diff --git a/CVE-2022/CVE-2022-468xx/CVE-2022-46841.json b/CVE-2022/CVE-2022-468xx/CVE-2022-46841.json new file mode 100644 index 00000000000..8b1b1065f1f --- /dev/null +++ b/CVE-2022/CVE-2022-468xx/CVE-2022-46841.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-46841", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-03T11:15:25.093", + "lastModified": "2023-10-03T11:15:25.093", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Builder plugin <=\u00a04.4 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/oxygen/wordpress-oxygen-builder-plugin-4-6-2-cross-site-request-forgery-csrf?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-08xx/CVE-2023-0828.json b/CVE-2023/CVE-2023-08xx/CVE-2023-0828.json new file mode 100644 index 00000000000..903eff232e2 --- /dev/null +++ b/CVE-2023/CVE-2023-08xx/CVE-2023-0828.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-0828", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2023-10-03T11:15:25.173", + "lastModified": "2023-10-03T11:15:25.173", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-245xx/CVE-2023-24518.json b/CVE-2023/CVE-2023-245xx/CVE-2023-24518.json new file mode 100644 index 00000000000..92fde985a8c --- /dev/null +++ b/CVE-2023/CVE-2023-245xx/CVE-2023-24518.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-24518", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2023-10-03T11:15:25.247", + "lastModified": "2023-10-03T11:15:25.247", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Cross-site Request Forgery (CSRF) vulnerability in Pandora FMS allows an attacker to force authenticated users to send a request to a web application they are currently authenticated against. This issue affects Pandora FMS version 767 and earlier versions on all platforms." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-254xx/CVE-2023-25463.json b/CVE-2023/CVE-2023-254xx/CVE-2023-25463.json new file mode 100644 index 00000000000..8e3bf5fe7d2 --- /dev/null +++ b/CVE-2023/CVE-2023-254xx/CVE-2023-25463.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25463", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-03T11:15:25.310", + "lastModified": "2023-10-03T11:15:25.310", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy WP tell a friend popup form plugin <=\u00a07.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-tell-a-friend-popup-form/wordpress-wp-tell-a-friend-popup-form-plugin-7-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-378xx/CVE-2023-37891.json b/CVE-2023/CVE-2023-378xx/CVE-2023-37891.json new file mode 100644 index 00000000000..4b7fdb99e26 --- /dev/null +++ b/CVE-2023/CVE-2023-378xx/CVE-2023-37891.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-37891", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-03T10:15:10.057", + "lastModified": "2023-10-03T10:15:10.057", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in OptiMonk OptiMonk: Popups, Personalization & A/B Testing plugin <=\u00a02.0.4 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en OptiMonk en el complemento OptiMonk: Popups, Personalization & A/B Testing en versiones <= 2.0.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/exit-intent-popups-by-optimonk/wordpress-exit-popups-onsite-retargeting-by-optimonk-plugin-2-0-4-cross-site-request-forgery-csrf?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37990.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37990.json new file mode 100644 index 00000000000..437081096a9 --- /dev/null +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37990.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-37990", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-03T11:15:25.387", + "lastModified": "2023-10-03T11:15:25.387", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Mike Perelink Pro plugin <=\u00a02.1.4 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/perelink/wordpress-perelink-pro-plugin-2-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37991.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37991.json new file mode 100644 index 00000000000..e373bb0fe58 --- /dev/null +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37991.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-37991", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-03T10:15:10.270", + "lastModified": "2023-10-03T10:15:10.270", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Monchito.Net WP Emoji One plugin <=\u00a00.6.0 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Monchito.Net WP Emoji One en versiones <= 0.6.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-emoji-one/wordpress-wp-emoji-one-plugin-0-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37992.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37992.json new file mode 100644 index 00000000000..01b191a9f89 --- /dev/null +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37992.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-37992", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-03T10:15:10.343", + "lastModified": "2023-10-03T10:15:10.343", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <=\u00a03.1.35 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Smarty de PressPage Entertainment Inc. para WordPress en versiones <= 3.1.35." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/smarty-for-wordpress/wordpress-smarty-for-wordpress-plugin-3-1-35-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37996.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37996.json new file mode 100644 index 00000000000..435d67cc399 --- /dev/null +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37996.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-37996", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-03T10:15:10.417", + "lastModified": "2023-10-03T10:15:10.417", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in GTmetrix GTmetrix for WordPress plugin <=\u00a00.4.7 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en GTmetrix GTmetrix para el complemento de WordPress en versiones <= 0.4.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/gtmetrix-for-wordpress/wordpress-gtmetrix-for-wordpress-plugin-0-4-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37998.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37998.json new file mode 100644 index 00000000000..849c569423a --- /dev/null +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37998.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-37998", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-03T10:15:10.483", + "lastModified": "2023-10-03T10:15:10.483", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Saas Disabler plugin <=\u00a03.0.3 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Saas Disabler en versiones <= 3.0.