From a93fd08d298abda434aa72e8c973c48836397d62 Mon Sep 17 00:00:00 2001 From: github-actions Date: Mon, 2 Dec 2024 00:07:37 +0000 Subject: [PATCH] NVD Sync 2024-12-02 00:07 --- cve/2024/CVE-2024-12007.json | 1 + cve/2024/CVE-2024-43702.json | 2 +- cve/2024/CVE-2024-43703.json | 2 +- cve/2024/CVE-2024-53742.json | 1 + cve/2024/CVE-2024-53743.json | 1 + cve/2024/CVE-2024-53744.json | 1 + cve/2024/CVE-2024-53745.json | 1 + cve/2024/CVE-2024-53746.json | 1 + cve/2024/CVE-2024-53747.json | 1 + cve/2024/CVE-2024-53748.json | 1 + cve/2024/CVE-2024-53749.json | 1 + cve/2024/CVE-2024-53750.json | 1 + cve/2024/CVE-2024-53752.json | 1 + syncdate.json | 2 +- 14 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 cve/2024/CVE-2024-12007.json create mode 100644 cve/2024/CVE-2024-53742.json create mode 100644 cve/2024/CVE-2024-53743.json create mode 100644 cve/2024/CVE-2024-53744.json create mode 100644 cve/2024/CVE-2024-53745.json create mode 100644 cve/2024/CVE-2024-53746.json create mode 100644 cve/2024/CVE-2024-53747.json create mode 100644 cve/2024/CVE-2024-53748.json create mode 100644 cve/2024/CVE-2024-53749.json create mode 100644 cve/2024/CVE-2024-53750.json create mode 100644 cve/2024/CVE-2024-53752.json diff --git a/cve/2024/CVE-2024-12007.json b/cve/2024/CVE-2024-12007.json new file mode 100644 index 0000000000..b24c90639a --- /dev/null +++ b/cve/2024/CVE-2024-12007.json @@ -0,0 +1 @@ +{"cve": {"id": "CVE-2024-12007", "sourceIdentifier": "cna@vuldb.com", "published": "2024-12-01T23:15:05.310", "lastModified": "2024-12-01T23:15:05.310", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in code-projects Farmacia 1.0. This affects an unknown part of the file /visualizar-produto.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."}], "metrics": {"cvssMetricV40": [{"source": "cna@vuldb.com", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "LOW", "vulnerableSystemAvailability": "LOW", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "subsequentSystemAvailability": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "safety": "NOT_DEFINED", "automatable": "NOT_DEFINED", "recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "cna@vuldb.com", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}], "cvssMetricV2": [{"source": "cna@vuldb.com", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "cna@vuldb.com", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://code-projects.org/", "source": "cna@vuldb.com"}, {"url": "https://github.com/LamentXU123/cve/blob/main/cve-l.md", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.286491", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.286491", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.454715", "source": "cna@vuldb.com"}]}} \ No newline at end of file diff --git a/cve/2024/CVE-2024-43702.json b/cve/2024/CVE-2024-43702.json index dd6a654f1b..cde08269d2 100644 --- a/cve/2024/CVE-2024-43702.json +++ b/cve/2024/CVE-2024-43702.json @@ -1 +1 @@ -{"cve": {"id": "CVE-2024-43702", "sourceIdentifier": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "published": "2024-11-30T03:15:13.903", "lastModified": "2024-11-30T03:15:13.903", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to allow unprivileged access to arbitrary physical memory page."}], "metrics": {}, "weaknesses": [{"source": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-280"}]}], "references": [{"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/", "source": "367425dc-4d06-4041-9650-c2dc6aaa27ce"}]}} \ No newline at end of file +{"cve": {"id": "CVE-2024-43702", "sourceIdentifier": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "published": "2024-11-30T03:15:13.903", "lastModified": "2024-12-01T23:15:06.200", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to allow unprivileged access to arbitrary physical memory page."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 5.2}]}, "weaknesses": [{"source": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-280"}]}], "references": [{"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/", "source": "367425dc-4d06-4041-9650-c2dc6aaa27ce"}]}} \ No newline at end of file diff --git a/cve/2024/CVE-2024-43703.json b/cve/2024/CVE-2024-43703.json index 4d32ab7b83..f13169bfb9 100644 --- a/cve/2024/CVE-2024-43703.json +++ b/cve/2024/CVE-2024-43703.json @@ -1 +1 @@ -{"cve": {"id": "CVE-2024-43703", "sourceIdentifier": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "published": "2024-11-30T03:15:14.030", "lastModified": "2024-11-30T03:15:14.030", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to achieve unauthorised reads and writes of physical memory from the GPU HW."}], "metrics": {}, "weaknesses": [{"source": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-416"}]}], "references": [{"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/", "source": "367425dc-4d06-4041-9650-c2dc6aaa27ce"}]}} \ No newline at end of file +{"cve": {"id": "CVE-2024-43703", "sourceIdentifier": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "published": "2024-11-30T03:15:14.030", "lastModified": "2024-12-01T23:15:06.383", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to achieve unauthorised reads and writes of physical memory from the GPU HW."