{"ID":"CVE-2015-2068","Info":{"Name":"Magento Server Mass Importer - Cross-Site Scripting","Severity":"medium","Description":"Magento Server Mass Importer plugin contains multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.php.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2015/CVE-2015-2068.yaml"}
{"ID":"CVE-2015-2080","Info":{"Name":"Eclipse Jetty \u003c9.2.9.v20150224 - Sensitive Information Leakage","Severity":"high","Description":"Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2015/CVE-2015-2080.yaml"}
{"ID":"CVE-2015-2166","Info":{"Name":"Ericsson Drutt MSDP - Local File Inclusion","Severity":"high","Description":"Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI in the Instance Monitor.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2015/CVE-2015-2166.yaml"}
{"ID":"CVE-2015-2755","Info":{"Name":"AB Google Map Travel (AB-MAP) Wordpress Plugin \u003c=3.4 - Stored XSS","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in the AB Google Map Travel (AB-MAP) plugin before 4.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameter in the ab_map_options page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2015/CVE-2015-2755.yaml"}
{"ID":"CVE-2015-2807","Info":{"Name":"Navis DocumentCloud \u003c0.1.1 - Cross-Site Scripting","Severity":"medium","Description":"Navis DocumentCloud plugin before 0.1.1 for WordPress contains a reflected cross-site scripting vulnerability in js/window.php which allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2015/CVE-2015-2807.yaml"}
{"ID":"CVE-2015-2996","Info":{"Name":"SysAid Help Desk \u003c15.2 - Local File Disclosure","Severity":"high","Description":"Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in the fileName parameter to calculateRdsFileChecksum.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2015/CVE-2015-2996.yaml"}
{"ID":"CVE-2015-3035","Info":{"Name":"TP-LINK - Local File Inclusion","Severity":"high","Description":"TP-LINK is susceptible to local file inclusion in these products: Archer C5 (1.2) with firmware before 150317, Archer C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310. Because of insufficient input validation, arbitrary local files can be disclosed. Files that include passwords and other sensitive information can be accessed.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"cves/2015/CVE-2015-3035.yaml"}
@ -262,6 +263,8 @@
{"ID":"CVE-2015-3648","Info":{"Name":"ResourceSpace - Local File inclusion","Severity":"high","Description":"ResourceSpace is prone to a local file-inclusion vulnerability because it fails to sufficiently sanitize user-supplied input.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2015/CVE-2015-3648.yaml"}
{"ID":"CVE-2015-3897","Info":{"Name":"Bonita BPM Portal \u003c6.5.3 - Local File Inclusion","Severity":"high","Description":"Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2015/CVE-2015-3897.yaml"}
{"ID":"CVE-2015-4050","Info":{"Name":"Symfony - Authentication Bypass","Severity":"high","Description":"Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment in the HttpKernel component.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2015/CVE-2015-4050.yaml"}
{"ID":"CVE-2015-4062","Info":{"Name":"NewStatPress 0.9.8 - SQL Injection","Severity":"critical","Description":"The NewStatPress WordPress plugin was affected by SQL Injection security vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2015/CVE-2015-4062.yaml"}
{"ID":"CVE-2015-4063","Info":{"Name":"NewStatPress 0.9.8 - Cross Site Scripting","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2015/CVE-2015-4063.yaml"}
{"ID":"CVE-2015-4074","Info":{"Name":"Joomla! Helpdesk Pro plugin \u003c1.4.0 - Local File Inclusion","Severity":"high","Description":"Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2015/CVE-2015-4074.yaml"}
{"ID":"CVE-2015-4127","Info":{"Name":"WordPress Church Admin \u003c0.810 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Church Admin plugin before 0.810 allows remote attackers to inject arbitrary web script or HTML via the address parameter via index.php/2015/05/21/church_admin-registration-form/.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2015/CVE-2015-4127.yaml"}
{"ID":"CVE-2015-4414","Info":{"Name":"WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal","Severity":"high","Description":"WordPress SE HTML5 Album Audio Player 1.1.0 contains a directory traversal vulnerability in download_audio.php that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2015/CVE-2015-4414.yaml"}
@ -287,6 +290,7 @@
{"ID":"CVE-2015-8349","Info":{"Name":"SourceBans \u003c2.0 - Cross-Site Scripting","Severity":"medium","Description":"SourceBans before 2.0 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2015/CVE-2015-8349.yaml"}
{"ID":"CVE-2015-8399","Info":{"Name":"Atlassian Confluence \u003c5.8.17 - Information Disclosure","Severity":"medium","Description":"Atlassian Confluence before 5.8.17 contains an information disclsoure vulnerability. A remote authenticated user can read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.","Classification":{"CVSSScore":"4.3"}},"file_path":"cves/2015/CVE-2015-8399.yaml"}
{"ID":"CVE-2015-8813","Info":{"Name":"Umbraco \u003c7.4.0- Server-Side Request Forgery","Severity":"high","Description":"Umbraco before version 7.4.0 contains a server-side request forgery vulnerability in feedproxy.aspx that allows attackers to send arbitrary HTTP GET requests via http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index.","Classification":{"CVSSScore":"8.2"}},"file_path":"cves/2015/CVE-2015-8813.yaml"}
{"ID":"CVE-2015-9312","Info":{"Name":"NewStatPress \u003c= 1.0.4 - Cross Site Scripting","Severity":"medium","Description":"The NewStatPress plugin utilizes on lines 28 and 31 of the file ‘includes/nsp_search.php’ several variables from the $_GET scope, without sanitation. While WordPress automatically escapes quotes on this scope, the outputs on these lines are outside of quotes, and as such can be utilized to trigger a Reflected XSS attack.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2015/CVE-2015-9312.yaml"}
{"ID":"CVE-2015-9414","Info":{"Name":"WordPress Symposium \u003c=15.8.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Symposium through 15.8.1 contains a reflected cross-site scripting vulnerability via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter which allows an attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2015/CVE-2015-9414.yaml"}
{"ID":"CVE-2015-9480","Info":{"Name":"WordPress RobotCPA 5 - Directory Traversal","Severity":"high","Description":"The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2015/CVE-2015-9480.yaml"}
{"ID":"CVE-2016-0957","Info":{"Name":"Adobe AEM Dispatcher \u003c4.15 - Rules Bypass","Severity":"high","Description":"Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2016/CVE-2016-0957.yaml"}
@ -369,6 +373,7 @@
{"ID":"CVE-2017-14186","Info":{"Name":"FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting","Severity":"medium","Description":"FortiGate FortiOS through SSL VPN Web Portal contains a cross-site scripting vulnerability. The login redir parameter is not sanitized, so an attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks such as a URL redirect. Affected versions are 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, and 5.4 and below.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2017/CVE-2017-14186.yaml"}
{"ID":"CVE-2017-14535","Info":{"Name":"Trixbox - 2.8.0.4 OS Command Injection","Severity":"high","Description":"Trixbox 2.8.0.4 is vulnerable to OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2017/CVE-2017-14535.yaml"}
{"ID":"CVE-2017-14537","Info":{"Name":"Trixbox 2.8.0 - Path Traversal","Severity":"medium","Description":"Trixbox 2.8.0.4 is susceptible to path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2017/CVE-2017-14537.yaml"}
{"ID":"CVE-2017-14622","Info":{"Name":"2kb Amazon Affiliates Store plugin \u003c 2.1.1 - Reflected Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2017/CVE-2017-14622.yaml"}
{"ID":"CVE-2017-14651","Info":{"Name":"WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting","Severity":"medium","Description":"WSO2 Data Analytics Server 3.1.0 is susceptible to cross-site scripting in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.","Classification":{"CVSSScore":"4.8"}},"file_path":"cves/2017/CVE-2017-14651.yaml"}
