daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated cves.json [Thu Oct 26 09:54:14 UTC 2023] 🤖

patch-1
GitHub Action 2023-10-26 09:54:14 +00:00
parent a9bb7c5933
commit 45fba4296f
2 changed files with 31 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
cves.json
View File

@ -414,35 +414,35 @@
{"ID":"CVE-2017-17731","Info":{"Name":"DedeCMS 5.7 - SQL Injection","Severity":"critical","Description":"DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-17731.yaml"}
{"ID":"CVE-2017-17736","Info":{"Name":"Kentico - Installer Privilege Escalation","Severity":"critical","Description":"Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 are susceptible to a privilege escalation attack. An attacker can obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-17736.yaml"}
{"ID":"CVE-2017-18024","Info":{"Name":"AvantFAX 3.3.3 - Cross-Site Scripting","Severity":"medium","Description":"AvantFAX 3.3.3 contains a cross-site scripting vulnerability via an arbitrary parameter name submitted to the default URL, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18024.yaml"}
{"ID":"CVE-2017-18487","Info":{"Name":"AdPush \u003c 1.44 - Cross-Site Scripting","Severity":"medium","Description":"The adsense-plugin (aka Google AdSense) plugin before 1.44 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18487.yaml"}
{"ID":"CVE-2017-18490","Info":{"Name":"Contact Form Multi by BestWebSoft \u003c 1.2.1 - Cross-Site Scripting","Severity":"medium","Description":"The contact-form-multi plugin before 1.2.1 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18490.yaml"}
{"ID":"CVE-2017-18491","Info":{"Name":"Contact Form by BestWebSoft \u003c 4.0.6 - Cross-Site Scripting","Severity":"medium","Description":"The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18491.yaml"}
{"ID":"CVE-2017-18492","Info":{"Name":"Contact Form to DB by BestWebSoft \u003c 1.5.7 - Cross-Site Scripting","Severity":"medium","Description":"The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18492.yaml"}
{"ID":"CVE-2017-18493","Info":{"Name":"Custom Admin Page by BestWebSoft \u003c 0.1.2 - Cross-Site Scripting","Severity":"medium","Description":"The custom-admin-page plugin before 0.1.2 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18493.yaml"}
{"ID":"CVE-2017-18494","Info":{"Name":"Custom Search by BestWebSoft \u003c 1.36 - Cross-Site Scripting","Severity":"medium","Description":"The custom-search-plugin plugin before 1.36 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18494.yaml"}
{"ID":"CVE-2017-18496","Info":{"Name":"Htaccess by BestWebSoft \u003c 1.7.6 - Cross-Site Scripting","Severity":"medium","Description":"The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18496.yaml"}
{"ID":"CVE-2017-18500","Info":{"Name":"Social Buttons Pack by BestWebSof \u003c 1.1.1 - Cross-Site Scripting","Severity":"medium","Description":"The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18500.yaml"}
{"ID":"CVE-2017-18501","Info":{"Name":"Social Login by BestWebSoft \u003c 0.2 - Cross-Site Scripting","Severity":"medium","Description":"The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18501.yaml"}
{"ID":"CVE-2017-18502","Info":{"Name":"Subscriber by BestWebSoft \u003c 1.3.5 - Cross-Site Scripting","Severity":"medium","Description":"The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18502.yaml"}
{"ID":"CVE-2017-18505","Info":{"Name":"BestWebSoft's Twitter \u003c 2.55 - Cross-Site Scripting","Severity":"medium","Description":"The twitter-plugin plugin before 2.55 for WordPress has XSS.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18505.yaml"}
{"ID":"CVE-2017-18516","Info":{"Name":"LinkedIn by BestWebSoft \u003c 1.0.5 - Cross-Site Scripting","Severity":"medium","Description":"The bws-linkedin plugin before 1.0.5 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18516.yaml"}
{"ID":"CVE-2017-18517","Info":{"Name":"Pinterest by BestWebSoft \u003c 1.0.5 - Cross-Site Scripting","Severity":"medium","Description":"The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18517.yaml"}
{"ID":"CVE-2017-18518","Info":{"Name":"SMTP by BestWebSoft \u003c 1.1.0 - Cross-Site Scripting","Severity":"medium","Description":"The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18518.yaml"}
{"ID":"CVE-2017-18527","Info":{"Name":"Pagination by BestWebSoft \u003c 1.0.7 - Cross-Site Scripting","Severity":"medium","Description":"The pagination plugin before 1.0.7 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18527.yaml"}
