daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated cves.json [Sun Mar 31 17:20:10 UTC 2024] 🤖

patch-1
GitHub Action 2024-03-31 17:20:10 +00:00
parent f945e5d6bc
commit fda5f07e0b
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@ -1973,6 +1973,7 @@
{"ID":"CVE-2023-0602","Info":{"Name":"Twittee Text Tweet \u003c= 1.0.8 - Cross-Site Scripting","Severity":"medium","Description":"The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0602.yaml"}
{"ID":"CVE-2023-0630","Info":{"Name":"Slimstat Analytics \u003c 4.9.3.3 Subscriber - SQL Injection","Severity":"high","Description":"The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-0630.yaml"}
{"ID":"CVE-2023-0669","Info":{"Name":"Fortra GoAnywhere MFT - Remote Code Execution","Severity":"high","Description":"Fortra GoAnywhere MFT is susceptible to remote code execution via unsafe deserialization of an arbitrary attacker-controlled object. This stems from a pre-authentication command injection vulnerability in the License Response Servlet.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-0669.yaml"}
{"ID":"CVE-2023-0678","Info":{"Name":"PHPIPAM \u003cv1.5.1 - Missing Authorization","Severity":"medium","Description":"In phpIPAM 1.5.1, an unauthenticated user could download the list of high-usage IP subnets that contains sensitive information such as a subnet description, IP ranges, and usage rates via find_full_subnets.php endpoint. The bug lies in the fact that find_full_subnets.php does not verify if the user is authorized to access the data, and if the script was started from a command line.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-0678.yaml"}
{"ID":"CVE-2023-0777","Info":{"Name":"modoboa 2.0.4 - Admin TakeOver","Severity":"critical","Description":"Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-0777.yaml"}
{"ID":"CVE-2023-0900","Info":{"Name":"AP Pricing Tables Lite \u003c= 1.1.6 - SQL Injection","Severity":"high","Description":"The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-0900.yaml"}
{"ID":"CVE-2023-0942","Info":{"Name":"WordPress Japanized for WooCommerce \u003c2.5.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Japanized for WooCommerce plugin before 2.5.5 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0942.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
4e851fbdda9947027d23a4f84a7ab5e4
2116d68b61548a12cfe131dbae11098c