{"ID":"CVE-2017-14849","Info":{"Name":"Node.js \u003c8.6.0 - Directory Traversal","Severity":"high","Description":"Node.js before 8.6.0 allows remote attackers to access unintended files because a change to \"..\" handling is incompatible with the pathname validation used by unspecified community modules.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2017/CVE-2017-14849.yaml"}
{"ID":"CVE-2017-15287","Info":{"Name":"Dreambox WebControl 2.0.0 - Cross-Site Scripting","Severity":"medium","Description":"Dream Multimedia Dreambox devices via their WebControl component are vulnerable to reflected cross-site scripting, as demonstrated by the \"Name des Bouquets\" field, or the file parameter to the /file URI.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2017/CVE-2017-15287.yaml"}
@ -472,6 +477,7 @@
{"ID":"CVE-2018-16059","Info":{"Name":"WirelessHART Fieldgate SWG70 3.0 - Local File Inclusion","Severity":"medium","Description":"WirelessHART Fieldgate SWG70 3.0 is vulnerable to local file inclusion via the fcgi-bin/wgsetcgi filename parameter.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2018/CVE-2018-16059.yaml"}
{"ID":"CVE-2018-16133","Info":{"Name":"Cybrotech CyBroHttpServer 1.0.3 - Local File Inclusion","Severity":"medium","Description":"Cybrotech CyBroHttpServer 1.0.3 is vulnerable to local file inclusion in the URI.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2018/CVE-2018-16133.yaml"}
{"ID":"CVE-2018-16139","Info":{"Name":"BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting","Severity":"medium","Description":"BIBLIOsoft BIBLIOpac 2008 contains a cross-site scripting vulnerability via the db or action parameter to bin/wxis.exe/bibliopac/, which allows a remote attacker to inject arbitrary web script or HTML.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2018/CVE-2018-16139.yaml"}
{"ID":"CVE-2018-16159","Info":{"Name":"Gift Voucher \u003c 4.1.8 - Unauthenticated Blind SQL Injection","Severity":"critical","Description":"The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2018/CVE-2018-16159.yaml"}
{"ID":"CVE-2018-16167","Info":{"Name":"LogonTracer \u003c=1.2.0 - Remote Command Injection","Severity":"critical","Description":"LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2018/CVE-2018-16167.yaml"}
{"ID":"CVE-2018-16283","Info":{"Name":"WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion","Severity":"critical","Description":"WordPress Wechat Broadcast plugin 1.2.0 and earlier allows Directory Traversal via the Image.php url parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2018/CVE-2018-16283.yaml"}
{"ID":"CVE-2018-16288","Info":{"Name":"LG SuperSign EZ CMS 2.5 - Local File Inclusion","Severity":"high","Description":"LG SuperSign CMS 2.5 allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs - aka local file inclusion.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"cves/2018/CVE-2018-16288.yaml"}
@ -669,6 +675,7 @@
{"ID":"CVE-2019-3929","Info":{"Name":"Barco/AWIND OEM Presentation Platform - Remote Command Injection","Severity":"critical","Description":"The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2019/CVE-2019-3929.yaml"}
{"ID":"CVE-2019-5127","Info":{"Name":"YouPHPTube Encoder 2.3 - Remote Command Injection","Severity":"critical","Description":"YouPHPTube Encoder 2.3 is susceptible to a command injection vulnerability which could allow an attacker to compromise the server. These exploitable unauthenticated command injections exist via the parameter base64Url in /objects/getImage.php.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2019/CVE-2019-5127.yaml"}
{"ID":"CVE-2019-5418","Info":{"Name":"Rails File Content Disclosure","Severity":"high","Description":"Rails \u003c5.2.2.1, \u003c5.1.6.2, \u003c5.0.7.2, \u003c4.2.11.1 and v3 are susceptible to a file content disclosure vulnerability because specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2019/CVE-2019-5418.yaml"}
{"ID":"CVE-2019-5434","Info":{"Name":"Revive Adserver 4.2 - Remote Code Execution","Severity":"critical","Description":"An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the \"what\" parameter in the \"openads.spc\" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2019/CVE-2019-5434.yaml"}
{"ID":"CVE-2019-6112","Info":{"Name":"WordPress Sell Media 2.4.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2019/CVE-2019-6112.yaml"}
{"ID":"CVE-2019-6340","Info":{"Name":"Drupal - Remote Code Execution","Severity":"high","Description":"Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10 V contain certain field types that do not properly sanitize data from non-form sources, which can lead to arbitrary PHP code execution in some cases.","Classification":{"CVSSScore":"8.1"}},"file_path":"cves/2019/CVE-2019-6340.yaml"}
{"ID":"CVE-2019-6715","Info":{"Name":"W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated File Read / Directory Traversal","Severity":"high","Description":"WordPress plugin W3 Total Cache before version 0.9.4 allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data via pub/sns.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2019/CVE-2019-6715.yaml"}
@ -980,9 +987,12 @@
{"ID":"CVE-2021-22911","Info":{"Name":"Rocket.Chat \u003c=3.13 - NoSQL Injection","Severity":"critical","Description":"Rocket.Chat 3.11, 3.12 and 3.13 contains a NoSQL injection vulnerability which allows unauthenticated access to an API endpoint. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-22911.yaml"}
{"ID":"CVE-2021-22986","Info":{"Name":"F5 BIG-IP iControl REST unauthenticated RCE","Severity":"critical","Description":"The iControl REST interface has an unauthenticated remote command execution vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-22986.yaml"}
{"ID":"CVE-2021-23241","Info":{"Name":"MERCUSYS Mercury X18G 1.0.5 Router - Local File Inclusion","Severity":"medium","Description":"MERCUSYS Mercury X18G 1.0.5 devices are vulnerable to local file inclusion via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2021/CVE-2021-23241.yaml"}
{"ID":"CVE-2021-24145","Info":{"Name":"Modern Events Calendar Lite \u003c 5.16.5 - Arbitrary File Upload to RCE","Severity":"high","Description":"Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2021/CVE-2021-24145.yaml"}
{"ID":"CVE-2021-24146","Info":{"Name":"WordPress Modern Events Calendar Lite \u003c5.16.5 - Sensitive Information Disclosure","Severity":"high","Description":"WordPress Modern Events Calendar Lite before 5.16.5 does not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-24146.yaml"}
{"ID":"CVE-2021-24155","Info":{"Name":"Backup Guard \u003c 1.6.0 - Authenticated Arbitrary File Upload","Severity":"high","Description":"The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2021/CVE-2021-24155.yaml"}
{"ID":"CVE-2021-24165","Info":{"Name":"WordPress Ninja Forms \u003c3.4.34 - Open Redirect","Severity":"medium","Description":"WordPress Ninja Forms plugin before 3.4.34 contains an open redirect vulnerability via the wp_ajax_nf_oauth_connect AJAX action, due to the use of a user-supplied redirect parameter and no protection in place. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24165.yaml"}
{"ID":"CVE-2021-24169","Info":{"Name":"Advanced Order Export For WooCommerce \u003c 3.1.8 - Authenticated Reflected Cross-Site Scripting (XSS)","Severity":"medium","Description":"This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24169.yaml"}
{"ID":"CVE-2021-24176","Info":{"Name":"WordPress JH 404 Logger \u003c=1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress JH 404 Logger plugin through 1.1 contains a cross-site scripting vulnerability. Referer and path of 404 pages are not properly sanitized when they are output in the WordPress dashboard, which can lead to executing arbitrary JavaScript code.","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2021/CVE-2021-24176.yaml"}
{"ID":"CVE-2021-24210","Info":{"Name":"WordPress PhastPress \u003c1.111 - Open Redirect","Severity":"medium","Description":"WordPress PhastPress plugin before 1.111 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24210.yaml"}
