diff --git a/cves.json b/cves.json index 079af000e4..9dde76a3c7 100644 --- a/cves.json +++ b/cves.json @@ -1973,6 +1973,7 @@ {"ID":"CVE-2023-0602","Info":{"Name":"Twittee Text Tweet \u003c= 1.0.8 - Cross-Site Scripting","Severity":"medium","Description":"The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0602.yaml"} {"ID":"CVE-2023-0630","Info":{"Name":"Slimstat Analytics \u003c 4.9.3.3 Subscriber - SQL Injection","Severity":"high","Description":"The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-0630.yaml"} {"ID":"CVE-2023-0669","Info":{"Name":"Fortra GoAnywhere MFT - Remote Code Execution","Severity":"high","Description":"Fortra GoAnywhere MFT is susceptible to remote code execution via unsafe deserialization of an arbitrary attacker-controlled object. This stems from a pre-authentication command injection vulnerability in the License Response Servlet.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-0669.yaml"} +{"ID":"CVE-2023-0678","Info":{"Name":"PHPIPAM \u003cv1.5.1 - Missing Authorization","Severity":"medium","Description":"In phpIPAM 1.5.1, an unauthenticated user could download the list of high-usage IP subnets that contains sensitive information such as a subnet description, IP ranges, and usage rates via find_full_subnets.php endpoint. The bug lies in the fact that find_full_subnets.php does not verify if the user is authorized to access the data, and if the script was started from a command line.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-0678.yaml"} {"ID":"CVE-2023-0777","Info":{"Name":"modoboa 2.0.4 - Admin TakeOver","Severity":"critical","Description":"Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-0777.yaml"} {"ID":"CVE-2023-0900","Info":{"Name":"AP Pricing Tables Lite \u003c= 1.1.6 - SQL Injection","Severity":"high","Description":"The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-0900.yaml"} {"ID":"CVE-2023-0942","Info":{"Name":"WordPress Japanized for WooCommerce \u003c2.5.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Japanized for WooCommerce plugin before 2.5.5 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0942.yaml"} diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt index 409192b49b..914b037a42 100644 --- a/cves.json-checksum.txt +++ b/cves.json-checksum.txt @@ -1 +1 @@ -4e851fbdda9947027d23a4f84a7ab5e4 +2116d68b61548a12cfe131dbae11098c