From bfddd9bff722182a2bb1fe698dd3d64ac6b703e2 Mon Sep 17 00:00:00 2001 From: ghost Date: Tue, 8 Oct 2024 07:16:18 +0000 Subject: [PATCH] =?UTF-8?q?chore:=20generate=20CVEs=20metadata=20?= =?UTF-8?q?=F0=9F=A4=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cves.json | 1 + cves.json-checksum.txt | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/cves.json b/cves.json index ac24e8d1ad..7b2c0f2942 100644 --- a/cves.json +++ b/cves.json @@ -2263,6 +2263,7 @@ {"ID":"CVE-2023-38964","Info":{"Name":"Academy LMS 6.0 - Cross-Site Scripting","Severity":"medium","Description":"Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability through `query` parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-38964.yaml"} {"ID":"CVE-2023-38992","Info":{"Name":"Jeecg-Boot v3.5.1 - SQL Injection","Severity":"critical","Description":"SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData in jeecg-boot v3.5.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38992.yaml"} {"ID":"CVE-2023-39002","Info":{"Name":"OPNsense - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense before 23.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39002.yaml"} +{"ID":"CVE-2023-39007","Info":{"Name":"OPNsense - Cross-Site Scripting to RCE","Severity":"critical","Description":"There is a XSS in /ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 via openAction in app/controllers/OPNsense/Cron/ItemController.php.\n","Classification":{"CVSSScore":"9.6"}},"file_path":"http/cves/2023/CVE-2023-39007.yaml"} {"ID":"CVE-2023-39024","Info":{"Name":"Harman Media Suite \u003c= 4.2.0 - Local File Disclosure","Severity":"high","Description":"Harman Media Suite (versions 4.2.0 and below) are vulnerable to possible Local File Disclosure. This allows an unauthenticated user to potentially download attachments and recordings stored within the Media Suite application if anonymous access to the User Portal is enabled.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-39024.yaml"} {"ID":"CVE-2023-39026","Info":{"Name":"FileMage Gateway - Directory Traversal","Severity":"high","Description":"Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-39026.yaml"} {"ID":"CVE-2023-39108","Info":{"Name":"rConfig 3.9.4 - Server-Side Request Forgery","Severity":"high","Description":"rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-39108.yaml"} diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt index d999803d2c..50540d5084 100644 --- a/cves.json-checksum.txt +++ b/cves.json-checksum.txt @@ -1 +1 @@ -0f4b2f0da403cd1a57325ebcd4825a0d +6fdd731017b724b4060a3d50f024dd9f