{"ID":"CVE-2021-24214","Info":{"Name":"WordPress OpenID Connect Generic Client 3.8.0-3.8.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress OpenID Connect Generic Client plugin 3.8.0 and 3.8.1 contains a cross-site scripting vulnerability. It does not sanitize the login error when output back in the login form, thereby not requiring authentication, which can be exploited with the default configuration.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24214.yaml"}
@ -998,6 +1008,7 @@
{"ID":"CVE-2021-24278","Info":{"Name":"WordPress Contact Form 7 \u003c2.3.4 - Arbitrary Nonce Generation","Severity":"high","Description":"WordPress Contact Form 7 before version 2.3.4 allows unauthenticated users to use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-24278.yaml"}
{"ID":"CVE-2021-24284","Info":{"Name":"WordPress Kaswara Modern VC Addons \u003c=3.0.1 - Arbitrary File Upload","Severity":"critical","Description":"WordPress Kaswara Modern VC Addons plugin through 3.0.1 is susceptible to an arbitrary file upload. The plugin allows unauthenticated arbitrary file upload via the uploadFontIcon AJAX action, which can be used to obtain code execution. The supplied zipfile is unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24284.yaml"}
{"ID":"CVE-2021-24285","Info":{"Name":"WordPress Car Seller - Auto Classifieds Script - SQL Injection","Severity":"critical","Description":"The request_list_request AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitize, validate or escape the order_id POST parameter before using it in a SQL statement, leading to a SQL injection issue.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24285.yaml"}
{"ID":"CVE-2021-24287","Info":{"Name":"Select All Categories and Taxonomies \u003c 1.3.2 - Reflected Cross-Site Scripting (XSS)","Severity":"medium","Description":"The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24287.yaml"}
{"ID":"CVE-2021-24288","Info":{"Name":"WordPress AcyMailing \u003c7.5.0 - Open Redirect","Severity":"medium","Description":"WordPress AcyMailing plugin before 7.5.0 contains an open redirect vulnerability due to improper sanitization of the redirect parameter. An attacker turning the request from POST to GET can craft a link containing a potentially malicious landing page and send it to the user.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24288.yaml"}
{"ID":"CVE-2021-24291","Info":{"Name":"WordPress Photo Gallery by 10Web \u003c1.5.69 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Photo Gallery by 10Web plugin before 1.5.69 contains multiple reflected cross-site scripting vulnerabilities via the gallery_id, tag, album_id and theme_id GET parameters passed to the bwg_frontend_data AJAX action, available to both unauthenticated and authenticated users.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24291.yaml"}
{"ID":"CVE-2021-24298","Info":{"Name":"WordPress Simple Giveaways \u003c2.36.2 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Simple Giveaways plugin before 2.36.2 contains a cross-site scripting vulnerability via the method and share GET parameters of the Giveaway pages, which are not sanitized, validated, or escaped before being output back in the pages.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24298.yaml"}
@ -1007,6 +1018,7 @@
{"ID":"CVE-2021-24335","Info":{"Name":"WordPress Car Repair Services \u0026 Auto Mechanic Theme \u003c4.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Car Repair Services \u0026 Auto Mechanic before 4.0 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the serviceestimatekey parameter before outputting it back in the page.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24335.yaml"}
{"ID":"CVE-2021-24340","Info":{"Name":"WordPress Statistics \u003c13.0.8 - Blind SQL Injection","Severity":"high","Description":"WordPress Statistic plugin versions prior to version 13.0.8 are affected by an unauthenticated time-based blind SQL injection vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-24340.yaml"}
{"ID":"CVE-2021-24342","Info":{"Name":"WordPress JNews Theme \u003c8.0.6 - Cross-Site Scripting","Severity":"medium","Description":"WordPress JNews theme before 8.0.6 contains a reflected cross-site scripting vulnerability. It does not sanitize the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*).","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24342.yaml"}
{"ID":"CVE-2021-24347","Info":{"Name":"SP Project \u0026 Document Manager \u003c 4.22 - Authenticated Shell Upload","Severity":"high","Description":"The SP Project \u0026 Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from \"php\" to \"pHP\".\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-24347.yaml"}
{"ID":"CVE-2021-24358","Info":{"Name":"Plus Addons for Elementor Page Builder \u003c 4.1.10 - Open Redirect","Severity":"medium","Description":"WordPress Plus Addons for Elementor Page Builder before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an open redirect issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24358.yaml"}
{"ID":"CVE-2021-24364","Info":{"Name":"WordPress Jannah Theme \u003c5.4.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Jannah theme before 5.4.4 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24364.yaml"}
{"ID":"CVE-2021-24370","Info":{"Name":"WordPress Fancy Product Designer \u003c4.6.9 - Arbitrary File Upload","Severity":"critical","Description":"WordPress Fancy Product Designer plugin before 4.6.9 is susceptible to an arbitrary file upload. An attacker can upload malicious files and execute code on the server, modify data, and/or gain full control over a compromised system without authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24370.yaml"}
@ -1020,15 +1032,18 @@
{"ID":"CVE-2021-24498","Info":{"Name":"WordPress Calendar Event Multi View \u003c1.4.01 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Calendar Event Multi View plugin before 1.4.01 contains an unauthenticated reflected cross-site scripting vulnerability. It does not sanitize or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php).","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24498.yaml"}
{"ID":"CVE-2021-24499","Info":{"Name":"WordPress Workreap - Remote Code Execution","Severity":"critical","Description":"WordPress Workreap theme is susceptible to remote code execution. The AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24499.yaml"}
{"ID":"CVE-2021-24510","Info":{"Name":"WordPress MF Gig Calendar \u003c=1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress MF Gig Calendar plugin 1.1 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize or escape the id GET parameter before outputting back in the admin dashboard when editing an event.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24510.yaml"}
{"ID":"CVE-2021-24554","Info":{"Name":"Paytm - Donation Plugin \u003c= 1.3.2 - Authenticated (admin+) SQL Injection","Severity":"high","Description":"The Paytm Donation Plugin WordPress plugin through 1.3.2 does not sanitise, validate or escape the id GET parameter before using it in a SQL statement when deleting donations, leading to an authenticated SQL injection issue.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2021/CVE-2021-24554.yaml"}
{"ID":"CVE-2021-24746","Info":{"Name":"WordPress Sassy Social Share Plugin \u003c3.3.40 - Cross-Site Scripting","Severity":"medium","Description":"WordPress plugin Sassy Social Share \u003c 3.3.40 contains a reflected cross-site scripting vulnerability.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24746.yaml"}
{"ID":"CVE-2021-24750","Info":{"Name":"WordPress Visitor Statistics (Real Time Traffic) \u003c4.8 -SQL Injection","Severity":"high","Description":"WordPress Visitor Statistics (Real Time Traffic) plugin before 4.8 does not properly sanitize and escape the refUrl in the refDetails AJAX action, which is available to any authenticated user. This could allow users with a role as low as subscriber to perform SQL injection attacks.","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-24750.yaml"}
{"ID":"CVE-2021-24762","Info":{"Name":"WordPress Perfect Survey\u003c1.5.2 - SQL Injection","Severity":"critical","Description":"Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24762.yaml"}
{"ID":"CVE-2021-24827","Info":{"Name":"WordPress Asgaros Forum \u003c1.15.13 - SQL Injection","Severity":"critical","Description":"WordPress Asgaros Forum plugin before 1.15.13 is susceptible to SQL injection. The plugin does not validate and escape user input when subscribing to a topic before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24827.yaml"}
