA4-4AD0-A9E4-58987116A9B8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/ac10/SetIpMacBind/1.md",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-409xx/CVE-2023-40904.json
View File

@ -2,19 +2,87 @@
"id": "CVE-2023-40904",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-24T18:15:08.337",
"lastModified": "2023-08-24T19:55:57.347",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-30T13:50:43.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/ac10/formSetMacFilterCfg/1.md",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac10v4_firmware:16.03.10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C271BB10-1525-45C4-B7D2-C7D303ABE7BB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac10v4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B17FBE-ABA4-4AD0-A9E4-58987116A9B8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/ac10/formSetMacFilterCfg/1.md",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-415xx/CVE-2023-41552.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-41552",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T13:15:13.087",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC7 V1.0 V15.03.06.44 and Tenda AC9 V3.0 V15.03.06.42_multi were discovered to contain a stack overflow via parameter ssid at url /goform/fast_setting_wifi_set."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/form_fast_setting_wifi_set/1.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-415xx/CVE-2023-41553.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-41553",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T13:15:13.280",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetStaticRouteCfg."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/fromSetRouteStatic/1.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-415xx/CVE-2023-41554.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-41554",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T13:15:13.417",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter wpapsk_crypto at url /goform/WifiExtraSet."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/fromSetWirelessRepeat/1.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-415xx/CVE-2023-41555.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-41555",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T13:15:13.560",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter security_5g at url /goform/WifiBasicSet."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/formWifiBasicSet/1.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-415xx/CVE-2023-41556.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-41556",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T13:15:13.697",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetIpMacBind."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/fromSetIpMacBind/1.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-415xx/CVE-2023-41557.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-41557",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T13:15:14.100",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC7 V1.0 V15.03.06.44 and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter entrys and mitInterface at url /goform/addressNat."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/fromAddressNat/1.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-415xx/CVE-2023-41558.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-41558",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T13:15:14.190",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter timeZone at url /goform/SetSysTimeCfg."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/fromSetSysTime/1.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-415xx/CVE-2023-41559.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-41559",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T13:15:14.280",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter page at url /goform/NatStaticSetting."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/fromNatStaticSetting/1.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-415xx/CVE-2023-41560.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-41560",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T13:15:14.390",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter firewallEn at url /goform/SetFirewallCfg."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/formSetFirewallCfg/1.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-415xx/CVE-2023-41561.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-41561",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T13:15:14.483",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter startIp and endIp at url /goform/SetPptpServerCfg."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/formSetPPTPServer/1.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-415xx/CVE-2023-41562.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-41562",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T13:15:14.573",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter time at url /goform/PowerSaveSet."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/setSmartPowerManagement/1.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-415xx/CVE-2023-41563.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-41563",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T13:15:15.043",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter mac at url /goform/GetParentControlInfo."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/GetParentControlInfo/1.md",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-45xx/CVE-2023-4522.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4522",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-08-30T08:15:52.673",
"lastModified": "2023-08-30T08:15:52.673",
"vulnStatus": "Received",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-45xx/CVE-2023-4596.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4596",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-30T02:15:09.353",
"lastModified": "2023-08-30T02:15:09.353",
"vulnStatus": "Received",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible."
},
{
"lang": "es",
"value": "El plugin Forminator para WordPress es vulnerable a la subida de archivos arbitrarios debido a la validaci\u00f3n del tipo de archivo que se produce despu\u00e9s de que un archivo haya sido subido al servidor en la funci\u00f3n \"upload_post_image()\" en versiones hasta, e incluyendo, la 1.24.6. Esto hace posible que atacantes no autenticados carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede posibilitar la ejecuci\u00f3n remota de c\u00f3digo. "
}
],
"metrics": {

4
CVE-2023/CVE-2023-45xx/CVE-2023-4597.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4597",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-30T02:15:09.660",
"lastModified": "2023-08-30T02:15:09.660",
"vulnStatus": "Received",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-45xx/CVE-2023-4599.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4599",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-30T02:15:09.870",
"lastModified": "2023-08-30T02:15:09.870",
"vulnStatus": "Received",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb_mailto' shortcode in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El plugin Slimstat Analytics para WordPress es vulnerable a Cross-Site Scripting (XSS) almacenado a trav\u00e9s del shortcode \"eeb_mailto\" en versiones hasta, e incluyendo, la 2.1.7 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida en los atributos suministrados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada. "
}
],
"metrics": {

59
CVE-2023/CVE-2023-46xx/CVE-2023-4600.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4600",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-30T12:15:09.817",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwp_activate_addons_page_plugin' function called via an AJAX action in versions up to, and including, 2.14.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate arbitrary plugins."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://affiliatewp.com/changelog/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eab422b8-8cf5-441e-a21f-6a0e1b7642b2?source=cve",
"source": "security@wordfence.com"
}
]
}

59
CVE-2023/CVE-2023-46xx/CVE-2023-4624.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4624",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-08-30T13:15:15.287",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/bookstackapp/bookstack/commit/c324ad928dbdd54ce5b09eb0dabe60ef9de1ea38",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/9ce5cef6-e546-44e7-addf-a2726fa4e60c",
"source": "security@huntr.dev"
}
]
}

