Auto Generated cves.json [Thu Apr 13 13:43:42 UTC 2023] 🤖

2023-04-13 13:43:42 +00:00 · 2023-04-13 13:43:42 +00:00 · 100ee38db8
parent d48f55803f
commit 100ee38db8
2 changed files with 2 additions and 1 deletions
--- a/cves.json
+++ b/cves.json
@ -1707,6 +1707,7 @@
 {"ID":"CVE-2023-24737","Info":{"Name":"PMB v7.4.6 - Cross Site Scripting","Severity":"medium","Description":"PMB v7.4.6 allows an attacker to make a Reflected XSS on export_z3950.php endpoint via the same query parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2023/CVE-2023-24737.yaml"}
 {"ID":"CVE-2023-26255","Info":{"Name":"STAGIL Navigation for Jira Menu \u0026 Themes \u003c2.0.52 - Local File Inclusion","Severity":"high","Description":"STAGIL Navigation for Jira Menu \u0026 Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjCustomDesignConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2023/CVE-2023-26255.yaml"}
 {"ID":"CVE-2023-26256","Info":{"Name":"STAGIL Navigation for Jira Menu \u0026 Themes \u003c2.0.52 - Local File Inclusion","Severity":"high","Description":"STAGIL Navigation for Jira Menu \u0026 Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjFooterNavigationConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2023/CVE-2023-26256.yaml"}
 {"ID":"CVE-2023-27159","Info":{"Name":"Appwrite \u003c= 1.2.1 - Server-Side Request Forgery","Severity":"medium","Description":"Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2023/CVE-2023-27159.yaml"}
 {"ID":"CVE-2023-27292","Info":{"Name":"OpenCATS - Open Redirect","Severity":"medium","Description":"OpenCATS contains an open redirect vulnerability due to improper validation of user-supplied GET parameters. This, in turn, exposes OpenCATS to possible template injection and obtaining sensitive information, modifying data, and/or executing unauthorized operations.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2023/CVE-2023-27292.yaml"}
 {"ID":"CVE-2023-27587","Info":{"Name":"ReadToMyShoe - Google Cloud API Disclosure","Severity":"medium","Description":"If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, then it will include the full URL of the request. The request URL contains the Google Cloud API key.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2023/CVE-2023-27587.yaml"}
 {"ID":"CVE-2023-28343","Info":{"Name":"Altenergy Power Control Software - Command Injection","Severity":"critical","Description":"OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2023/CVE-2023-28343.yaml"}
--- a/cves.json-checksum.txt
+++ b/cves.json-checksum.txt
@ -1 +1 @@
-0b8c136254be187cf0afeb350ba4ff03
+7ad718b838e65f95dadb7c55d1dc3de7
`@ -1 +1 @@`
	`0b8c136254be187cf0afeb350ba4ff03`	`7ad718b838e65f95dadb7c55d1dc3de7`