{"ID":"CVE-2021-24838","Info":{"Name":"WordPress AnyComment \u003c0.3.5 - Open Redirect","Severity":"medium","Description":"WordPress AnyComment plugin before 0.3.5 contains an open redirect vulnerability via an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24838.yaml"}
{"ID":"CVE-2021-24875","Info":{"Name":"eCommerce Product Catalog for WordPress \u003c 3.0.39 - Reflected Cross-Site Scripting","Severity":"medium","Description":"The plugin does not escape the ic-settings-search parameter before outputting it back in the page in an attribute, leading to a Reflected Cross-Site Scripting issue.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24875.yaml"}
{"ID":"CVE-2021-24891","Info":{"Name":"WordPress Elementor Website Builder \u003c3.1.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Elementor Website Builder plugin before 3.1.4 contains a DOM cross-site scripting vulnerability. It does not sanitize or escape user input appended to the DOM via a malicious hash.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24891.yaml"}
{"ID":"CVE-2021-24910","Info":{"Name":"WordPress Transposh Translation \u003c1.0.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Transposh Translation plugin before 1.0.8 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24910.yaml"}
{"ID":"CVE-2021-24917","Info":{"Name":"WPS Hide Login \u003c 1.9.1 - Protection Bypass with Referer-Header","Severity":"high","Description":"The plugin has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-24917.yaml"}
{"ID":"CVE-2021-24926","Info":{"Name":"WordPress Domain Check \u003c1.0.17 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Domain Check plugin before 1.0.17 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the domain parameter before outputting it back in the page.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24926.yaml"}
{"ID":"CVE-2021-24931","Info":{"Name":"Secure Copy Content Protection and Content Locking \u003c 2.8.2 - Unauthenticated SQL Injection","Severity":"critical","Description":"The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24931.yaml"}
{"ID":"CVE-2021-24940","Info":{"Name":"WordPress Persian Woocommerce \u003c=5.8.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Persian Woocommerce plugin through 5.8.0 contains a cross-site scripting vulnerability. The plugin does not escape the s parameter before outputting it back in an attribute in the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site and possibly steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24940.yaml"}
{"ID":"CVE-2021-24946","Info":{"Name":"WordPress Modern Events Calendar \u003c6.1.5 - Blind SQL Injection","Severity":"critical","Description":"WordPress Modern Events Calendar plugin before 6.1.5 is susceptible to blind SQL injection. The plugin does not sanitize and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24946.yaml"}
{"ID":"CVE-2021-24947","Info":{"Name":"WordPress Responsive Vector Maps \u003c 6.4.2 - Arbitrary File Read","Severity":"medium","Description":"WordPress Responsive Vector Maps \u003c 6.4.2 contains an arbitrary file read vulnerability because the plugin does not have proper authorization and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user to read arbitrary files on the web server.","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2021/CVE-2021-24947.yaml"}
@ -1042,6 +1057,7 @@
{"ID":"CVE-2021-25052","Info":{"Name":"WordPress Button Generator \u003c2.3.3 - Remote File Inclusion","Severity":"high","Description":"WordPress Button Generator before 2.3.3 within the wow-company admin menu page allows arbitrary file inclusion with PHP extensions (as well as with data:// or http:// protocols), thus leading to cross-site request forgery and remote code execution.","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-25052.yaml"}
{"ID":"CVE-2021-25055","Info":{"Name":"WordPress FeedWordPress \u003c 2022.0123 - Authenticated Cross-Site Scripting","Severity":"medium","Description":"The plugin is affected by a cross-site scripting vulnerability within the \"visibility\" parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-25055.yaml"}
{"ID":"CVE-2021-25063","Info":{"Name":"WordPress Contact Form 7 Skins \u003c=2.5.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Contact Form 7 Skins plugin 2.5.0 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the tab parameter before outputting it back in an admin page.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-25063.yaml"}
{"ID":"CVE-2021-25067","Info":{"Name":"Landing Page Builder \u003c 1.4.9.6 - Cross-Site Scripting","Severity":"medium","Description":"The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-builder-add on the ulpb_post admin page.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2021/CVE-2021-25067.yaml"}
{"ID":"CVE-2021-25074","Info":{"Name":"WordPress WebP Converter for Media \u003c 4.0.3 - Unauthenticated Open Redirect","Severity":"medium","Description":"WordPress WebP Converter for Media \u003c 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an open redirect issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-25074.yaml"}
{"ID":"CVE-2021-25075","Info":{"Name":"WordPress Duplicate Page or Post \u003c1.5.1 - Cross-Site Scripting","Severity":"low","Description":"WordPress Duplicate Page or Post plugin before 1.5.1 contains a stored cross-site scripting vulnerability. The plugin does not have any authorization and has a flawed cross-site request forgery check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing unauthenticated users to call it and change the plugin's settings, or perform such attack via cross-site request forgery.\n","Classification":{"CVSSScore":"3.5"}},"file_path":"cves/2021/CVE-2021-25075.yaml"}
{"ID":"CVE-2021-25085","Info":{"Name":"WOOF WordPress plugin - Cross-Site Scripting","Severity":"medium","Description":"The WOOF WordPress plugin does not sanitize or escape the woof_redraw_elements parameter before reflecting it back in an admin page, leading to a reflected cross-site scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-25085.yaml"}
@ -1053,9 +1069,9 @@
{"ID":"CVE-2021-25118","Info":{"Name":"Yoast SEO \u003c 17.3 - Path Disclosure","Severity":"medium","Description":"The plugin discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2021/CVE-2021-25118.yaml"}
{"ID":"CVE-2021-25120","Info":{"Name":"Easy Social Feed \u003c 6.2.7 - Cross-Site Scripting","Severity":"medium","Description":"Easy Social Feed \u003c 6.2.7 is susceptible to reflected cross-site scripting because the plugin does not sanitize and escape a parameter before outputting it back in an admin dashboard page, leading to it being executed in the context of a logged admin or editor.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-25120.yaml"}
{"ID":"CVE-2021-25281","Info":{"Name":"SaltStack Salt \u003c3002.5 - Auth Bypass","Severity":"critical","Description":"SaltStack Salt before 3002.5 does not honor eauth credentials for the wheel_async client, allowing attackers to remotely run any wheel modules on the master.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-25281.yaml"}
{"ID":"CVE-2021-25296","Info":{"Name":"Nagios XI versions 5.5.6 to 5.7.5 - Command Injection","Severity":"high","Description":"Nagios XI versions 5.5.6 to 5.7.5 are affected by OS command injection. An authenticated user can gain code execution due to unsanitized URL paramaters.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-25296.yaml"}
{"ID":"CVE-2021-25297","Info":{"Name":"Nagios XI versions 5.5.6 to 5.7.5 - Command Injection","Severity":"high","Description":"Nagios XI versions 5.5.6 to 5.7.5 are affected by OS command injection. An authenticated user can gain code execution due to unsanitized URL paramaters.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-25297.yaml"}
{"ID":"CVE-2021-25298","Info":{"Name":"Nagios XI 5.5.6 to 5.7.5 - Command Injection","Severity":"high","Description":"Nagios XI versions 5.5.6 to 5.7.5 are affected by OS command injection. An authenticated user can gain code execution due to unsanitized URL paramaters.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-25298.yaml"}
