admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-233xx/CVE-2024-23348.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

130 lines
4.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-23348",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-01-23T10:15:10.637",
"lastModified": "2024-11-21T08:57:33.707",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary JavaScript code by uploading a specially crafted SVG file."
},
{
"lang": "es",
"value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en las versiones de la serie a-blog cms Ver.3.1.x anteriores a la Ver.3.1.7, versiones de la serie Ver.3.0.x anteriores a la Ver.3.0.29, versiones de la serie Ver.2.11.x anteriores a la Ver. 2.11.58, versiones de la serie Ver.2.10.x anteriores a la Ver.2.10.50 y Ver.2.9.0 y anteriores permiten a un atacante remoto autenticado ejecutar c\u00f3digo JavaScript arbitrario cargando un archivo SVG especialmente manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.9.0",
"matchCriteriaId": "2879B3D6-4E10-494B-B221-61CF4FA3B2D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.10.0",
"versionEndExcluding": "2.10.50",
"matchCriteriaId": "957FC43C-7DBF-445F-952D-2C3AFC3DAF53"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.11.0",
"versionEndExcluding": "2.11.58",
"matchCriteriaId": "5B9C6A38-B9F3-4B83-872E-4A7FCF10A2CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.0.29",
"matchCriteriaId": "43352BBA-DDE8-4542-A8E1-10762B634972"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.1.0",
"versionEndExcluding": "3.1.7",
"matchCriteriaId": "E42BDC5D-3F5F-45E4-9135-0AA3E4DA94CE"
}
]
}
]
}
],
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html",
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jvn.jp/en/jp/JVN34565930/",
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jvn.jp/en/jp/JVN34565930/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink