Auto Generated cves.json [Tue Mar 28 12:25:46 UTC 2023] :robot:

projectdiscovery · Mar 28, 2023 · 197e764 · 197e764
1 parent 15a31dc
commit 197e764
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/cves.json b/cves.json
@@ -412,6 +412,7 @@
 {"ID":"CVE-2017-8917","Info":{"Name":"Joomla! \u003c3.7.1 - SQL Injection","Severity":"critical","Description":"Joomla! before 3.7.1 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2017/CVE-2017-8917.yaml"}
 {"ID":"CVE-2017-9140","Info":{"Name":"Reflected XSS - Telerik Reporting Module","Severity":"medium","Description":"Cross-site scripting vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2017/CVE-2017-9140.yaml"}
 {"ID":"CVE-2017-9288","Info":{"Name":"WordPress Raygun4WP \u003c=1.8.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Raygun4WP 1.8.0 contains a reflected cross-site scripting vulnerability via sendtesterror.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2017/CVE-2017-9288.yaml"}
+{"ID":"CVE-2017-9416","Info":{"Name":"Odoo 8.0/9.0/10.0 - Path Traversal","Severity":"medium","Description":"Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to read arbitrary local files readable by the Odoo service.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2017/CVE-2017-9416.yaml"}
 {"ID":"CVE-2017-9506","Info":{"Name":"Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery","Severity":"medium","Description":"The Atlassian Jira IconUriServlet of the OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 contains a cross-site scripting vulnerability which allows remote attackers to access the content of internal network resources and/or perform an attack via Server Side Request Forgery.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2017/CVE-2017-9506.yaml"}
 {"ID":"CVE-2017-9791","Info":{"Name":"Apache Struts2 S2-053 - Remote Code Execution","Severity":"critical","Description":"Apache Struts 2.1.x and 2.3.x  with the Struts 1 plugin might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2017/CVE-2017-9791.yaml"}
 {"ID":"CVE-2017-9805","Info":{"Name":"Apache Struts2 S2-052 - Remote Code Execution","Severity":"high","Description":"The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type of filtering, which can lead to remote code execution when deserializing XML payloads.","Classification":{"CVSSScore":"8.1"}},"file_path":"cves/2017/CVE-2017-9805.yaml"}
@@ -1026,6 +1027,7 @@
 {"ID":"CVE-2021-24340","Info":{"Name":"WordPress Statistics \u003c13.0.8 - Blind SQL Injection","Severity":"high","Description":"WordPress Statistic plugin versions prior to version 13.0.8 are affected by an unauthenticated time-based blind SQL injection vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-24340.yaml"}
 {"ID":"CVE-2021-24342","Info":{"Name":"WordPress JNews Theme \u003c8.0.6 - Cross-Site Scripting","Severity":"medium","Description":"WordPress JNews theme before 8.0.6 contains a reflected cross-site scripting vulnerability. It does not sanitize the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*).","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24342.yaml"}
 {"ID":"CVE-2021-24347","Info":{"Name":"WordPress SP Project \u0026 Document Manager \u003c4.22 - Authenticated Shell Upload","Severity":"high","Description":"WordPress SP Project \u0026 Document Manager plugin before 4.22 is susceptible to authenticated shell upload. The plugin allows users to upload files; however, the plugin attempts to prevent PHP and other similar executable files from being uploaded via checking the file extension. PHP files can still be uploaded by changing the file extension's case, for example, from php to pHP.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-24347.yaml"}
+{"ID":"CVE-2021-24351","Info":{"Name":"The Plus Addons for Elementor \u003c 4.1.12 - Cross-Site Scripting","Severity":"medium","Description":"The theplus_more_post AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting (exploitable on both unauthenticated and authenticated users)\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24351.yaml"}
 {"ID":"CVE-2021-24358","Info":{"Name":"Plus Addons for Elementor Page Builder \u003c 4.1.10 - Open Redirect","Severity":"medium","Description":"WordPress Plus Addons for Elementor Page Builder before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an open redirect issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24358.yaml"}
