Skip to content

Commit

Permalink
2 changes (0 new | 2 updated):
Browse files Browse the repository at this point in the history 
      - 0 new CVEs:
      - 2 updated CVEs: CVE-2024-4353, CVE-2025-23892
  • Loading branch information
cvelistV5 Github Action committed Jan 17, 2025
1 parent eb9b137 commit b3357eb
Show file tree
Hide file tree
Showing 4 changed files with 74 additions and 32 deletions.
16 changes: 8 additions & 8 deletions cves/2024/4xxx/CVE-2024-4353.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
"assignerShortName": "ConcreteCMS",
"dateReserved": "2024-04-30T16:08:19.329Z",
"datePublished": "2024-08-01T18:23:31.033Z",
"dateUpdated": "2024-08-07T18:17:31.104Z"
"dateUpdated": "2025-01-17T21:55:57.746Z"
},
"containers": {
"cna": {
Expand Down Expand Up @@ -42,10 +42,10 @@
{
"base64": false,
"type": "text/html",
"value": "Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in the generate dashboard board\ninstance functionality. The Name input field does not check the input sufficiently letting a rogue administrator have the capability to inject malicious\nJavaScript code. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of <a target=\"_blank\" rel=\"nofollow\" href=\"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N&amp;version=3.1\">AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N</a>&nbsp;and a CVSS v4 score of 1.8 with a vector of CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N&nbsp;<span style=\"background-color: rgb(246, 246, 246);\">Concrete versions below 9 are not affected by this vulnerability.</span> Thanks <span style=\"background-color: rgb(255, 255, 255);\">fhAnso for reporting. </span><p></p>"
"value": "Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in the generate dashboard board\ninstance functionality. The Name input field does not check the input sufficiently letting a rogue administrator have the capability to inject malicious\nJavaScript code. The Concrete CMS security team gave this vulnerability&nbsp;a CVSS v4 score of 4.6 with a vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N. Concrete versions below 9 are not affected by this vulnerability.Thanks <span style=\"background-color: rgb(255, 255, 255);\">fhAnso for reporting. (<span style=\"background-color: rgb(255, 255, 255);\">CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC).</span></span><p></p>"
}
],
"value": "Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in the generate dashboard board\ninstance functionality. The Name input field does not check the input sufficiently letting a rogue administrator have the capability to inject malicious\nJavaScript code. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator  and a CVSS v4 score of 1.8 with a vector of CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Concrete versions below 9 are not affected by this vulnerability. Thanks fhAnso for reporting."
"value": "Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in the generate dashboard board\ninstance functionality. The Name input field does not check the input sufficiently letting a rogue administrator have the capability to inject malicious\nJavaScript code. The Concrete CMS security team gave this vulnerability a CVSS v4 score of 4.6 with a vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N. Concrete versions below 9 are not affected by this vulnerability.Thanks fhAnso for reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC)."
}
],
"impacts": [
Expand All @@ -65,19 +65,19 @@
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 1.8,
"baseSeverity": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
Expand Down Expand Up @@ -108,7 +108,7 @@
"providerMetadata": {
"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"shortName": "ConcreteCMS",
"dateUpdated": "2024-08-07T18:17:31.104Z"
"dateUpdated": "2025-01-17T21:55:57.746Z"
},
"references": [
{
Expand Down
38 changes: 36 additions & 2 deletions cves/2025/23xxx/CVE-2025-23892.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2025-01-16T11:31:51.930Z",
"datePublished": "2025-01-16T20:07:40.234Z",
"dateUpdated": "2025-01-16T20:07:40.234Z"
"dateUpdated": "2025-01-17T21:52:58.506Z"
},
"containers": {
"cna": {
Expand Down Expand Up @@ -118,6 +118,40 @@
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"adp": [
{
"metrics": [
{
"other": {
"type": "ssvc",
"content": {
"timestamp": "2025-01-17T21:52:29.347404Z",
"id": "CVE-2025-23892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"version": "2.0.3"
}
}
}
],
"title": "CISA ADP Vulnrichment",
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2025-01-17T21:52:58.506Z"
}
}
]
}
}
32 changes: 10 additions & 22 deletions cves/delta.json
View file
Original file line number Diff line number Diff line change
@@ -1,31 +1,19 @@
{
"fetchTime": "2025-01-17T21:52:26.229Z",
"numberOfChanges": 4,
"fetchTime": "2025-01-17T21:58:17.092Z",
"numberOfChanges": 2,
"new": [],
"updated": [
{
"cveId": "CVE-2023-25953",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-25953",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/25xxx/CVE-2023-25953.json",
"dateUpdated": "2025-01-17T21:47:04.078Z"
"cveId": "CVE-2024-4353",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-4353",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/4xxx/CVE-2024-4353.json",
"dateUpdated": "2025-01-17T21:55:57.746Z"
},
{
"cveId": "CVE-2025-23884",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-23884",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/23xxx/CVE-2025-23884.json",
"dateUpdated": "2025-01-17T21:51:47.811Z"
},
{
"cveId": "CVE-2025-23887",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-23887",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/23xxx/CVE-2025-23887.json",
"dateUpdated": "2025-01-17T21:50:00.490Z"
},
{
"cveId": "CVE-2025-23891",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-23891",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/23xxx/CVE-2025-23891.json",
"dateUpdated": "2025-01-17T21:51:02.043Z"
"cveId": "CVE-2025-23892",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-23892",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/23xxx/CVE-2025-23892.json",
"dateUpdated": "2025-01-17T21:52:58.506Z"
}
],
"error": []
Expand Down
20 changes: 20 additions & 0 deletions cves/deltaLog.json
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,24 @@
[
{
"fetchTime": "2025-01-17T21:58:17.092Z",
"numberOfChanges": 2,
"new": [],
"updated": [
{
"cveId": "CVE-2024-4353",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-4353",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/4xxx/CVE-2024-4353.json",
"dateUpdated": "2025-01-17T21:55:57.746Z"
},
{
"cveId": "CVE-2025-23892",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2025-23892",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2025/23xxx/CVE-2025-23892.json",
"dateUpdated": "2025-01-17T21:52:58.506Z"
}
],
"error": []
},
{
"fetchTime": "2025-01-17T21:52:26.229Z",
"numberOfChanges": 4,
Expand Down

0 comments on commit b3357eb

Please sign in to comment.