Skip to content

Commit

Permalink
5 changes (2 new | 3 updated):
Browse files Browse the repository at this point in the history 
      - 2 new CVEs:  CVE-2024-53683, CVE-2024-54681
      - 3 updated CVEs: CVE-2023-31860, CVE-2023-31994, CVE-2024-12540
  • Loading branch information
cvelistV5 Github Action committed Jan 17, 2025
1 parent 5a60dc5 commit 3b16e69
Show file tree
Hide file tree
Showing 7 changed files with 510 additions and 257 deletions.
70 changes: 69 additions & 1 deletion cves/2023/31xxx/CVE-2023-31860.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"cveId": "CVE-2023-31860",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"dateUpdated": "2024-08-02T14:56:35.661Z",
"dateUpdated": "2025-01-17T16:45:33.887Z",
"dateReserved": "2023-04-29T00:00:00",
"datePublished": "2023-05-23T00:00:00"
},
Expand Down Expand Up @@ -68,6 +68,74 @@
]
}
]
},
{
"problemTypes": [
{
"descriptions": [
{
"type": "CWE",
"cweId": "CWE-79",
"lang": "en",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
],
"references": [
{
"url": "https://github.com/wuzhicms/b2b/issues/3",
"tags": [
"exploit"
]
}
],
"metrics": [
{
"cvssV3_1": {
"scope": "CHANGED",
"version": "3.1",
"baseScore": 5.4,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"integrityImpact": "LOW",
"userInteraction": "REQUIRED",
"attackComplexity": "LOW",
"availabilityImpact": "NONE",
"privilegesRequired": "LOW",
"confidentialityImpact": "LOW"
}
},
{
"other": {
"type": "ssvc",
"content": {
"timestamp": "2025-01-17T16:45:26.048669Z",
"id": "CVE-2023-31860",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"version": "2.0.3"
}
}
}
],
"title": "CISA ADP Vulnrichment",
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2025-01-17T16:45:33.887Z"
}
}
]
}
Expand Down
61 changes: 60 additions & 1 deletion cves/2023/31xxx/CVE-2023-31994.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"cveId": "CVE-2023-31994",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"dateUpdated": "2024-08-02T15:03:28.511Z",
"dateUpdated": "2025-01-17T16:42:07.446Z",
"dateReserved": "2023-04-29T00:00:00",
"datePublished": "2023-05-23T00:00:00"
},
Expand Down Expand Up @@ -77,6 +77,65 @@
]
}
]
},
{
"problemTypes": [
{
"descriptions": [
{
"type": "CWE",
"lang": "en",
"description": "CWE-noinfo Not enough information"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.3,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
}
},
{
"other": {
"type": "ssvc",
"content": {
"timestamp": "2025-01-17T16:42:01.240259Z",
"id": "CVE-2023-31994",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"version": "2.0.3"
}
}
}
],
"title": "CISA ADP Vulnrichment",
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2025-01-17T16:42:07.446Z"
}
}
]
}
Expand Down
116 changes: 10 additions & 106 deletions cves/2024/12xxx/CVE-2024-12540.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,122 +4,26 @@
"cveMetadata": {
"cveId": "CVE-2024-12540",
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"state": "PUBLISHED",
"state": "REJECTED",
"assignerShortName": "Wordfence",
"dateReserved": "2024-12-11T20:18:22.935Z",
"datePublished": "2025-01-07T03:22:00.501Z",
"dateUpdated": "2025-01-07T16:26:50.419Z"
"dateUpdated": "2025-01-17T16:45:24.984Z",
"dateRejected": "2025-01-17T16:45:24.984Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence",
"dateUpdated": "2025-01-07T03:22:00.501Z"
},
"affected": [
{
"vendor": "lddwebdesign",
"product": "LDD Directory Lite",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "3.3",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
],
"descriptions": [
{
"lang": "en",
"value": "The LDD Directory Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"title": "LDD Directory Lite <= 3.3 - Reflected Cross-Site Scripting via remove_query_arg Parameter",
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f7675e1c-7194-4cfe-81fb-a78d75e0bb1e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ldd-directory-lite/trunk/templates/frontend/edit-submit.php#L10"
},
{
"url": "https://wordpress.org/plugins/ldd-directory-lite/#developers"
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79",
"type": "CWE"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
}
],
"credits": [
"rejectedReasons": [
{
"lang": "en",
"type": "finder",
"value": "Peter Thaleikis"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-54288. Reason: This candidate is a reservation duplicate of CVE-2024-54288. Notes: All CVE users should reference CVE-2024-54288 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
],
"timeline": [
{
"time": "2025-01-06T15:07:26.000+00:00",
"lang": "en",
"value": "Disclosed"
}
]
},
"adp": [
{
"metrics": [
{
"other": {
"type": "ssvc",
"content": {
"timestamp": "2025-01-07T15:55:00.464475Z",
"id": "CVE-2024-12540",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"version": "2.0.3"
}
}
}
],
"title": "CISA ADP Vulnrichment",
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2025-01-07T16:26:50.419Z"
}
"providerMetadata": {
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence",
"dateUpdated": "2025-01-17T16:45:24.984Z"
}
]
}
}
}
Loading

0 comments on commit 3b16e69

Please sign in to comment.