daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated cves.json [Thu Apr 13 13:43:42 UTC 2023] 🤖

patch-1
GitHub Action 2023-04-13 13:43:42 +00:00
parent d48f55803f
commit 100ee38db8
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@ -1707,6 +1707,7 @@
{"ID":"CVE-2023-24737","Info":{"Name":"PMB v7.4.6 - Cross Site Scripting","Severity":"medium","Description":"PMB v7.4.6 allows an attacker to make a Reflected XSS on export_z3950.php endpoint via the same query parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2023/CVE-2023-24737.yaml"}
{"ID":"CVE-2023-26255","Info":{"Name":"STAGIL Navigation for Jira Menu \u0026 Themes \u003c2.0.52 - Local File Inclusion","Severity":"high","Description":"STAGIL Navigation for Jira Menu \u0026 Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjCustomDesignConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2023/CVE-2023-26255.yaml"}
{"ID":"CVE-2023-26256","Info":{"Name":"STAGIL Navigation for Jira Menu \u0026 Themes \u003c2.0.52 - Local File Inclusion","Severity":"high","Description":"STAGIL Navigation for Jira Menu \u0026 Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjFooterNavigationConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2023/CVE-2023-26256.yaml"}
{"ID":"CVE-2023-27159","Info":{"Name":"Appwrite \u003c= 1.2.1 - Server-Side Request Forgery","Severity":"medium","Description":"Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2023/CVE-2023-27159.yaml"}
{"ID":"CVE-2023-27292","Info":{"Name":"OpenCATS - Open Redirect","Severity":"medium","Description":"OpenCATS contains an open redirect vulnerability due to improper validation of user-supplied GET parameters. This, in turn, exposes OpenCATS to possible template injection and obtaining sensitive information, modifying data, and/or executing unauthorized operations.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2023/CVE-2023-27292.yaml"}
{"ID":"CVE-2023-27587","Info":{"Name":"ReadToMyShoe - Google Cloud API Disclosure","Severity":"medium","Description":"If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, then it will include the full URL of the request. The request URL contains the Google Cloud API key.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2023/CVE-2023-27587.yaml"}
{"ID":"CVE-2023-28343","Info":{"Name":"Altenergy Power Control Software - Command Injection","Severity":"critical","Description":"OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2023/CVE-2023-28343.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
0b8c136254be187cf0afeb350ba4ff03
7ad718b838e65f95dadb7c55d1dc3de7