{"ID":"CVE-2021-25296","Info":{"Name":"Nagios XI versions 5.5.6 to 5.7.5 - Command Injection","Severity":"high","Description":"Nagios XI versions 5.5.6 to 5.7.5 are affected by OS command injection. An authenticated user can gain code execution due to unsanitized URL parameters.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-25296.yaml"}
{"ID":"CVE-2021-25297","Info":{"Name":"Nagios XI versions 5.5.6 to 5.7.5 - Command Injection","Severity":"high","Description":"Nagios XI versions 5.5.6 to 5.7.5 are affected by OS command injection. An authenticated user can gain code execution due to unsanitized URL parameters.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-25297.yaml"}
{"ID":"CVE-2021-25298","Info":{"Name":"Nagios XI 5.5.6 to 5.7.5 - Command Injection","Severity":"high","Description":"Nagios XI versions 5.5.6 to 5.7.5 are affected by OS command injection. An authenticated user can gain code execution due to unsanitized URL parameters.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-25298.yaml"}
{"ID":"CVE-2021-25299","Info":{"Name":"Nagios XI 5.7.5 - Cross-Site Scripting","Severity":"medium","Description":"Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-25299.yaml"}
{"ID":"CVE-2021-25646","Info":{"Name":"Apache Druid - Remote Code Execution","Severity":"high","Description":"Apache Druid is susceptible to remote code execution because by default it lacks authorization and authentication. Attackers can send specially crafted requests to execute arbitrary code with the privileges of processes on the Druid server.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-25646.yaml"}
{"ID":"CVE-2021-25864","Info":{"Name":"Hue Magic 3.0.0 - Local File Inclusion","Severity":"high","Description":"Hue Magic 3.0.0 is susceptible to local file inclusion via the res.sendFile API.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-25864.yaml"}
@ -1078,6 +1094,7 @@
{"ID":"CVE-2021-27330","Info":{"Name":"Triconsole Datepicker Calendar \u003c3.77 - Cross-Site Scripting","Severity":"medium","Description":"Triconsole Datepicker Calendar before 3.77 contains a cross-site scripting vulnerability in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-27330.yaml"}
{"ID":"CVE-2021-27358","Info":{"Name":"Grafana Unauthenticated Snapshot Creation","Severity":"high","Description":"Grafana 6.7.3 through 7.4.1 snapshot functionality can allow an unauthenticated remote attacker to trigger a Denial of Service via a remote API call if a commonly used configuration is set.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-27358.yaml"}
{"ID":"CVE-2021-27519","Info":{"Name":"FUDForum 3.1.0 - Cross-Site Scripting","Severity":"medium","Description":"FUDForum 3.1.0 contains a cross-site scripting vulnerability which allows remote attackers to inject JavaScript via index.php in the \"srch\" parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-27519.yaml"}
{"ID":"CVE-2021-27520","Info":{"Name":"FUDForum 3.1.0 - Cross Site Scripting","Severity":"medium","Description":"A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the \"author\" parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-27520.yaml"}
{"ID":"CVE-2021-27561","Info":{"Name":"YeaLink DM 3.6.0.20 - Remote Command Injection","Severity":"critical","Description":"Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-27561.yaml"}
{"ID":"CVE-2021-27651","Info":{"Name":"Pega Infinity - Authentication Bypass","Severity":"critical","Description":"Pega Infinity versions 8.2.1 through 8.5.2 contain an authentication bypass vulnerability because the password reset functionality for local accounts can be used to bypass local authentication checks.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-27651.yaml"}
{"ID":"CVE-2021-27748","Info":{"Name":"IBM WebSphere HCL Digital Experience - Server-Side Request Forgery","Severity":"high","Description":"IBM WebSphere HCL Digital Experience is vulnerable to server-side request forgery that impacts on-premise deployments and containers.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2021/CVE-2021-27748.yaml"}
@ -1100,7 +1117,7 @@
{"ID":"CVE-2021-29441","Info":{"Name":"Nacos \u003c1.4.1 - Authentication Bypass","Severity":"critical","Description":"This template only works on Nuclei engine prior to version 2.3.3 and version \u003e= 2.3.5.\n\nIn Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true)\nNacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that\nenables Nacos servers to bypass this filter and therefore skip authentication checks.\nThis mechanism relies on the user-agent HTTP header so it can be easily spoofed.\nThis issue may allow any user to carry out any administrative tasks on the Nacos server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-29441.yaml"}
{"ID":"CVE-2021-29442","Info":{"Name":"Nacos \u003c1.4.1 - Authentication Bypass","Severity":"high","Description":"Nacos before version 1.4.1 is vulnerable to authentication bypass because the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql).\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-29442.yaml"}
{"ID":"CVE-2021-29484","Info":{"Name":"Ghost CMS \u003c=4.32 - Cross-Site Scripting","Severity":"medium","Description":"Ghost CMS 4.0.0 to 4.3.2 contains a DOM cross-site scripting vulnerability. An unused endpoint added during the development of 4.0.0 allows attackers to gain access by getting logged-in users to click a link containing malicious code.","Classification":{"CVSSScore":"6.8"}},"file_path":"cves/2021/CVE-2021-29484.yaml"}
{"ID":"CVE-2021-29490","Info":{"Name":"Jellyfin 10.7.2 - SSRF","Severity":"medium","Description":"Jellyfin is a free software media system. Versions 10.7.2 and below are vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the imageUrl parameter.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"cves/2021/CVE-2021-29490.yaml"}
{"ID":"CVE-2021-29490","Info":{"Name":"Jellyfin 10.7.2 - Server Side Request Forgery","Severity":"medium","Description":"Jellyfin is a free software media system. Versions 10.7.2 and below are vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the imageUrl parameter.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"cves/2021/CVE-2021-29490.yaml"}
{"ID":"CVE-2021-29622","Info":{"Name":"Prometheus - Open Redirect","Severity":"medium","Description":"Prometheus 2.23.0 through 2.26.0 and 2.27.0 contains an open redirect vulnerability. To ensure a seamless transition to 2.27.0, the default UI was changed to the new UI with a URL prefixed by /new redirect to /. Due to a bug in the code, an attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-29622.yaml"}
{"ID":"CVE-2021-29625","Info":{"Name":"Adminer \u003c=4.8.0 - Cross-Site Scripting","Severity":"medium","Description":"Adminer 4.6.1 to 4.8.0 contains a cross-site scripting vulnerability which affects users of MySQL, MariaDB, PgSQL, and SQLite in browsers without CSP when Adminer uses a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled).","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-29625.yaml"}
{"ID":"CVE-2021-3002","Info":{"Name":"Seo Panel 4.8.0 - Cross-Site Scripting","Severity":"medium","Description":"Seo Panel 4.8.0 contains a reflected cross-site scripting vulnerability via the seo/seopanel/login.php?sec=forgot email parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-3002.yaml"}
@ -1136,7 +1153,7 @@
{"ID":"CVE-2021-32789","Info":{"Name":"WooCommerce Blocks 2.5 to 5.5 - Unauthenticated SQL Injection","Severity":"high","Description":"woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be executed against the `wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]` endpoint that allows the execution of a read only sql query. There are patches for many versions of this package, starting with version 2.5.16. There are no known workarounds aside from upgrading.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-32789.yaml"}
{"ID":"CVE-2021-32819","Info":{"Name":"Nodejs Squirrelly - Remote Code Execution","Severity":"high","Description":"Nodejs Squirrelly is susceptible to remote code execution. Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream applications. There is currently no fix for these issues as of the publication of this CVE. The latest version of squirrelly is currently 8.0.8. For complete details refer to the referenced GHSL-2021-023.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-32819.yaml"}
