daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

patch-14
ghost 2024-11-07 05:49:20 +00:00
parent 2183b1f617
commit fbacdcb736
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@ -1803,6 +1803,7 @@
{"ID":"CVE-2022-30776","Info":{"Name":"Atmail 6.5.0 - Cross-Site Scripting","Severity":"medium","Description":"Atmail 6.5.0 contains a cross-site scripting vulnerability via the index.php/admin/index/ 'error' parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-30776.yaml"} {"ID":"CVE-2022-30776","Info":{"Name":"Atmail 6.5.0 - Cross-Site Scripting","Severity":"medium","Description":"Atmail 6.5.0 contains a cross-site scripting vulnerability via the index.php/admin/index/ 'error' parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-30776.yaml"}
{"ID":"CVE-2022-30777","Info":{"Name":"Parallels H-Sphere 3.6.1713 - Cross-Site Scripting","Severity":"medium","Description":"Parallels H-Sphere 3.6.1713 contains a cross-site scripting vulnerability via the index_en.php 'from' parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-30777.yaml"} {"ID":"CVE-2022-30777","Info":{"Name":"Parallels H-Sphere 3.6.1713 - Cross-Site Scripting","Severity":"medium","Description":"Parallels H-Sphere 3.6.1713 contains a cross-site scripting vulnerability via the index_en.php 'from' parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-30777.yaml"}
{"ID":"CVE-2022-31126","Info":{"Name":"Roxy-WI \u003c6.1.1.0 - Remote Code Execution","Severity":"critical","Description":"Roxy-WI before 6.1.1.0 is susceptible to remote code execution. System commands can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-31126.yaml"} {"ID":"CVE-2022-31126","Info":{"Name":"Roxy-WI \u003c6.1.1.0 - Remote Code Execution","Severity":"critical","Description":"Roxy-WI before 6.1.1.0 is susceptible to remote code execution. System commands can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-31126.yaml"}
{"ID":"CVE-2022-31260","Info":{"Name":"ResourceSpace - Metadata Export","Severity":"medium","Description":"In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a non-NULL k value.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2022/CVE-2022-31260.yaml"}
{"ID":"CVE-2022-31268","Info":{"Name":"Gitblit 1.9.3 - Local File Inclusion","Severity":"high","Description":"Gitblit 1.9.3 is vulnerable to local file inclusion via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-31268.yaml"} {"ID":"CVE-2022-31268","Info":{"Name":"Gitblit 1.9.3 - Local File Inclusion","Severity":"high","Description":"Gitblit 1.9.3 is vulnerable to local file inclusion via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-31268.yaml"}
{"ID":"CVE-2022-31269","Info":{"Name":"Linear eMerge E3-Series - Information Disclosure","Severity":"high","Description":"Linear eMerge E3-Series devices are susceptible to information disclosure. Admin credentials are stored in clear text at the endpoint /test.txt in situations where the default admin credentials have been changed. An attacker can obtain admin credentials, access the admin dashboard, control building access and cameras, and access employee information.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2022/CVE-2022-31269.yaml"} {"ID":"CVE-2022-31269","Info":{"Name":"Linear eMerge E3-Series - Information Disclosure","Severity":"high","Description":"Linear eMerge E3-Series devices are susceptible to information disclosure. Admin credentials are stored in clear text at the endpoint /test.txt in situations where the default admin credentials have been changed. An attacker can obtain admin credentials, access the admin dashboard, control building access and cameras, and access employee information.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2022/CVE-2022-31269.yaml"}
{"ID":"CVE-2022-31299","Info":{"Name":"Haraj 3.7 - Cross-Site Scripting","Severity":"medium","Description":"Haraj 3.7 contains a cross-site scripting vulnerability in the User Upgrade Form. An attacker can inject malicious script and thus steal authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-31299.yaml"} {"ID":"CVE-2022-31299","Info":{"Name":"Haraj 3.7 - Cross-Site Scripting","Severity":"medium","Description":"Haraj 3.7 contains a cross-site scripting vulnerability in the User Upgrade Form. An attacker can inject malicious script and thus steal authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-31299.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
5941c984bcebd1748c4fb3fb2a096aa3 b729d5c2036a88aea74a24ccd9e2e0b5