daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

patch-14
ghost 2024-11-07 13:29:52 +00:00
parent da0c52fa32
commit 0ab3c0d62e
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@ -1565,6 +1565,7 @@
{"ID":"CVE-2022-0434","Info":{"Name":"WordPress Page Views Count \u003c2.4.15 - SQL Injection","Severity":"critical","Description":"WordPress Page Views Count plugin prior to 2.4.15 contains an unauthenticated SQL injection vulnerability. It does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0434.yaml"}
{"ID":"CVE-2022-0437","Info":{"Name":"karma-runner DOM-based Cross-Site Scripting","Severity":"medium","Description":"NPM karma prior to 6.3.14. contains a DOM-based cross-site Scripting vulnerability.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0437.yaml"}
{"ID":"CVE-2022-0441","Info":{"Name":"MasterStudy LMS \u003c2.7.6 - Improper Access Control","Severity":"critical","Description":"WordPress MasterStudy LMS plugin before 2.7.6 is susceptible to improper access control. The plugin does not validate some parameters given when registering a new account, which can allow an attacker to register as an admin, thus potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0441.yaml"}
{"ID":"CVE-2022-0479","Info":{"Name":"Popup Builder Plugin - SQL Injection and Cross-Site Scripting","Severity":"critical","Description":"The Popup Builder WordPress plugin before 4.1.1 is vulnerable to SQL Injection and Reflected XSS via the sgpb-subscription-popup-id parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0479.yaml"}
{"ID":"CVE-2022-0482","Info":{"Name":"Easy!Appointments \u003c1.4.3 - Broken Access Control","Severity":"critical","Description":"Easy!Appointments prior to 1.4.3 allows exposure of Private Personal Information to an unauthorized actor via the GitHub repository alextselegidis/easyappointments.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2022/CVE-2022-0482.yaml"}
{"ID":"CVE-2022-0533","Info":{"Name":"Ditty (formerly Ditty News Ticker) \u003c 3.0.15 - Cross-Site Scripting","Severity":"medium","Description":"The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0533.yaml"}
{"ID":"CVE-2022-0535","Info":{"Name":"WordPress E2Pdf \u003c1.16.45 - Cross-Site Scripting","Severity":"medium","Description":"WordPress E2Pdf plugin before 1.16.45 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, even when the unfiltered_html capability is disallowed. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, making it possible to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2022/CVE-2022-0535.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
4f2d2721b89d12269346c0e4071d779c
d938e39dd5c812ca0b5f42ef12374904