Skip to content

Commit

Permalink
5 changes (5 new | 0 updated):
Browse files Browse the repository at this point in the history 
      - 5 new CVEs:  CVE-2024-24511, CVE-2024-24512, CVE-2024-25434, CVE-2024-25436, CVE-2024-25438
      - 0 updated CVEs:
  • Loading branch information
cvelistV5 Github Action committed Mar 1, 2024
1 parent a7b092a commit 5a1eddc
Show file tree
Hide file tree
Showing 7 changed files with 361 additions and 36 deletions.
59 changes: 59 additions & 0 deletions cves/2024/24xxx/CVE-2024-24511.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.0",
"cveMetadata": {
"state": "PUBLISHED",
"cveId": "CVE-2024-24511",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"dateUpdated": "2024-03-01T22:32:45.451646",
"dateReserved": "2024-01-25T00:00:00",
"datePublished": "2024-03-01T00:00:00"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre",
"dateUpdated": "2024-03-01T22:32:45.451646"
},
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the Input Title component."
}
],
"affected": [
{
"vendor": "n/a",
"product": "n/a",
"versions": [
{
"version": "n/a",
"status": "affected"
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1IhU9tNhc6enKL1Dgq9--R05biJBjodKv/view?usp=sharing"
},
{
"url": "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-24511%20-%3E%20Stored%20XSS%20in%20input%20Title%20of%20the%20Component"
}
],
"problemTypes": [
{
"descriptions": [
{
"type": "text",
"lang": "en",
"description": "n/a"
}
]
}
]
}
}
}
59 changes: 59 additions & 0 deletions cves/2024/24xxx/CVE-2024-24512.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.0",
"cveMetadata": {
"state": "PUBLISHED",
"cveId": "CVE-2024-24512",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"dateUpdated": "2024-03-01T22:32:49.161997",
"dateReserved": "2024-01-25T00:00:00",
"datePublished": "2024-03-01T00:00:00"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre",
"dateUpdated": "2024-03-01T22:32:49.161997"
},
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component."
}
],
"affected": [
{
"vendor": "n/a",
"product": "n/a",
"versions": [
{
"version": "n/a",
"status": "affected"
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1jRsltje5PRkgigcY5qLWB3GhF0e9j6aF/view?usp=sharing"
},
{
"url": "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-24512%20-%3E%20Stored%20XSS%20in%20input%20SubTitle%20of%20the%20Component"
}
],
"problemTypes": [
{
"descriptions": [
{
"type": "text",
"lang": "en",
"description": "n/a"
}
]
}
]
}
}
}
59 changes: 59 additions & 0 deletions cves/2024/25xxx/CVE-2024-25434.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.0",
"cveMetadata": {
"state": "PUBLISHED",
"cveId": "CVE-2024-25434",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"dateUpdated": "2024-03-01T22:32:54.127038",
"dateReserved": "2024-02-07T00:00:00",
"datePublished": "2024-03-01T00:00:00"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre",
"dateUpdated": "2024-03-01T22:32:54.127038"
},
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter."
}
],
"affected": [
{
"vendor": "n/a",
"product": "n/a",
"versions": [
{
"version": "n/a",
"status": "affected"
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1MFuAyZukdJeA7HKz8o8pOKLJMjURTZCt/view?usp=sharing"
},
{
"url": "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25434%20-%3E%20Stored%20XSS%20in%20input%20public%20name%20of%20the%20Component"
}
],
"problemTypes": [
{
"descriptions": [
{
"type": "text",
"lang": "en",
"description": "n/a"
}
]
}
]
}
}
}
59 changes: 59 additions & 0 deletions cves/2024/25xxx/CVE-2024-25436.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.0",
"cveMetadata": {
"state": "PUBLISHED",
"cveId": "CVE-2024-25436",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"dateUpdated": "2024-03-01T22:33:06.319614",
"dateReserved": "2024-02-07T00:00:00",
"datePublished": "2024-03-01T00:00:00"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre",
"dateUpdated": "2024-03-01T22:33:06.319614"
},
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function."
}
],
"affected": [
{
"vendor": "n/a",
"product": "n/a",
"versions": [
{
"version": "n/a",
"status": "affected"
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1nSC8OlxsEnOajZ2JYuwoKFZqyB764WkL/view?usp=drivesdk"
},
{
"url": "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25438%20-%3E%20Stored%20XSS%20in%20input%20Subject%20of%20the%20Add%20Discussion%20Component%20under%20Submissions"
}
],
"problemTypes": [
{
"descriptions": [
{
"type": "text",
"lang": "en",
"description": "n/a"
}
]
}
]
}
}
}
59 changes: 59 additions & 0 deletions cves/2024/25xxx/CVE-2024-25438.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.0",
"cveMetadata": {
"state": "PUBLISHED",
"cveId": "CVE-2024-25438",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"dateUpdated": "2024-03-01T22:33:10.862245",
"dateReserved": "2024-02-07T00:00:00",
"datePublished": "2024-03-01T00:00:00"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre",
"dateUpdated": "2024-03-01T22:33:10.862245"
},
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function."
}
],
"affected": [
{
"vendor": "n/a",
"product": "n/a",
"versions": [
{
"version": "n/a",
"status": "affected"
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1-9yUkbsQ-blYpTsdZoXfu3ALBA5wQCbG/view?usp=sharing"
},
{
"url": "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25438%20-%3E%20Stored%20XSS%20in%20input%20Subject%20of%20the%20Add%20Discussion%20Component%20under%20Submissions"
}
],
"problemTypes": [
{
"descriptions": [
{
"type": "text",
"lang": "en",
"description": "n/a"
}
]
}
]
}
}
}
38 changes: 28 additions & 10 deletions cves/delta.json
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,36 @@
{
"fetchTime": "2024-03-01T22:26:46.297Z",
"numberOfChanges": 2,
"fetchTime": "2024-03-01T22:38:23.770Z",
"numberOfChanges": 5,
"new": [
{
"cveId": "CVE-2024-27354",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-27354",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/27xxx/CVE-2024-27354.json",
"dateUpdated": "2024-03-01T22:23:41.023440"
"cveId": "CVE-2024-24511",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-24511",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/24xxx/CVE-2024-24511.json",
"dateUpdated": "2024-03-01T22:32:45.451646"
},
{
"cveId": "CVE-2024-27355",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-27355",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/27xxx/CVE-2024-27355.json",
"dateUpdated": "2024-03-01T22:23:44.727870"
"cveId": "CVE-2024-24512",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-24512",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/24xxx/CVE-2024-24512.json",
"dateUpdated": "2024-03-01T22:32:49.161997"
},
{
"cveId": "CVE-2024-25434",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-25434",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/25xxx/CVE-2024-25434.json",
"dateUpdated": "2024-03-01T22:32:54.127038"
},
{
"cveId": "CVE-2024-25436",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-25436",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/25xxx/CVE-2024-25436.json",
"dateUpdated": "2024-03-01T22:33:06.319614"
},
{
"cveId": "CVE-2024-25438",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-25438",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/25xxx/CVE-2024-25438.json",
"dateUpdated": "2024-03-01T22:33:10.862245"
}
],
"updated": [],
Expand Down
Loading

0 comments on commit 5a1eddc

Please sign in to comment.