{"ID":"CVE-2021-32820","Info":{"Name":"Express-handlebars - Local File Inclusion","Severity":"high","Description":"Express-handlebars is susceptible to local file inclusion because it mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extensions (i.e., file.extension) can be included. Files that lack an extension will have .handlebars appended to them. For complete details refer to the referenced GHSL-2021-018 report. Notes in documentation have been added to help users avoid this potential information exposure vulnerability.","Classification":{"CVSSScore":"8.6"}},"file_path":"cves/2021/CVE-2021-32820.yaml"}
{"ID":"CVE-2021-32853","Info":{"Name":"Erxes \u003c0.23.0 - Cross-Site Scripting","Severity":"medium","Description":"Erxes before 0.23.0 contains a cross-site scripting vulnerability. The value of topicID parameter is not escaped and is triggered in the enclosing script tag.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2021/CVE-2021-32853.yaml"}
{"ID":"CVE-2021-32853","Info":{"Name":"Erxes \u003c0.23.0 - Cross-Site Scripting","Severity":"critical","Description":"Erxes before 0.23.0 contains a cross-site scripting vulnerability. The value of topicID parameter is not escaped and is triggered in the enclosing script tag.","Classification":{"CVSSScore":"9.6"}},"file_path":"cves/2021/CVE-2021-32853.yaml"}
{"ID":"CVE-2021-3293","Info":{"Name":"emlog 5.3.1 Path Disclosure","Severity":"high","Description":"emlog v5.3.1 is susceptible to full path disclosure via t/index.php, which allows an attacker to see the path to the webroot/file.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-3293.yaml"}
{"ID":"CVE-2021-3297","Info":{"Name":"Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass","Severity":"high","Description":"Zyxel NBG2105 V1.00(AAGU.2)C0 devices are susceptible to authentication bypass vulnerabilities because setting the login cookie to 1 provides administrator access.","Classification":{"CVSSScore":"7.8"}},"file_path":"cves/2021/CVE-2021-3297.yaml"}
{"ID":"CVE-2021-33044","Info":{"Name":"Dahua IPC/VTH/VTO - Authentication Bypass","Severity":"critical","Description":"Some Dahua products contain an authentication bypass during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-33044.yaml"}
@ -1328,7 +1345,9 @@
{"ID":"CVE-2022-0678","Info":{"Name":"Packagist \u003c1.2.11 - Cross-Site Scripting","Severity":"medium","Description":"Packagist prior to 1.2.11 contains a cross-site scripting vulnerability via microweber/microweber. User can escape the meta tag because the user doesn't escape the double-quote in the $redirectUrl parameter when logging out.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-0678.yaml"}
{"ID":"CVE-2022-0679","Info":{"Name":"WordPress Narnoo Distributor \u003c=2.5.1 - Local File Inclusion","Severity":"critical","Description":"WordPress Narnoo Distributor plugin 2.5.1 and prior is susceptible to local file inclusion. The plugin does not validate and sanitize the lib_path parameter before being passed into a call to require() via the narnoo_distributor_lib_request AJAX action, and the content of the file is displayed in the response as JSON data. This can also lead to a remote code execution vulnerability depending on system and configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0679.yaml"}
{"ID":"CVE-2022-0692","Info":{"Name":"Rudloff alltube prior to 3.0.1 - Open Redirect","Severity":"medium","Description":"An open redirect vulnerability exists in Rudloff/alltube that could let an attacker construct a URL within the application that causes redirection to an arbitrary external domain via Packagist in versions prior to 3.0.1.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-0692.yaml"}
{"ID":"CVE-2022-0693","Info":{"Name":"Master Elements \u003c= 8.0 - Unauthenticated SQLi","Severity":"critical","Description":"The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL Injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0693.yaml"}
{"ID":"CVE-2022-0735","Info":{"Name":"GitLab CE/EE - Runner Registration Token Disclosure","Severity":"critical","Description":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0735.yaml"}
{"ID":"CVE-2022-0760","Info":{"Name":"Simple Link Directory \u003c 7.7.2 - Unauthenticated SQL injection","Severity":"critical","Description":"The plugin does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0760.yaml"}
{"ID":"CVE-2022-0776","Info":{"Name":"RevealJS postMessage \u003c4.3.0 - Cross-Site Scripting","Severity":"high","Description":"RevealJS postMessage before 4.3.0 contains a cross-site scripting vulnerability via the document object model.","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2022/CVE-2022-0776.yaml"}
{"ID":"CVE-2022-0781","Info":{"Name":"WordPress Nirweb Support \u003c2.8.2 - SQL Injection","Severity":"critical","Description":"WordPress Nirweb support plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0781.yaml"}
{"ID":"CVE-2022-0784","Info":{"Name":"WordPress Title Experiments Free \u003c9.0.1 - SQL Injection","Severity":"critical","Description":"WordPress Title Experiments Free plugin before 9.0.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0784.yaml"}
@ -1343,11 +1362,13 @@
{"ID":"CVE-2022-0885","Info":{"Name":"Member Hero \u003c= 1.0.9 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0885.yaml"}
{"ID":"CVE-2022-0928","Info":{"Name":"Microweber \u003c 1.2.12 - Stored Cross-Site Scripting","Severity":"medium","Description":"Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability via the Type parameter in the body of POST request, which is triggered by Add/Edit Tax.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-0928.yaml"}
{"ID":"CVE-2022-0948","Info":{"Name":"WordPress Order Listener for WooCommerce \u003c3.2.2 - SQL Injection","Severity":"critical","Description":"WordPress Order Listener for WooCommerce plugin before 3.2.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0948.yaml"}
{"ID":"CVE-2022-0949","Info":{"Name":"WP Block and Stop Bad Bots \u003c 6.930 - Unauthenticated SQLi","Severity":"critical","Description":"The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0949.yaml"}
{"ID":"CVE-2022-0952","Info":{"Name":"Sitemap by click5 \u003c 1.0.36 - Unauthenticated Arbitrary Options Update","Severity":"high","Description":"The plugin does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2022/CVE-2022-0952.yaml"}
{"ID":"CVE-2022-0954","Info":{"Name":"Microweber \u003c1.2.11 - Stored Cross-Site Scripting","Severity":"medium","Description":"Microweber before 1.2.1 contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Autorespond E-mail Settings, and Payment Methods.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-0954.yaml"}
{"ID":"CVE-2022-0963","Info":{"Name":"Microweber \u003c1.2.12 - Stored Cross-Site Scripting","Severity":"medium","Description":"Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-0963.yaml"}
{"ID":"CVE-2022-0968","Info":{"Name":"Microweber \u003c 1.2.12 - Integer Overflow (DOS)","Severity":"medium","Description":"The microweber application allows large characters to insert in the input field \"first \u0026 last name\" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. The first name \u0026 last name input should be limited to 50 characters or max 100 characters.\n","Classification":{"CVSSScore":"5.5"}},"file_path":"cves/2022/CVE-2022-0968.yaml"}
{"ID":"CVE-2022-1007","Info":{"Name":"WordPress Advanced Booking Calendar \u003c1.7.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Advanced Booking Calendar plugin before 1.7.1 contains a cross-site scripting vulnerability. It does not sanitize and escape the room parameter before outputting it back in an admin page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-1007.yaml"}
{"ID":"CVE-2022-1013","Info":{"Name":"Personal Dictionary \u003c 1.3.4 - Unauthenticated SQLi","Severity":"critical","Description":"The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-1013.yaml"}
{"ID":"CVE-2022-1020","Info":{"Name":"WordPress WooCommerce \u003c3.1.2 - Arbitrary Function Call","Severity":"critical","Description":"WordPress WooCommerce plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-1020.yaml"}
{"ID":"CVE-2022-1040","Info":{"Name":"Sophos Firewall \u003c=18.5 MR3 - Remote Code Execution","Severity":"critical","Description":"Sophos Firewall version v18.5 MR3 and older contains an authentication bypass vulnerability in the User Portal and Webadmin which could allow a remote attacker to execute code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-1040.yaml"}
