diff --git a/cves.json b/cves.json index 4c5647c27b..3b19bbcc41 100644 --- a/cves.json +++ b/cves.json @@ -1803,6 +1803,7 @@ {"ID":"CVE-2022-30776","Info":{"Name":"Atmail 6.5.0 - Cross-Site Scripting","Severity":"medium","Description":"Atmail 6.5.0 contains a cross-site scripting vulnerability via the index.php/admin/index/ 'error' parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-30776.yaml"} {"ID":"CVE-2022-30777","Info":{"Name":"Parallels H-Sphere 3.6.1713 - Cross-Site Scripting","Severity":"medium","Description":"Parallels H-Sphere 3.6.1713 contains a cross-site scripting vulnerability via the index_en.php 'from' parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-30777.yaml"} {"ID":"CVE-2022-31126","Info":{"Name":"Roxy-WI \u003c6.1.1.0 - Remote Code Execution","Severity":"critical","Description":"Roxy-WI before 6.1.1.0 is susceptible to remote code execution. System commands can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-31126.yaml"} +{"ID":"CVE-2022-31260","Info":{"Name":"ResourceSpace - Metadata Export","Severity":"medium","Description":"In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a non-NULL k value.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2022/CVE-2022-31260.yaml"} {"ID":"CVE-2022-31268","Info":{"Name":"Gitblit 1.9.3 - Local File Inclusion","Severity":"high","Description":"Gitblit 1.9.3 is vulnerable to local file inclusion via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-31268.yaml"} {"ID":"CVE-2022-31269","Info":{"Name":"Linear eMerge E3-Series - Information Disclosure","Severity":"high","Description":"Linear eMerge E3-Series devices are susceptible to information disclosure. Admin credentials are stored in clear text at the endpoint /test.txt in situations where the default admin credentials have been changed. An attacker can obtain admin credentials, access the admin dashboard, control building access and cameras, and access employee information.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2022/CVE-2022-31269.yaml"} {"ID":"CVE-2022-31299","Info":{"Name":"Haraj 3.7 - Cross-Site Scripting","Severity":"medium","Description":"Haraj 3.7 contains a cross-site scripting vulnerability in the User Upgrade Form. An attacker can inject malicious script and thus steal authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-31299.yaml"} diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt index fb4f7804db..52245fc416 100644 --- a/cves.json-checksum.txt +++ b/cves.json-checksum.txt @@ -1 +1 @@ -5941c984bcebd1748c4fb3fb2a096aa3 +b729d5c2036a88aea74a24ccd9e2e0b5