 {"ID":"CVE-2021-24364","Info":{"Name":"WordPress Jannah Theme \u003c5.4.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Jannah theme before 5.4.4 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24364.yaml"}
 {"ID":"CVE-2021-24370","Info":{"Name":"WordPress Fancy Product Designer \u003c4.6.9  - Arbitrary File Upload","Severity":"critical","Description":"WordPress Fancy Product Designer plugin before 4.6.9 is susceptible to an arbitrary file upload. An attacker can upload malicious files and execute code on the server, modify data, and/or gain full control over a compromised system without authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24370.yaml"}
@@ -1323,7 +1325,7 @@
 {"ID":"CVE-2022-0148","Info":{"Name":"WordPress All-in-one Floating Contact Form \u003c2.0.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs plugin before 2.0.4 contains a reflected cross-site scripting vulnerability on the my-sticky-elements-leads admin page.","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-0148.yaml"}
 {"ID":"CVE-2022-0149","Info":{"Name":"WooCommerce Stored Exporter WordPress Plugin \u003c 2.7.1 - Cross-Site Scripting","Severity":"medium","Description":"The plugin was affected by a reflected cross-site scripting vulnerability in the woo_ce admin page.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-0149.yaml"}
 {"ID":"CVE-2022-0150","Info":{"Name":"WordPress Accessibility Helper \u003c0.6.0.7 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Accessibility Helper plugin before 0.6.0.7 contains a cross-site scripting vulnerability. It does not sanitize and escape the wahi parameter before outputting back its base64 decode value in the page.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-0150.yaml"}
-{"ID":"CVE-2022-0165","Info":{"Name":"WordPress Page Builder KingComposer \u003c=2.9.6 - Open Redirect","Severity":"high","Description":"WordPress Page Builder KingComposer 2.9.6 and prior does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action (which is available to both unauthenticated and authenticated users).","Classification":{"CVSSScore":"8.80"}},"file_path":"cves/2022/CVE-2022-0165.yaml"}
+{"ID":"CVE-2022-0165","Info":{"Name":"WordPress Page Builder KingComposer \u003c=2.9.6 - Open Redirect","Severity":"medium","Description":"WordPress Page Builder KingComposer 2.9.6 and prior does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action (which is available to both unauthenticated and authenticated users).","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-0165.yaml"}
 {"ID":"CVE-2022-0189","Info":{"Name":"WordPress RSS Aggregator \u003c 4.20 - Authenticated Cross-Site Scripting","Severity":"medium","Description":"WordPress RSS Aggregator \u003c 4.20 is susceptible to cross-site scripting. The plugin does not sanitize and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to reflected cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-0189.yaml"}
 {"ID":"CVE-2022-0201","Info":{"Name":"WordPress Permalink Manager \u003c2.2.15 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Permalink Manager Lite and Pro plugins before 2.2.15 contain a reflected cross-site scripting vulnerability. They do not sanitize and escape query parameters before outputting them back in the debug page.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-0201.yaml"}
 {"ID":"CVE-2022-0206","Info":{"Name":"NewStatPress \u003c 1.3.6 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-0206.yaml"}
@@ -1397,7 +1399,7 @@
 {"ID":"CVE-2022-1390","Info":{"Name":"WordPress Admin Word Count Column 2.2 - Local File Inclusion","Severity":"critical","Description":"The plugin does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-1390.yaml"}
 {"ID":"CVE-2022-1391","Info":{"Name":"WordPress Cab fare calculator \u003c 1.0.4 - Local File Inclusion","Severity":"critical","Description":"The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-1391.yaml"}
 {"ID":"CVE-2022-1392","Info":{"Name":"WordPress Videos sync PDF \u003c=1.7.4 - Local File Inclusion","Severity":"high","Description":"WordPress Videos sync PDF 1.7.4 and prior does not validate the p parameter before using it in an include statement, which could lead to local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-1392.yaml"}
