daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated cves.json [Tue Mar 28 12:45:26 UTC 2023] 🤖

patch-1
GitHub Action 2023-03-28 12:45:26 +00:00
parent 22f0930455
commit 2b93d18240
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cves.json
View File

@ -775,7 +775,7 @@
{"ID":"CVE-2020-15895","Info":{"Name":"D-Link DIR-816L 2.x - Cross-Site Scripting","Severity":"medium","Description":"D-Link DIR-816L devices 2.x before 1.10b04Beta02 contains a cross-site scripting vulnerability. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter before being printed on the webpage. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow for theft of cookie-based authentication credentials and launch of other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2020/CVE-2020-15895.yaml"}
{"ID":"CVE-2020-15920","Info":{"Name":"Mida eFramework \u003c=2.9.0 - Remote Command Execution","Severity":"critical","Description":"Mida eFramework through 2.9.0 allows an attacker to achieve remote code execution with administrative (root) privileges. No authentication is required.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-15920.yaml"}
{"ID":"CVE-2020-16139","Info":{"Name":"Cisco Unified IP Conference Station 7937G - Denial-of-Service","Severity":"high","Description":"Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to restart the device remotely via specially crafted packets that can cause a denial-of-service condition. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2020/CVE-2020-16139.yaml"}
{"ID":"CVE-2020-16846","Info":{"Name":"SaltStack \u003c=3002 - Shell Injection","Severity":"critical","Description":"SaltStack Salt through 3002 allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt-API using the SSH client.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-16846.yaml"}
{"ID":"CVE-2020-16846","Info":{"Name":"SaltStack \u003c=3002 - Shell Injection","Severity":"critical","Description":"SaltStack Salt through 3002 allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt-API using the SSH client.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-16846.yaml"}
{"ID":"CVE-2020-16952","Info":{"Name":"Microsoft SharePoint - Remote Code Execution","Severity":"high","Description":"Microsoft SharePoint is vulnerable to a remote code execution when the software fails to check the source markup of an application package.","Classification":{"CVSSScore":"7.8"}},"file_path":"cves/2020/CVE-2020-16952.yaml"}
{"ID":"CVE-2020-17362","Info":{"Name":"Nova Lite \u003c 1.3.9 - Cross-Site Scripting","Severity":"medium","Description":"Nova Lite before 1.3.9 for WordPress is susceptible to reflected cross-site scripting via search.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2020/CVE-2020-17362.yaml"}
{"ID":"CVE-2020-17453","Info":{"Name":"WSO2 Carbon Management Console \u003c=5.10 - Cross-Site Scripting","Severity":"medium","Description":"WSO2 Management Console through 5.10 is susceptible to reflected cross-site scripting which can be exploited by tampering a request parameter in Management Console. This can be performed in both authenticated and unauthenticated requests.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2020/CVE-2020-17453.yaml"}
@ -1630,6 +1630,7 @@
{"ID":"CVE-2022-43017","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the indexFile component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-43017.yaml"}
{"ID":"CVE-2022-43018","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the email parameter in the Check Email function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-43018.yaml"}
{"ID":"CVE-2022-4306","Info":{"Name":"WordPress Panda Pods Repeater Field \u003c1.5.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Panda Pods Repeater Field before 1.5.4 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. This can be leveraged against a user who has at least Contributor permission. An attacker can also steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-4306.yaml"}
{"ID":"CVE-2022-43140","Info":{"Name":"kkFileview v4.1.0 - Server Side Request Forgery","Severity":"high","Description":"kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-43140.yaml"}
{"ID":"CVE-2022-4320","Info":{"Name":"WordPress Events Calendar Plugin - Cross-Site Scripting","Severity":"medium","Description":"WordPress Events Calendar Plugin \u003c 1.4.5 - Multiple Reflected XSS\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-4320.yaml"}
{"ID":"CVE-2022-4325","Info":{"Name":"Post Status Notifier Lite \u003c 1.10.1 - Cross Site Scripting","Severity":"medium","Description":"The Post Status Notifier Lite WordPress plugin before 1.10.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-4325.yaml"}
{"ID":"CVE-2022-4447","Info":{"Name":"WordPress Fontsy \u003c=1.8.6 - SQL Injection","Severity":"critical","Description":"WordPress Fontsy plugin through 1.8.6 is susceptible to SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-4447.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
2c04a03d0e264c86e5df4c10ed677b4e
ab0d81caade067eb9430e91e5a2dce2c