45
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-30T12:00:25.442986+00:00
2023-08-30T14:00:25.016726+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-30T11:15:40.287000+00:00
2023-08-30T13:50:43.357000+00:00
```
### Last Data Feed Release
@ -29,20 +29,53 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
223652
223682
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `30`
* [CVE-2023-32740](CVE-2023/CVE-2023-327xx/CVE-2023-32740.json) (`2023-08-30T11:15:40.287`)
* [CVE-2023-32801](CVE-2023/CVE-2023-328xx/CVE-2023-32801.json) (`2023-08-30T12:15:09.233`)
* [CVE-2023-32802](CVE-2023/CVE-2023-328xx/CVE-2023-32802.json) (`2023-08-30T12:15:09.383`)
* [CVE-2023-32962](CVE-2023/CVE-2023-329xx/CVE-2023-32962.json) (`2023-08-30T12:15:09.557`)
* [CVE-2023-4600](CVE-2023/CVE-2023-46xx/CVE-2023-4600.json) (`2023-08-30T12:15:09.817`)
* [CVE-2023-25462](CVE-2023/CVE-2023-254xx/CVE-2023-25462.json) (`2023-08-30T13:15:10.557`)
* [CVE-2023-27426](CVE-2023/CVE-2023-274xx/CVE-2023-27426.json) (`2023-08-30T13:15:11.453`)
* [CVE-2023-33208](CVE-2023/CVE-2023-332xx/CVE-2023-33208.json) (`2023-08-30T13:15:11.657`)
* [CVE-2023-33210](CVE-2023/CVE-2023-332xx/CVE-2023-33210.json) (`2023-08-30T13:15:11.957`)
* [CVE-2023-33317](CVE-2023/CVE-2023-333xx/CVE-2023-33317.json) (`2023-08-30T13:15:12.100`)
* [CVE-2023-33320](CVE-2023/CVE-2023-333xx/CVE-2023-33320.json) (`2023-08-30T13:15:12.247`)
* [CVE-2023-33325](CVE-2023/CVE-2023-333xx/CVE-2023-33325.json) (`2023-08-30T13:15:12.373`)
* [CVE-2023-33929](CVE-2023/CVE-2023-339xx/CVE-2023-33929.json) (`2023-08-30T13:15:12.677`)
* [CVE-2023-41552](CVE-2023/CVE-2023-415xx/CVE-2023-41552.json) (`2023-08-30T13:15:13.087`)
* [CVE-2023-41553](CVE-2023/CVE-2023-415xx/CVE-2023-41553.json) (`2023-08-30T13:15:13.280`)
* [CVE-2023-41554](CVE-2023/CVE-2023-415xx/CVE-2023-41554.json) (`2023-08-30T13:15:13.417`)
* [CVE-2023-41555](CVE-2023/CVE-2023-415xx/CVE-2023-41555.json) (`2023-08-30T13:15:13.560`)
* [CVE-2023-41556](CVE-2023/CVE-2023-415xx/CVE-2023-41556.json) (`2023-08-30T13:15:13.697`)
* [CVE-2023-41557](CVE-2023/CVE-2023-415xx/CVE-2023-41557.json) (`2023-08-30T13:15:14.100`)
* [CVE-2023-41558](CVE-2023/CVE-2023-415xx/CVE-2023-41558.json) (`2023-08-30T13:15:14.190`)
* [CVE-2023-41559](CVE-2023/CVE-2023-415xx/CVE-2023-41559.json) (`2023-08-30T13:15:14.280`)
* [CVE-2023-41560](CVE-2023/CVE-2023-415xx/CVE-2023-41560.json) (`2023-08-30T13:15:14.390`)
* [CVE-2023-41561](CVE-2023/CVE-2023-415xx/CVE-2023-41561.json) (`2023-08-30T13:15:14.483`)
* [CVE-2023-41562](CVE-2023/CVE-2023-415xx/CVE-2023-41562.json) (`2023-08-30T13:15:14.573`)
* [CVE-2023-41563](CVE-2023/CVE-2023-415xx/CVE-2023-41563.json) (`2023-08-30T13:15:15.043`)
* [CVE-2023-4624](CVE-2023/CVE-2023-46xx/CVE-2023-4624.json) (`2023-08-30T13:15:15.287`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `9`
* [CVE-2023-4596](CVE-2023/CVE-2023-45xx/CVE-2023-4596.json) (`2023-08-30T13:23:15.070`)
* [CVE-2023-4597](CVE-2023/CVE-2023-45xx/CVE-2023-4597.json) (`2023-08-30T13:23:15.070`)
* [CVE-2023-4599](CVE-2023/CVE-2023-45xx/CVE-2023-4599.json) (`2023-08-30T13:23:15.070`)
* [CVE-2023-4522](CVE-2023/CVE-2023-45xx/CVE-2023-4522.json) (`2023-08-30T13:23:15.070`)
* [CVE-2023-3136](CVE-2023/CVE-2023-31xx/CVE-2023-3136.json) (`2023-08-30T13:23:15.070`)
* [CVE-2023-32740](CVE-2023/CVE-2023-327xx/CVE-2023-32740.json) (`2023-08-30T13:23:15.070`)
* [CVE-2023-40710](CVE-2023/CVE-2023-407xx/CVE-2023-40710.json) (`2023-08-30T13:37:34.677`)
* [CVE-2023-40902](CVE-2023/CVE-2023-409xx/CVE-2023-40902.json) (`2023-08-30T13:49:58.793`)
* [CVE-2023-40904](CVE-2023/CVE-2023-409xx/CVE-2023-40904.json) (`2023-08-30T13:50:43.357`)
## Download and Usage