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 5.2}]}, "weaknesses": [{"source": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-416"}]}], "references": [{"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/", "source": "367425dc-4d06-4041-9650-c2dc6aaa27ce"}]}} \ No newline at end of file diff --git a/cve/2024/CVE-2024-53742.json b/cve/2024/CVE-2024-53742.json new file mode 100644 index 0000000000..970e0be6c5 --- /dev/null +++ b/cve/2024/CVE-2024-53742.json @@ -0,0 +1 @@ +{"cve": {"id": "CVE-2024-53742", "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-01T22:15:05.007", "lastModified": "2024-12-01T22:15:05.007", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prism I.T. Systems Multilevel Referral Affiliate Plugin for WooCommerce allows Reflected XSS.This issue affects Multilevel Referral Affiliate Plugin for WooCommerce: from n/a through 2.27."}], "metrics": {"cvssMetricV31": [{"source": "audit@patchstack.com", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.7}]}, "weaknesses": [{"source": "audit@patchstack.com", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/multilevel-referral-plugin-for-woocommerce/vulnerability/wordpress-multilevel-referral-affiliate-plugin-for-woocommerce-plugin-2-27-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}]}} \ No newline at end of file diff --git a/cve/2024/CVE-2024-53743.json b/cve/2024/CVE-2024-53743.json new file mode 100644 index 0000000000..750e8fded5 --- /dev/null +++ b/cve/2024/CVE-2024-53743.json @@ -0,0 +1 @@ +{"cve": {"id": "CVE-2024-53743", "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-01T22:15:05.247", "lastModified": "2024-12-01T22:15:05.247", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FlickDevs Countdown Timer for Elementor allows Stored XSS.This issue affects Countdown Timer for Elementor: from n/a through 1.3.6."}], "metrics": {"cvssMetricV31": [{"source": "audit@patchstack.com", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.3, "impactScore": 3.7}]}, "weaknesses": [{"source": "audit@patchstack.com", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/countdown-timer-for-elementor/vulnerability/wordpress-countdown-timer-for-elementor-plugin-1-3-6-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}]}} \ No newline at end of file diff --git a/cve/2024/CVE-2024-53744.json b/cve/2024/CVE-2024-53744.json new file mode 100644 index 0000000000..bc5d678cd5 --- /dev/null +++ b/cve/2024/CVE-2024-53744.json @@ -0,0 +1 @@ +{"cve": {"id": "CVE-2024-53744", "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-01T22:15:05.393", "lastModified": "2024-12-01T22:15:05.393", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Skybootstrap Elementor Image Gallery Plugin allows Stored XSS.This issue affects Elementor Image Gallery Plugin: from n/a through 1.0.3."}], "metrics": {"cvssMetricV31": [{"source": "audit@patchstack.com", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.3, "impactScore": 3.7}]}, "weaknesses": [{"source": "audit@patchstack.com", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/skyboot-portfolio-gallery/vulnerability/wordpress-elementor-image-gallery-plugin-1-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}]}} \ No newline at end of file diff --git a/cve/2024/CVE-2024-53745.json b/cve/2024/CVE-2024-53745.json new file mode 100644 index 0000000000..44fe6bd628 --- /dev/null +++ b/cve/2024/CVE-2024-53745.json @@ -0,0 +1 @@ +{"cve": {"id": "CVE-2024-53745", "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-01T22:15:05.530", "lastModified": "2024-12-01T22:15:05.530", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in \ucf54\uc2a4\ubaa8\uc2a4\ud31c \u2013 Cosmosfarm \uc18c\uc15c \uacf5\uc720 \ubc84\ud2bc By \ucf54\uc2a4\ubaa8\uc2a4\ud31c allows Stored XSS.This issue affects \uc18c\uc15c \uacf5\uc720 \ubc84\ud2bc By \ucf54\uc2a4\ubaa8\uc2a4\ud31c: from n/a through 1.9."}], "metrics": {"cvssMetricV31": [{"source": "audit@patchstack.com", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.3, "impactScore": 3.7}]}, "weaknesses": [{"source": "audit@patchstack.com", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/cosmosfarm-share-buttons/vulnerability/wordpress-social-sharing-buttons-by-cosmos-farm-plugin-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}]}} \ No newline at end of file diff --git a/cve/2024/CVE-2024-53746.json b/cve/2024/CVE-2024-53746.json new file mode 100644 index 0000000000..a2f0e3b26d --- /dev/null +++ b/cve/2024/CVE-2024-53746.json @@ -0,0 +1 @@ +{"cve": {"id": "CVE-2024-53746", "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-01T22:15:05.663", "lastModified": "2024-12-01T22:15:05.663", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FlickDevs Elementor Button Plus allows Stored XSS.This issue affects Elementor Button Plus: from n/a through 1.3.3."