{"ID":"CVE-2022-1054","Info":{"Name":"RSVP and Event Management \u003c 2.7.8 - Unauthenticated Entries Export","Severity":"medium","Description":"The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name, last name and email address of user registered for events","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-1054.yaml"}
@ -1557,11 +1578,14 @@
{"ID":"CVE-2022-38817","Info":{"Name":"Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control","Severity":"high","Description":"Dapr Dashboard 0.1.0 through 0.10.0 is susceptible to improper access control. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-38817.yaml"}
{"ID":"CVE-2022-38870","Info":{"Name":"Free5gc 3.2.1 - Information Disclosure","Severity":"high","Description":"Free5gc 3.2.1 is susceptible to information disclosure. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-38870.yaml"}
{"ID":"CVE-2022-39195","Info":{"Name":"LISTSERV 17 - Cross-Site Scripting","Severity":"medium","Description":"LISTSERV 17 web interface contains a cross-site scripting vulnerability. An attacker can inject arbitrary JavaScript or HTML via the \"c\" parameter, thereby possibly allowing the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-39195.yaml"}
{"ID":"CVE-2022-39952","Info":{"Name":"FortiNAC Unauthenticated Arbitrary File Write","Severity":"critical","Description":"A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2022/CVE-2022-39952.yaml"}
{"ID":"CVE-2022-3934","Info":{"Name":"Flat PM \u003c 3.0.13 - Reflected Cross-Site Scripting","Severity":"medium","Description":"The FlatPM WordPress plugin before 3.0.13 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-3934.yaml"}
{"ID":"CVE-2022-39952","Info":{"Name":"FortiNAC Unauthenticated Arbitrary File Write","Severity":"critical","Description":"A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-39952.yaml"}
{"ID":"CVE-2022-39960","Info":{"Name":"Atlassian Jira addon Netic Group Export \u003c 1.0.3 - Unauthenticated Access","Severity":"medium","Description":"The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-39960.yaml"}
{"ID":"CVE-2022-40083","Info":{"Name":"Labstack Echo 4.8.0 - Open Redirect","Severity":"critical","Description":"Labstack Echo 4.8.0 contains an open redirect vulnerability via the Static Handler component. An attacker can leverage this vulnerability to cause server-side request forgery, making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.6"}},"file_path":"cves/2022/CVE-2022-40083.yaml"}
{"ID":"CVE-2022-40359","Info":{"Name":"Kae's File Manager \u003c=1.4.7 - Cross-Site Scripting","Severity":"medium","Description":"Kae's File Manager through 1.4.7 contains a cross-site scripting vulnerability via a crafted GET request to /kfm/index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-40359.yaml"}
{"ID":"CVE-2022-4050","Info":{"Name":"WordPress JoomSport \u003c5.2.8 - SQL Injection","Severity":"critical","Description":"WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-4050.yaml"}
{"ID":"CVE-2022-4060","Info":{"Name":"User Post Gallery \u003c= 2.19 - Unauthenticated RCE","Severity":"critical","Description":"The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-4060.yaml"}
{"ID":"CVE-2022-4063","Info":{"Name":"InPost Gallery \u003c 2.1.4.1 - Unauthenticated LFI to RCE","Severity":"critical","Description":"The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files \u0026 URLs, which may enable them to run code on servers.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-4063.yaml"}
{"ID":"CVE-2022-40684","Info":{"Name":"Fortinet - Authentication Bypass","Severity":"critical","Description":"Fortinet contains an authentication bypass vulnerability via using an alternate path or channel in FortiOS 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy 7.2.0 and 7.0.0 through 7.0.6, and FortiSwitchManager 7.2.0 and 7.0.0. An attacker can perform operations on the administrative interface via specially crafted HTTP or HTTPS requests, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-40684.yaml"}
{"ID":"CVE-2022-40734","Info":{"Name":"Laravel Filemanager v2.5.1 - Local File Inclusion","Severity":"medium","Description":"Laravel Filemanager (aka UniSharp) through version 2.5.1 is vulnerable to local file inclusion via download?working_dir=%2F.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2022/CVE-2022-40734.yaml"}
{"ID":"CVE-2022-40879","Info":{"Name":"kkFileView 4.1.0 - Cross-Site Scripting","Severity":"medium","Description":"kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the errorMsg parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-40879.yaml"}
@ -1574,25 +1598,31 @@
{"ID":"CVE-2022-42747","Info":{"Name":"CandidATS 3.0.0 - Cross-Site Scripting.","Severity":"medium","Description":"CandidATS 3.0.0 contains a cross-site scripting vulnerability via the sortBy parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-42747.yaml"}
{"ID":"CVE-2022-42748","Info":{"Name":"CandidATS 3.0.0 - Cross-Site Scripting.","Severity":"medium","Description":"CandidATS 3.0.0 contains a cross-site scripting vulnerability via the sortDirection parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-42748.yaml"}
{"ID":"CVE-2022-42749","Info":{"Name":"CandidATS 3.0.0 - Cross-Site Scripting","Severity":"medium","Description":"CandidATS 3.0.0 contains a cross-site scripting vulnerability via the page parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-42749.yaml"}
{"ID":"CVE-2022-4301","Info":{"Name":"Sunshine Photo Cart \u003c 2.9.15 - Cross Site Scripting","Severity":"medium","Description":"The Sunshine Photo Cart WordPress plugin before 2.9.15 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-4301.yaml"}
{"ID":"CVE-2022-43014","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the joborderID parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-43014.yaml"}
{"ID":"CVE-2022-43015","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the entriesPerPage parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-43015.yaml"}
{"ID":"CVE-2022-43016","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the callback component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-43016.yaml"}
{"ID":"CVE-2022-43017","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the indexFile component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-43017.yaml"}
{"ID":"CVE-2022-43018","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the email parameter in the Check Email function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-43018.yaml"}
{"ID":"CVE-2022-4306","Info":{"Name":"Panda Pods Repeater Field \u003c 1.5.4 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permission.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-4306.yaml"}
{"ID":"CVE-2022-4447","Info":{"Name":"Fontsy \u003c= 1.8.6 - Unauthenticated SQLi","Severity":"critical","Description":"The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-4447.yaml"}
{"ID":"CVE-2022-44877","Info":{"Name":"Centos Web Panel - Unauthenticated Remote Code Execution","Severity":"critical","Description":"RESERVED An issue in the /login/index.php component of Centos Web Panel 7 before v0.9.8.1147 allows unauthenticated attackers to execute arbitrary system commands via crafted HTTP requests.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-44877.yaml"}
{"ID":"CVE-2022-45362","Info":{"Name":"Paytm Payment Gateway Plugin \u003c= 2.7.0 Server Side Request Forgery (SSRF)","Severity":"high","Description":"Server Side Request Forgery (SSRF) vulnerability in WordPress Paytm Payment Gateway Plugin. This could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker. This could allow a malicious actor to find sensitive information.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2022/CVE-2022-45362.yaml"}
{"ID":"CVE-2022-45805","Info":{"Name":"WordPress Paytm Payment Gateway Plugin \u003c= 2.7.3 - SQL Injection","Severity":"high","Description":"SQL Injection vulnerability in WordPress Paytm Payment Gateway Plugin. This could allow a malicious actor to directly interact with your database, including but not limited to stealing information and creating new administrator accounts. This vulnerability has been fixed in version 2.7.7.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"cves/2022/CVE-2022-45805.yaml"}