{"ID":"CVE-2017-18528","Info":{"Name":"PDF \u0026 Print by BestWebSoft \u003c 1.9.4 - Cross-Site Scripting","Severity":"medium","Description":"The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18528.yaml"}
{"ID":"CVE-2017-18529","Info":{"Name":"PromoBar by BestWebSoft \u003c 1.1.1 - Cross-Site Scripting","Severity":"medium","Description":"The promobar plugin before 1.1.1 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18529.yaml"}
{"ID":"CVE-2017-18530","Info":{"Name":"Rating by BestWebSoft \u003c 0.2 - Cross-Site Scripting","Severity":"medium","Description":"The rating-bws plugin before 0.2 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18530.yaml"}
{"ID":"CVE-2017-18532","Info":{"Name":"Realty by BestWebSoft \u003c 1.1.0 - Cross-Site Scripting","Severity":"medium","Description":"The realty plugin before 1.1.0 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18532.yaml"}
{"ID":"CVE-2017-18487","Info":{"Name":"AdPush \u003c 1.44 - Cross-Site Scripting","Severity":"medium","Description":"The adsense-plugin (aka Google AdSense) plugin before 1.44 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18487.yaml"}
{"ID":"CVE-2017-18490","Info":{"Name":"Contact Form Multi by BestWebSoft \u003c 1.2.1 - Cross-Site Scripting","Severity":"medium","Description":"The contact-form-multi plugin before 1.2.1 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18490.yaml"}
{"ID":"CVE-2017-18491","Info":{"Name":"Contact Form by BestWebSoft \u003c 4.0.6 - Cross-Site Scripting","Severity":"medium","Description":"The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18491.yaml"}
{"ID":"CVE-2017-18492","Info":{"Name":"Contact Form to DB by BestWebSoft \u003c 1.5.7 - Cross-Site Scripting","Severity":"medium","Description":"The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18492.yaml"}
{"ID":"CVE-2017-18493","Info":{"Name":"Custom Admin Page by BestWebSoft \u003c 0.1.2 - Cross-Site Scripting","Severity":"medium","Description":"The custom-admin-page plugin before 0.1.2 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18493.yaml"}
{"ID":"CVE-2017-18494","Info":{"Name":"Custom Search by BestWebSoft \u003c 1.36 - Cross-Site Scripting","Severity":"medium","Description":"The custom-search-plugin plugin before 1.36 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18494.yaml"}
{"ID":"CVE-2017-18496","Info":{"Name":"Htaccess by BestWebSoft \u003c 1.7.6 - Cross-Site Scripting","Severity":"medium","Description":"The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18496.yaml"}
{"ID":"CVE-2017-18500","Info":{"Name":"Social Buttons Pack by BestWebSof \u003c 1.1.1 - Cross-Site Scripting","Severity":"medium","Description":"The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18500.yaml"}
{"ID":"CVE-2017-18501","Info":{"Name":"Social Login by BestWebSoft \u003c 0.2 - Cross-Site Scripting","Severity":"medium","Description":"The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18501.yaml"}
{"ID":"CVE-2017-18502","Info":{"Name":"Subscriber by BestWebSoft \u003c 1.3.5 - Cross-Site Scripting","Severity":"medium","Description":"The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18502.yaml"}
{"ID":"CVE-2017-18505","Info":{"Name":"BestWebSoft's Twitter \u003c 2.55 - Cross-Site Scripting","Severity":"medium","Description":"The twitter-plugin plugin before 2.55 for WordPress has XSS.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18505.yaml"}
{"ID":"CVE-2017-18516","Info":{"Name":"LinkedIn by BestWebSoft \u003c 1.0.5 - Cross-Site Scripting","Severity":"medium","Description":"The bws-linkedin plugin before 1.0.5 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18516.yaml"}
{"ID":"CVE-2017-18517","Info":{"Name":"Pinterest by BestWebSoft \u003c 1.0.5 - Cross-Site Scripting","Severity":"medium","Description":"The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18517.yaml"}
{"ID":"CVE-2017-18518","Info":{"Name":"SMTP by BestWebSoft \u003c 1.1.0 - Cross-Site Scripting","Severity":"medium","Description":"The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18518.yaml"}
{"ID":"CVE-2017-18527","Info":{"Name":"Pagination by BestWebSoft \u003c 1.0.7 - Cross-Site Scripting","Severity":"medium","Description":"The pagination plugin before 1.0.7 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18527.yaml"}
{"ID":"CVE-2017-18528","Info":{"Name":"PDF \u0026 Print by BestWebSoft \u003c 1.9.4 - Cross-Site Scripting","Severity":"medium","Description":"The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18528.yaml"}
{"ID":"CVE-2017-18529","Info":{"Name":"PromoBar by BestWebSoft \u003c 1.1.1 - Cross-Site Scripting","Severity":"medium","Description":"The promobar plugin before 1.1.1 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18529.yaml"}
{"ID":"CVE-2017-18530","Info":{"Name":"Rating by BestWebSoft \u003c 0.2 - Cross-Site Scripting","Severity":"medium","Description":"The rating-bws plugin before 0.2 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18530.yaml"}
{"ID":"CVE-2017-18532","Info":{"Name":"Realty by BestWebSoft \u003c 1.1.0 - Cross-Site Scripting","Severity":"medium","Description":"The realty plugin before 1.1.0 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18532.yaml"}
{"ID":"CVE-2017-18536","Info":{"Name":"WordPress Stop User Enumeration \u003c=1.3.7 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Stop User Enumeration 1.3.7 and earlier are vulnerable to unauthenticated reflected cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18536.yaml"}
{"ID":"CVE-2017-18537","Info":{"Name":"Visitors Online by BestWebSoft \u003c 1.0.0 - Cross-Site Scripting","Severity":"medium","Description":"The visitors-online plugin before 1.0.0 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18537.yaml"}
{"ID":"CVE-2017-18542","Info":{"Name":"Zendesk Help Center by BestWebSoft \u003c 1.0.5 - Cross-Site Scripting","Severity":"medium","Description":"The zendesk-help-center plugin before 1.0.5 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18542.yaml"}
{"ID":"CVE-2017-18556","Info":{"Name":"Google Analytics by BestWebSoft \u003c 1.7.1 - Cross-Site Scripting","Severity":"medium","Description":"The bws-google-analytics plugin before 1.7.1 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18556.yaml"}
{"ID":"CVE-2017-18557","Info":{"Name":"Google Maps by BestWebSoft \u003c 1.3.6 - Cross-Site Scripting","Severity":"medium","Description":"The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18557.yaml"}
{"ID":"CVE-2017-18558","Info":{"Name":"Testimonials by BestWebSoft \u003c 0.1.9 - Cross-Site Scripting","Severity":"medium","Description":"The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18558.yaml"}
{"ID":"CVE-2017-18562","Info":{"Name":"Error Log Viewer by BestWebSoft \u003c 1.0.6 - Cross-Site Scripting","Severity":"medium","Description":"The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18562.yaml"}
{"ID":"CVE-2017-18564","Info":{"Name":"Sender by BestWebSoft \u003c 1.2.1 - Cross-Site Scripting","Severity":"medium","Description":"The sender plugin before 1.2.1 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18564.yaml"}
{"ID":"CVE-2017-18565","Info":{"Name":"Updater by BestWebSoft \u003c 1.35 - Cross-Site Scripting","Severity":"medium","Description":"The updater plugin before 1.35 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18565.yaml"}
{"ID":"CVE-2017-18566","Info":{"Name":"User Role by BestWebSoft \u003c 1.5.6 - Cross-Site Scripting","Severity":"medium","Description":"The user-role plugin before 1.5.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2017/CVE-2017-18566.yaml"}
{"ID":"CVE-2017-18537","Info":{"Name":"Visitors Online by BestWebSoft \u003c 1.0.0 - Cross-Site Scripting","Severity":"medium","Description":"The visitors-online plugin before 1.0.0 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18537.yaml"}
{"ID":"CVE-2017-18542","Info":{"Name":"Zendesk Help Center by BestWebSoft \u003c 1.0.5 - Cross-Site Scripting","Severity":"medium","Description":"The zendesk-help-center plugin before 1.0.5 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18542.yaml"}
{"ID":"CVE-2017-18556","Info":{"Name":"Google Analytics by BestWebSoft \u003c 1.7.1 - Cross-Site Scripting","Severity":"medium","Description":"The bws-google-analytics plugin before 1.7.1 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18556.yaml"}
{"ID":"CVE-2017-18557","Info":{"Name":"Google Maps by BestWebSoft \u003c 1.3.6 - Cross-Site Scripting","Severity":"medium","Description":"The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18557.yaml"}
{"ID":"CVE-2017-18558","Info":{"Name":"Testimonials by BestWebSoft \u003c 0.1.9 - Cross-Site Scripting","Severity":"medium","Description":"The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18558.yaml"}
{"ID":"CVE-2017-18562","Info":{"Name":"Error Log Viewer by BestWebSoft \u003c 1.0.6 - Cross-Site Scripting","Severity":"medium","Description":"The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18562.yaml"}
