daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

patch-11
ghost 2024-08-28 02:15:02 +00:00
parent fe90fd0da8
commit a76fa09706
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@ -2313,6 +2313,7 @@
{"ID":"CVE-2023-46732","Info":{"Name":"XWiki \u003c 14.10.14 - Cross-Site Scripting","Severity":"medium","Description":"XWiki is vulnerable to reflected cross-site scripting (RXSS) via the rev parameter that is used in the content of the content menu without escaping. If an attacker can convince a user to visit a link with a crafted parameter, this allows the attacker to execute arbitrary actions in the name of the user, including remote code (Groovy) execution in the case of a user with programming right, compromising the confidentiality, integrity and availability of the whole XWiki installation.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-46732.yaml"}
{"ID":"CVE-2023-46747","Info":{"Name":"F5 BIG-IP - Unauthenticated RCE via AJP Smuggling","Severity":"critical","Description":"CVE-2023-46747 is a critical severity authentication bypass vulnerability in F5 BIG-IP that could allow an unauthenticated attacker to achieve remote code execution (RCE). The vulnerability impacts the BIG-IP Configuration utility, also known as the TMUI, wherein arbitrary requests can bypass authentication. The vulnerability received a CVSSv3 score of 9.8.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-46747.yaml"}
{"ID":"CVE-2023-46805","Info":{"Name":"Ivanti ICS - Authentication Bypass","Severity":"high","Description":"An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2023/CVE-2023-46805.yaml"}
{"ID":"CVE-2023-46818","Info":{"Name":"ISPConfig - PHP Code Injection","Severity":"high","Description":"An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-46818.yaml"}
{"ID":"CVE-2023-47115","Info":{"Name":"Label Studio - Cross-Site Scripting","Severity":"high","Description":"Versions prior to 1.9.2 have a cross-site scripting (XSS) vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website.\n","Classification":{"CVSSScore":"7.1"}},"file_path":"http/cves/2023/CVE-2023-47115.yaml"}
{"ID":"CVE-2023-47117","Info":{"Name":"Label Studio - Sensitive Information Exposure","Severity":"high","Description":"An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django's Object Relational Mapper (ORM). Since the results of query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by character.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-47117.yaml"}
{"ID":"CVE-2023-4714","Info":{"Name":"PlayTube 3.0.1 - Information Disclosure","Severity":"high","Description":"A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4714.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
b9b1ca080635d91a8f6d6e5ae18cc721
88361a4cba8f5c81f4ddc35304b2bb05