diff --git a/cves.json b/cves.json index b7452472a6..8dffe620f0 100644 --- a/cves.json +++ b/cves.json @@ -2254,6 +2254,7 @@ {"ID":"CVE-2023-37728","Info":{"Name":"IceWarp Webmail Server v10.2.1 - Cross Site Scripting","Severity":"medium","Description":"Icewarp Icearp v10.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37728.yaml"} {"ID":"CVE-2023-37979","Info":{"Name":"Ninja Forms \u003c 3.6.26 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37979.yaml"} {"ID":"CVE-2023-38035","Info":{"Name":"Ivanti Sentry - Authentication Bypass","Severity":"critical","Description":"A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38035.yaml"} +{"ID":"CVE-2023-38040","Info":{"Name":"Revive Adserver 5.4.1 - Cross-Site Scripting","Severity":"medium","Description":"A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-38040.yaml"} {"ID":"CVE-2023-38192","Info":{"Name":"SuperWebMailer 9.00.0.01710 - Cross-Site Scripting","Severity":"medium","Description":"An issue was discovered in SuperWebMailer 9.00.0.01710 allowing XSS via crafted incorrect passwords.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-38192.yaml"} {"ID":"CVE-2023-38194","Info":{"Name":"SuperWebMailer - Cross-Site Scripting","Severity":"medium","Description":"An issue was discovered in SuperWebMailer 9.00.0.01710 that allows keepalive.php XSS via a GET parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-38194.yaml"} {"ID":"CVE-2023-38203","Info":{"Name":"Adobe ColdFusion - Deserialization of Untrusted Data","Severity":"critical","Description":"Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38203.yaml"} @@ -2297,6 +2298,7 @@ {"ID":"CVE-2023-40749","Info":{"Name":"PHPJabbers Food Delivery Script v3.0 - SQL Injection","Severity":"critical","Description":"PHPJabbers Food Delivery Script v3.0 is vulnerable to SQL Injection in the \"column\" parameter of index.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-40749.yaml"} {"ID":"CVE-2023-40750","Info":{"Name":"PHPJabbers Yacht Listing Script v1.0 - Cross-Site Scripting","Severity":"medium","Description":"There is a Cross Site Scripting (XSS) vulnerability in the \"action\" parameter of index.php in PHPJabbers Yacht Listing Script v1.0.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-40750.yaml"} {"ID":"CVE-2023-40751","Info":{"Name":"PHPJabbers Fundraising Script v1.0 - Cross-Site Scripting","Severity":"medium","Description":"PHPJabbers Fundraising Script v1.0 is vulnerable to Cross Site Scripting (XSS) via the \"action\" parameter of index.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-40751.yaml"} +{"ID":"CVE-2023-40752","Info":{"Name":"PHPJabbers Make an Offer Widget v1.0 - Cross-Site Scripting","Severity":"medium","Description":"There is a Cross Site Scripting (XSS) vulnerability in the \"action\" parameter of index.php in PHPJabbers Make an Offer Widget v1.0.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-40752.yaml"} {"ID":"CVE-2023-40753","Info":{"Name":"PHPJabbers Ticket Support Script v3.2 - Cross-Site Scripting","Severity":"medium","Description":"There is a Cross Site Scripting (XSS) vulnerability in the message parameter of index.php in PHPJabbers Ticket Support Script v3.2.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-40753.yaml"} {"ID":"CVE-2023-40755","Info":{"Name":"PHPJabbers Callback Widget v1.0 - Cross-Site Scripting","Severity":"medium","Description":"There is a Cross Site Scripting (XSS) vulnerability in the \"theme\" parameter of preview.php in PHPJabbers Callback Widget v1.0.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-40755.yaml"} {"ID":"CVE-2023-40779","Info":{"Name":"IceWarp Mail Server Deep Castle 2 v.13.0.1.2 - Open Redirect","Severity":"medium","Description":"An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-40779.yaml"} diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt index 410a47b667..b818fd7456 100644 --- a/cves.json-checksum.txt +++ b/cves.json-checksum.txt @@ -1 +1 @@ -c4bbb2f56dc069e1467b3d6e96ba3883 +a11441d76de50f466b2913463470af4b