-{"ID":"CVE-2022-1398","Info":{"Name":"External Media without Import \u003c= 1.1.2 - Authenticated Blind SSRF","Severity":"medium","Description":"The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2022/CVE-2022-1398.yaml"}
+{"ID":"CVE-2022-1398","Info":{"Name":"External Media without Import \u003c= 1.1.2 - Authenticated Blind SSRF","Severity":"medium","Description":"The External Media without Import WordPress plugin through 1.1.2 does not have any authorization and does not ensure that media added via URLs are external media, which could allow any authenticated users (including subscriber) to perform blind SSRF attacks.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2022/CVE-2022-1398.yaml"}
 {"ID":"CVE-2022-1439","Info":{"Name":"Microweber \u003c1.2.15 - Cross-Site Scripting","Severity":"medium","Description":"Microweber prior to 1.2.15 contains a reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-1439.yaml"}
 {"ID":"CVE-2022-1442","Info":{"Name":"WordPress Plugin Metform \u003c= 2.1.3 - Unauthenticated Sensitive Information Disclosure","Severity":"high","Description":"The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-1442.yaml"}
 {"ID":"CVE-2022-1574","Info":{"Name":"WordPress HTML2WP \u003c=1.0.0 - Arbitrary File Upload","Severity":"critical","Description":"WordPress HTML2WP plugin through 1.0.0 contains an arbitrary file upload vulnerability. The plugin does not perform authorization and CSRF checks when importing files and does not validate them. As a result, an attacker can upload arbitrary files on the remote server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-1574.yaml"}
@@ -1422,6 +1424,7 @@
 {"ID":"CVE-2022-21371","Info":{"Name":"Oracle WebLogic Server Local File Inclusion","Severity":"high","Description":"An easily exploitable local file inclusion vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Successful attacks of this vulnerability can result in unauthorized and sometimes complete access to critical data.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-21371.yaml"}
 {"ID":"CVE-2022-21500","Info":{"Name":"Oracle E-Business Suite \u003c=12.2 - Authentication Bypass","Severity":"high","Description":"Oracle E-Business Suite (component: Manage Proxies) 12.1 and 12.2 are susceptible to an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise it by self-registering for an account. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-21500.yaml"}
 {"ID":"CVE-2022-21587","Info":{"Name":"Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution","Severity":"critical","Description":"Oracle E-Business Suite 12.2.3 through 12.2.11 is susceptible to remote code execution via the Oracle Web Applications Desktop Integrator product, Upload component. An attacker with HTTP network access can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-21587.yaml"}
+{"ID":"CVE-2022-21661","Info":{"Name":"WordPress Core 5.8.3 \u003c= 'WP_Query' - SQL Injection","Severity":"high","Description":"Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-21661.yaml"}
 {"ID":"CVE-2022-21705","Info":{"Name":"October CMS -  Remote Code Execution","Severity":"high","Description":"October CMS is susceptible to remote code execution. In affected versions, user input is not properly sanitized before rendering. An authenticated user with the permissions to create, modify, and delete website pages can bypass cms.safe_mode and cms.enableSafeMode in order to execute arbitrary code. This affects admin panels that rely on safe mode and restricted permissions.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2022/CVE-2022-21705.yaml"}
 {"ID":"CVE-2022-2185","Info":{"Name":"GitLab CE/EE - Import RCE","Severity":"high","Description":"A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2022/CVE-2022-2185.yaml"}
 {"ID":"CVE-2022-2187","Info":{"Name":"WordPress Contact Form 7 Captcha \u003c0.1.2 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Contact Form 7 Captcha plugin before 0.1.2 contains a reflected cross-site scripting vulnerability. It does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-2187.yaml"}

diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt
@@ -1 +1 @@
-0c55bc83013c170e10bb78f5c4c6d868
+2c04a03d0e264c86e5df4c10ed677b4e