{"ID":"CVE-2022-45917","Info":{"Name":"ILIAS eLearning \u003c7.16 - Open Redirect","Severity":"medium","Description":"ILIAS eLearning before 7.16 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-45917.yaml"}
{"ID":"CVE-2022-45933","Info":{"Name":"KubeView \u003c=0.1.31 - Information Disclosure","Severity":"critical","Description":"KubeView through 0.1.31 is susceptible to information disclosure. An attacker can obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication and retrieves certificate files that can be used for authentication as kube-admin. An attacker can thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-45933.yaml"}
{"ID":"CVE-2022-46169","Info":{"Name":"Cacti \u003c= 1.2.22 Unauthenticated Command Injection","Severity":"critical","Description":"The vulnerability allows a remote attacker to compromise the affected system. The vulnerability exists due to insufficient authorization within the Remote Agent when handling HTTP requests with a custom Forwarded-For HTTP header. A remote non-authenticated attacker can send a specially crafted HTTP request to the affected instance and execute arbitrary OS commands on the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-46169.yaml"}
{"ID":"CVE-2022-46381","Info":{"Name":"Linear eMerge E3-Series - Cross-Site Scripting","Severity":"medium","Description":"Linear eMerge E3-Series devices contain a cross-site scripting vulnerability via the type parameter, e.g., to the badging/badge_template_v0.php component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site and thus steal cookie-based authentication credentials and launch other attacks. This affects versions 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-46381.yaml"}
{"ID":"CVE-2022-46888","Info":{"Name":"NexusPHP - Cross-Site Scripting","Severity":"medium","Description":"NexusPHPbefore 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-46888.yaml"}
{"ID":"CVE-2022-47945","Info":{"Name":"Thinkphp Lang - Local File Inclusion","Severity":"critical","Description":"ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-47945.yaml"}
{"ID":"CVE-2022-47966","Info":{"Name":"ManageEngine - Remote Command Execution","Severity":"critical","Description":"Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-47966.yaml"}
{"ID":"CVE-2022-47986","Info":{"Name":"Pre-Auth RCE in Aspera Faspex","Severity":"critical","Description":"IBM Aspera Faspex could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-47986.yaml"}
{"ID":"CVE-2022-48165","Info":{"Name":"Wavlink - Configuration Exposure","Severity":"high","Description":"An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2022/CVE-2022-48165.yaml"}
{"ID":"CVE-2022-48165","Info":{"Name":"Wavlink - Configuration Exposure","Severity":"high","Description":"An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-48165.yaml"}
{"ID":"CVE-2022-4897","Info":{"Name":"BackupBuddy \u003c 8.8.3 - Cross Site Scripting","Severity":"medium","Description":"The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-4897.yaml"}
{"ID":"CVE-2023-0669","Info":{"Name":"GoAnywhere MFT - Remote Code Execution (ZeroDay)","Severity":"high","Description":"Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2023/CVE-2023-0669.yaml"}
{"ID":"CVE-2023-23488","Info":{"Name":"Paid Memberships Pro \u003c 2.9.8 - Unauthenticated Blind SQLi","Severity":"critical","Description":"The Paid Memberships Pro WordPress Plugin, version \u003c 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2023/CVE-2023-23488.yaml"}
{"ID":"CVE-2023-23489","Info":{"Name":"Easy Digital Downloads 3.1.0.2 \u0026 3.1.0.3 - Unauthenticated SQLi","Severity":"critical","Description":"The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 \u0026 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2023/CVE-2023-23489.yaml"}
{"ID":"CVE-2023-23752","Info":{"Name":"Joomla Improper AccessCheck in WebService Endpoint","Severity":"high","Description":"An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2023/CVE-2023-23752.yaml"}
{"ID":"CVE-2023-23492","Info":{"Name":"Login with Phone Number - Cross-Site Scripting","Severity":"high","Description":"Login with Phone Number, versions \u003c 1.4.2, is affected by an reflected XSS vulnerability in the login-with-phonenumber.php' file in the 'lwp_forgot_password()' function.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2023/CVE-2023-23492.yaml"}
{"ID":"CVE-2023-23752","Info":{"Name":"Joomla Improper AccessCheck in WebService Endpoint","Severity":"medium","Description":"An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2023/CVE-2023-23752.yaml"}
{"ID":"CVE-2023-24044","Info":{"Name":"Plesk Obsidian - Host Header Injection","Severity":"medium","Description":"A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2023/CVE-2023-24044.yaml"}
{"ID":"CVE-2023-24322","Info":{"Name":"mojoPortal - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2023/CVE-2023-24322.yaml"}
description:Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles component (com_rsfiles). This could allow remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action.
description:Joomla! Image Browser 0.1.5 rc2 is susceptible to local file inclusion via com_imagebrowser which could allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
description:Joomla! 2.0.0 RC2 and earlier are susceptible to local file inclusion in the eXtplorer module (com_extplorer) that allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
description:Joomla! ionFiles 4.4.2 is susceptible to local file inclusion in download.php in the ionFiles (com_ionfiles) that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
description:A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.
description:Joomla! Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
description:Joomla! Ideal MooFAQ 1.0 via com_moofaq allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter (local file inclusion).
description:Joomla! JoomlaPraise Projectfork (com_projectfork) 2.0.10 allows remote attackers to read arbitrary files via local file inclusion in the section parameter to index.php.
description:Joomla! Agora 3.0.0b (com_agora) allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php.
description:Joomla! Roland Breedveld Album 1.14 (com_album) is susceptible to local file inclusion because it allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
Joomla! Portfolio Nexus 1.5 contains a remote file inclusion vulnerability in the inertialFATE iF (com_if_nexus) component that allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.
description:A directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.
description:A directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
description:A directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
description:A directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter.
description:Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.
description:A directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.
description:A directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
description:A directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
description:A directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
description:A directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php.
description:A directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and have possibly other unspecified impacts via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the view parameter to index.php.
description:A directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
description:A directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter.
description:A directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
description:A directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
description:A directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in joomlaflickr.php in the Joomla! Flickr (com_joomlaflickr) component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
description:A drectory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
description:A directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the Percha Image Attach (com_perchaimageattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
description:A directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.