}], "metrics": {"cvssMetricV31": [{"source": "audit@patchstack.com", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.3, "impactScore": 3.7}]}, "weaknesses": [{"source": "audit@patchstack.com", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/fd-elementor-button-plus/vulnerability/wordpress-elementor-button-plus-plugin-1-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}]}} \ No newline at end of file diff --git a/cve/2024/CVE-2024-53747.json b/cve/2024/CVE-2024-53747.json new file mode 100644 index 0000000000..a6dc8fffa2 --- /dev/null +++ b/cve/2024/CVE-2024-53747.json @@ -0,0 +1 @@ +{"cve": {"id": "CVE-2024-53747", "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-01T22:15:05.793", "lastModified": "2024-12-01T22:15:05.793", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NuttTaro Video Player for WPBakery allows Stored XSS.This issue affects Video Player for WPBakery: from n/a through 1.0.1."}], "metrics": {"cvssMetricV31": [{"source": "audit@patchstack.com", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.3, "impactScore": 3.7}]}, "weaknesses": [{"source": "audit@patchstack.com", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/video-player-for-wpbakery/vulnerability/wordpress-video-player-for-wpbakery-plugin-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}]}} \ No newline at end of file diff --git a/cve/2024/CVE-2024-53748.json b/cve/2024/CVE-2024-53748.json new file mode 100644 index 0000000000..56f2337392 --- /dev/null +++ b/cve/2024/CVE-2024-53748.json @@ -0,0 +1 @@ +{"cve": {"id": "CVE-2024-53748", "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-01T22:15:05.933", "lastModified": "2024-12-01T22:15:05.933", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry Lin WP Mermaid allows Stored XSS.This issue affects WP Mermaid: from n/a through 1.0.2."}], "metrics": {"cvssMetricV31": [{"source": "audit@patchstack.com", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.3, "impactScore": 3.7}]}, "weaknesses": [{"source": "audit@patchstack.com", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/wp-mermaid/vulnerability/wordpress-wp-mermaid-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}]}} \ No newline at end of file diff --git a/cve/2024/CVE-2024-53749.json b/cve/2024/CVE-2024-53749.json new file mode 100644 index 0000000000..2e2e9573ee --- /dev/null +++ b/cve/2024/CVE-2024-53749.json @@ -0,0 +1 @@ +{"cve": {"id": "CVE-2024-53749", "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-01T22:15:06.080", "lastModified": "2024-12-01T22:15:06.080", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plugin Devs Post Carousel Slider for Elementor allows Stored XSS.This issue affects Post Carousel Slider for Elementor: from n/a through 1.4.0."}], "metrics": {"cvssMetricV31": [{"source": "audit@patchstack.com", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.3, "impactScore": 3.7}]}, "weaknesses": [{"source": "audit@patchstack.com", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/post-carousel-slider-for-elementor/vulnerability/wordpress-post-carousel-slider-for-elementor-plugin-1-4-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}]}} \ No newline at end of file diff --git a/cve/2024/CVE-2024-53750.json b/cve/2024/CVE-2024-53750.json new file mode 100644 index 0000000000..727b88a1b7 --- /dev/null +++ b/cve/2024/CVE-2024-53750.json @@ -0,0 +1 @@ +{"cve": {"id": "CVE-2024-53750", "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-01T22:15:06.217", "lastModified": "2024-12-01T22:15:06.217", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Maeve Lander PayPal Responder allows Stored XSS.This issue affects PayPal Responder: from n/a through 1.2."}], "metrics": {"cvssMetricV31": [{"source": "audit@patchstack.com", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.7}]}, "weaknesses": [{"source": "audit@patchstack.com", "type": "Primary", "description": [{"lang": "en", "value": "CWE-352"}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/paypal-responder/vulnerability/wordpress-paypal-responder-plugin-1-2-csrf-to-stored-xss-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}]}} \ No newline at end of file diff --git a/cve/2024/CVE-2024-53752.json b/cve/2024/CVE-2024-53752.json new file mode 100644 index 0000000000..014bc516f4 --- /dev/null +++ b/cve/2024/CVE-2024-53752.json @@ -0,0 +1 @@ +{"cve": {"id": "CVE-2024-53752", "sourceIdentifier": "audit@patchstack.com", "published": "2024-12-01T22:15:06.360", "lastModified": "2024-12-01T22:15:06.360", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Berg Informatik Stripe Donation allows Stored XSS.This issue affects Stripe Donation: from n/a through 1.2.5."}], "metrics": {"cvssMetricV31": [{"source": "audit@patchstack.com", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.3, "impactScore": 3.7}]}, "weaknesses": [{"source": "audit@patchstack.com", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/bin-stripe-donation/vulnerability/wordpress-stripe-donation-plugin-1-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}]}} \ No newline at end of file diff --git a/syncdate.json b/syncdate.json index d33afbaaf5..1ddb2e137f 100644 --- a/syncdate.json +++ b/syncdate.json @@ -1 +1 @@ -{"lastModStartDate": "2024-12-01T20:02:40.676093+00:00", "lastModEndDate": "2024-12-01T22:02:31.706098+00:00"} \ No newline at end of file +{"lastModStartDate": "2024-12-01T22:02:31.706098+00:00", "lastModEndDate": "2024-12-02T00:05:00.093049+00:00"} \ No newline at end of file