admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-331xx/CVE-2023-33194.json
cad-safe-bot 3ed22a117d Auto-Update: 2023-06-02T20:00:27.980097+00:00
2023-06-02 20:00:31 +00:00

148 lines
4.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-33194",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-26T21:15:20.890",
"lastModified": "2023-06-02T18:43:36.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn\u2019t fix it when clicking save. This issue was patched in version 4.4.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-80"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.8.6",
"matchCriteriaId": "7AFF5C13-E1E0-461B-BD72-CF35DAC6325C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.1",
"versionEndExcluding": "4.4.6",
"matchCriteriaId": "79995027-0F4D-4586-9F49-D6A56D701E45"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:craftercms:craftercms:4.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "533BCAA2-8264-4394-8C2C-0F50E24060D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:craftercms:craftercms:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "06BBD5BE-B2CD-466A-82E5-A20D4F48F09C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:craftercms:craftercms:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4DE692C6-F31D-4EF6-879E-18E9F1701163"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:craftercms:craftercms:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0E057291-3824-48A3-9FB8-EC7060A124E8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/craftcms/cms/commit/9d0cd0bda7c8a830a3373f8c0f06943e519ac888",
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/craftcms/cms/releases/tag/4.4.6",
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/craftcms/cms/security/advisories/GHSA-3wxg-w96j-8hq9",
"source": "security-advisories@github.com",
"tags": [
"Exploit"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink