daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated cves.json [Tue Nov 7 14:46:24 UTC 2023] 🤖

patch-1
GitHub Action 2023-11-07 14:46:24 +00:00
parent 9c2bfdc41e
commit 49114a3dcf
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@ -1964,6 +1964,7 @@
{"ID":"CVE-2023-1546","Info":{"Name":"MyCryptoCheckout \u003c 2.124 - Cross-Site Scripting","Severity":"medium","Description":"The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1546.yaml"}
{"ID":"CVE-2023-1671","Info":{"Name":"Sophos Web Appliance - Remote Code Execution","Severity":"critical","Description":"A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1671.yaml"}
{"ID":"CVE-2023-1698","Info":{"Name":"WAGO - Remote Command Execution","Severity":"critical","Description":"In multiple products of WAGO, a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behavior, Denial of Service, and full system compromise.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1698.yaml"}
{"ID":"CVE-2023-1719","Info":{"Name":"Bitrix Component - Cross-Site Scripting","Severity":"high","Description":"Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victims browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialised variables.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-1719.yaml"}
{"ID":"CVE-2023-1730","Info":{"Name":"SupportCandy \u003c 3.1.5 - Unauthenticated SQL Injection","Severity":"critical","Description":"The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1730.yaml"}
{"ID":"CVE-2023-1780","Info":{"Name":"Companion Sitemap Generator \u003c 4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1780.yaml"}
{"ID":"CVE-2023-1835","Info":{"Name":"Ninja Forms \u003c 3.6.22 - Cross-Site Scripting","Severity":"medium","Description":"Ninja Forms before 3.6.22 is susceptible to cross-site scripting via the page parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1835.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
80bb2a311ca0559a795644484250fe73
bc33132aca3ed8536ab6cd7ff3b09cab