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/disabler/wordpress-disabler-plugin-3-0-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38381.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38381.json new file mode 100644 index 00000000000..24d727b76df --- /dev/null +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38381.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-38381", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-03T10:15:10.550", + "lastModified": "2023-10-03T10:15:10.550", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-FlyBox plugin <=\u00a06.46 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Cyle Conoly WP-FlyBox en versiones <= 6.46." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-flybox/wordpress-wp-flybox-plugin-6-46-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38390.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38390.json new file mode 100644 index 00000000000..b6e2fa08282 --- /dev/null +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38390.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-38390", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-03T11:15:25.457", + "lastModified": "2023-10-03T11:15:25.457", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Anshul Labs Mobile Address Bar Changer plugin <=\u00a03.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/mobile-address-bar-changer/wordpress-mobile-address-bar-changer-plugin-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38396.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38396.json new file mode 100644 index 00000000000..0aeb5bd2763 --- /dev/null +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38396.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-38396", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-03T11:15:25.527", + "lastModified": "2023-10-03T11:15:25.527", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez plugin <=\u00a03.1.2 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/google-map-shortcode/wordpress-google-map-shortcode-plugin-3-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38398.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38398.json new file mode 100644 index 00000000000..64c030f83db --- /dev/null +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38398.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-38398", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-03T11:15:25.593", + "lastModified": "2023-10-03T11:15:25.593", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Taboola plugin <=\u00a02.0.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/taboola/wordpress-taboola-plugin-2-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4097.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4097.json new file mode 100644 index 00000000000..2dfb03098b1 --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4097.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4097", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2023-10-03T11:15:25.663", + "lastModified": "2023-10-03T11:15:25.663", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The file upload functionality is not implemented correctly and allows uploading of any type of file. As a prerequisite, it is necessary for the attacker to log into the application with a valid username." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-idm-sistemas-qsige", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5009.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5009.json index 9665dfbd729..c04d67fcdfb 100644 --- a/CVE-2023/CVE-2023-50xx/CVE-2023-5009.json +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5009.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5009", "sourceIdentifier": "cve@gitlab.com", "published": "2023-09-19T08:16:07.203", - "lastModified": "2023-09-21T18:44:15.703", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-03T10:15:10.627", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -41,19 +41,19 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", "attackVector": "NETWORK", - "attackComplexity": "LOW", + "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", - "baseScore": 9.6, - "baseSeverity": "CRITICAL" + "baseScore": 8.2, + "baseSeverity": "HIGH" }, - "exploitabilityScore": 3.1, + "exploitabilityScore": 1.8, "impactScore": 5.8 } ] diff --git a/README.md b/README.md index 4fef852fe0d..b777e753d57 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-03T10:00:25.158484+00:00 +2023-10-03T12:00:24.644117+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-03T09:15:10.247000+00:00 +2023-10-03T11:15:25.663000+00:00 ``` ### Last Data Feed Release @@ -29,24 +29,35 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -226822 +226837 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `15` -* [CVE-2023-3655](CVE-2023/CVE-2023-36xx/CVE-2023-3655.json) (`2023-10-03T08:15:35.680`) -* [CVE-2023-3656](CVE-2023/CVE-2023-36xx/CVE-2023-3656.json) (`2023-10-03T08:15:35.930`) -* [CVE-2023-44217](CVE-2023/CVE-2023-442xx/CVE-2023-44217.json) (`2023-10-03T08:15:36.000`) -* [CVE-2023-44218](CVE-2023/CVE-2023-442xx/CVE-2023-44218.json) (`2023-10-03T08:15:36.067`) -* [CVE-2023-3654](CVE-2023/CVE-2023-36xx/CVE-2023-3654.json) (`2023-10-03T09:15:10.247`) +* [CVE-2022-46841](CVE-2022/CVE-2022-468xx/CVE-2022-46841.json) (`2023-10-03T11:15:25.093`) +* [CVE-2023-37891](CVE-2023/CVE-2023-378xx/CVE-2023-37891.json) (`2023-10-03T10:15:10.057`) +* [CVE-2023-37991](CVE-2023/CVE-2023-379xx/CVE-2023-37991.json) (`2023-10-03T10:15:10.270`) +* [CVE-2023-37992](CVE-2023/CVE-2023-379xx/CVE-2023-37992.json) (`2023-10-03T10:15:10.343`) +* [CVE-2023-37996](CVE-2023/CVE-2023-379xx/CVE-2023-37996.json) (`2023-10-03T10:15:10.417`) +* [CVE-2023-37998](CVE-2023/CVE-2023-379xx/CVE-2023-37998.json) (`2023-10-03T10:15:10.483`) +* [CVE-2023-38381](CVE-2023/CVE-2023-383xx/CVE-2023-38381.json) (`2023-10-03T10:15:10.550`) +* [CVE-2023-0828](CVE-2023/CVE-2023-08xx/CVE-2023-0828.json) (`2023-10-03T11:15:25.173`) +* [CVE-2023-24518](CVE-2023/CVE-2023-245xx/CVE-2023-24518.json) (`2023-10-03T11:15:25.247`) +* [CVE-2023-25463](CVE-2023/CVE-2023-254xx/CVE-2023-25463.json) (`2023-10-03T11:15:25.310`) +* [CVE-2023-37990](CVE-2023/CVE-2023-379xx/CVE-2023-37990.json) (`2023-10-03T11:15:25.387`) +* [CVE-2023-38390](CVE-2023/CVE-2023-383xx/CVE-2023-38390.json) (`2023-10-03T11:15:25.457`) +* [CVE-2023-38396](CVE-2023/CVE-2023-383xx/CVE-2023-38396.json) (`2023-10-03T11:15:25.527`) +* [CVE-2023-38398](CVE-2023/CVE-2023-383xx/CVE-2023-38398.json) (`2023-10-03T11:15:25.593`) +* [CVE-2023-4097](CVE-2023/CVE-2023-40xx/CVE-2023-4097.json) (`2023-10-03T11:15:25.663`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +* [CVE-2023-5009](CVE-2023/CVE-2023-50xx/CVE-2023-5009.json) (`2023-10-03T10:15:10.627`) ## Download and Usage