Auto Generated cves.json [Tue Jul 18 09:07:45 UTC 2023] 🤖

cves.json

@@ -1001,7 +1001,7 @@
 {"ID":"CVE-2021-20323","Info":{"Name":"Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting","Severity":"medium","Description":"Keycloak 10.0.0 to 18.0.0 contains a cross-site scripting vulnerability via the client-registrations endpoint. On a POST request, the application does not sanitize an unknown attribute name before including it in the error response with a 'Content-Type' of text/hml. Once reflected, the response is interpreted as HTML. This can be performed on any realm present on the Keycloak instance. Since the bug requires Content-Type application/json and is submitted via a POST, there is no common path to exploit that has a user impact.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-20323.yaml"}
 {"ID":"CVE-2021-20792","Info":{"Name":"WordPress Quiz and Survey Master \u003c7.1.14 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Quiz and Survey Master plugin prior to 7.1.14 contains a cross-site scripting vulnerability which allows a remote attacker to inject arbitrary script via unspecified vectors.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-20792.yaml"}
 {"ID":"CVE-2021-20837","Info":{"Name":"MovableType - Remote Command Injection","Severity":"critical","Description":"MovableType 5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8. 2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-20837.yaml"}
-{"ID":"CVE-2021-21087","Info":{"Name":"Adobe ColdFusion - Remote Code Execution","Severity":"medium","Description":"Adobe ColdFusion is susceptible to remote code execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-21087.yaml"}
+{"ID":"CVE-2021-21087","Info":{"Name":"Adobe ColdFusion - Cross-Site Scripting","Severity":"medium","Description":"Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-21087.yaml"}
 {"ID":"CVE-2021-21234","Info":{"Name":"Spring Boot Actuator Logview Directory Traversal","Severity":"high","Description":"spring-boot-actuator-logview before version 0.2.13 contains a directory traversal vulnerability in libraries that adds a simple logfile viewer as a spring boot actuator endpoint (maven package \"eu.hinsch:spring-boot-actuator-logview\".\n","Classification":{"CVSSScore":"7.7"}},"file_path":"http/cves/2021/CVE-2021-21234.yaml"}
 {"ID":"CVE-2021-21287","Info":{"Name":"MinIO Browser API - Server-Side Request Forgery","Severity":"high","Description":"MinIO Browser API before version RELEASE.2021-01-30T00-20-58Z contains a server-side request forgery vulnerability.","Classification":{"CVSSScore":"7.7"}},"file_path":"http/cves/2021/CVE-2021-21287.yaml"}
 {"ID":"CVE-2021-21307","Info":{"Name":"Lucee Admin - Remote Code Execution","Severity":"critical","Description":"Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 contains an unauthenticated remote code execution vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-21307.yaml"}

cves.json-checksum.txt

@@ -1 +1 @@
-55a5b9ee778080c73583f6e7bb52699a
+9836d4f0017b799ea98d98b662eb214e