{"ID":"CVE-2017-18564","Info":{"Name":"Sender by BestWebSoft \u003c 1.2.1 - Cross-Site Scripting","Severity":"medium","Description":"The sender plugin before 1.2.1 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18564.yaml"}
{"ID":"CVE-2017-18565","Info":{"Name":"Updater by BestWebSoft \u003c 1.35 - Cross-Site Scripting","Severity":"medium","Description":"The updater plugin before 1.35 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18565.yaml"}
{"ID":"CVE-2017-18566","Info":{"Name":"User Role by BestWebSoft \u003c 1.5.6 - Cross-Site Scripting","Severity":"medium","Description":"The user-role plugin before 1.5.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18566.yaml"}
{"ID":"CVE-2017-18598","Info":{"Name":"WordPress Qards - Cross-Site Scripting","Severity":"medium","Description":"WordPress Qards through 2017-10-11 contains a cross-site scripting vulnerability via a remote document specified in the URL parameter to html2canvasproxy.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18598.yaml"}
{"ID":"CVE-2017-18638","Info":{"Name":"Graphite \u003c=1.1.5 - Server-Side Request Forgery","Severity":"high","Description":"Graphite's send_email in graphite-web/webapp/graphite/composer/views.py in versions up to 1.1.5 is vulnerable to server-side request forgery (SSR)F. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an email address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-18638.yaml"}
{"ID":"CVE-2017-3506","Info":{"Name":"Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution","Severity":"high","Description":"The Oracle WebLogic Server component of Oracle Fusion Middleware (Web Services) versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2 is susceptible to a difficult to exploit vulnerability that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server.","Classification":{"CVSSScore":"7.4"}},"file_path":"http/cves/2017/CVE-2017-3506.yaml"}
@ -2175,10 +2175,10 @@
{"ID":"CVE-2023-4451","Info":{"Name":"Cockpit - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4451.yaml"}
{"ID":"CVE-2023-4547","Info":{"Name":"SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may be launched remotely. VDB-238058 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4547.yaml"}
{"ID":"CVE-2023-4568","Info":{"Name":"PaperCut NG Unauthenticated XMLRPC Functionality","Severity":"medium","Description":"PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-4568.yaml"}
{"ID":"CVE-2023-45852","Info":{"Name":"Viessmann Vitogate 300 - Remote Code Execution","Severity":"critical","Description":"In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4582.yaml"}
{"ID":"CVE-2023-45852","Info":{"Name":"Viessmann Vitogate 300 - Remote Code Execution","Severity":"critical","Description":"In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-45852.yaml"}
{"ID":"CVE-2023-4634","Info":{"Name":"Media Library Assistant \u003c 3.09 - Remote Code Execution/Local File Inclusion","Severity":"critical","Description":"A vulnerability in the Wordpress Media-Library-Assistant plugins in version \u003c 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4634.yaml"}
{"ID":"CVE-2023-4714","Info":{"Name":"PlayTube 3.0.1 - Information Disclosure","Severity":"high","Description":"A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4714.yaml"}
{"ID":"CVE-2023-4966","Info":{"Name":"Citrix Bleed - Leaking Session Tokens","Severity":"critical","Description":"Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.\n","Classification":{"CVSSScore":"9.4"}},"file_path":"http/cves/2023/CVE-2023-4966.yaml"}
{"ID":"CVE-2023-4966","Info":{"Name":"Citrix Bleed - Leaking Session Tokens","Severity":"high","Description":"Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4966.yaml"}
{"ID":"CVE-2023-4974","Info":{"Name":"Academy LMS 6.2 - SQL Injection","Severity":"critical","Description":"A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql injection. The attack may be launched remotely. VDB-239750 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4974.yaml"}
{"ID":"CVE-2023-5074","Info":{"Name":"D-Link D-View 8 v2.0.1.28 - Authentication Bypass","Severity":"critical","Description":"Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5074.yaml"}
{"ID":"CVE-2023-5244","Info":{"Name":"Microweber \u003c V.2.0 - Cross-Site Scripting","Severity":"medium","Description":"Reflected Cross-Site Scripting Vulnerability in types GET parameter on the /editor_tools/rte_image_editor endpoint.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5244.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
319d0b18d478ad849a465a142f1862ec
24890c9d2be1afe9eeb58e1894081cd1