Auto Generated cves.json [Tue Aug 22 08:29:40 UTC 2023] :robot:

projectdiscovery · Aug 22, 2023 · 54a704d · 54a704d
1 parent eb9e55e
commit 54a704d
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/cves.json b/cves.json
@@ -685,6 +685,7 @@
 {"ID":"CVE-2019-18818","Info":{"Name":"strapi CMS \u003c3.0.0-beta.17.5 - Admin Password Reset","Severity":"critical","Description":"strapi CMS before 3.0.0-beta.17.5 allows admin password resets because it mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-18818.yaml"}
 {"ID":"CVE-2019-18922","Info":{"Name":"Allied Telesis AT-GS950/8 - Local File Inclusion","Severity":"high","Description":"Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 is susceptible to local file inclusion via its web interface.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-18922.yaml"}
 {"ID":"CVE-2019-18957","Info":{"Name":"MicroStrategy Library \u003c11.1.3 - Cross-Site Scripting","Severity":"medium","Description":"MicroStrategy Library before 11.1.3 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-18957.yaml"}
+{"ID":"CVE-2019-1898","Info":{"Name":"Cisco RV110W RV130W RV215W Router - Information leakage","Severity":"medium","Description":"A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2019/CVE-2019-1898.yaml"}
 {"ID":"CVE-2019-19134","Info":{"Name":"WordPress Hero Maps Premium \u003c=2.2.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Hero Maps Premium plugin 2.2.1 and prior contains an unauthenticated reflected cross-site scripting vulnerability via the views/dashboard/index.php p parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-19134.yaml"}
 {"ID":"CVE-2019-19368","Info":{"Name":"Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting","Severity":"medium","Description":"Rumpus FTP Web File Manager 8.2.9.1 contains a reflected cross-site scripting vulnerability via the Login page. An attacker can send a crafted link to end users and can execute arbitrary JavaScript.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-19368.yaml"}
 {"ID":"CVE-2019-1943","Info":{"Name":"Cisco Small Business 200,300 and 500 Series Switches - Open Redirect","Severity":"medium","Description":"Cisco Small Business 200,300 and 500 Series Switches contain an open redirect vulnerability in the Web UI. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-1943.yaml"}
@@ -1341,6 +1342,7 @@
 {"ID":"CVE-2021-41349","Info":{"Name":"Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting","Severity":"medium","Description":"Microsoft Exchange Server is vulnerable to a spoofing vulnerability. Be aware this CVE ID is unique from CVE-2021-42305.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-41349.yaml"}
 {"ID":"CVE-2021-41381","Info":{"Name":"Payara Micro Community 5.2021.6 Directory Traversal","Severity":"high","Description":"Payara Micro Community 5.2021.6 and below contains a directory traversal vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41381.yaml"}
 {"ID":"CVE-2021-41432","Info":{"Name":"FlatPress 1.2.1 - Stored Cross-Site Scripting","Severity":"medium","Description":"FlatPress 1.2.1 contains a stored cross-site scripting vulnerability that allows for arbitrary execution of JavaScript commands through blog content. An attacker can possibly steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-41432.yaml"}
+{"ID":"CVE-2021-41460","Info":{"Name":"ECShop 4.1.0 - SQL Injection","Severity":"high","Description":"ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-41460.yaml"}
 {"ID":"CVE-2021-41467","Info":{"Name":"JustWriting  -  Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-41467.yaml"}
 {"ID":"CVE-2021-41569","Info":{"Name":"SAS/Internet 9.4 1520 - Local File Inclusion","Severity":"high","Description":"SAS/Internet 9.4 build 1520 and earlier allows local file inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41569.yaml"}
 {"ID":"CVE-2021-41648","Info":{"Name":"PuneethReddyHC action.php SQL Injection","Severity":"high","Description":"An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping through the /action.php prId parameter. Using a post request does not sanitize the user input.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41648.yaml"}
@@ -1509,6 +1511,7 @@
 {"ID":"CVE-2022-1609","Info":{"Name":"The School Management \u003c 9.9.7 - Remote Code Execution","Severity":"critical","Description":"The School Management plugin before version 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2022/CVE-2022-1609.yaml"}
 {"ID":"CVE-2022-1713","Info":{"Name":"Drawio \u003c18.0.4 - Server-Side Request Forgery","Severity":"high","Description":"Drawio prior to 18.0.4 is vulnerable to server-side request forgery. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-1713.yaml"}
 {"ID":"CVE-2022-1724","Info":{"Name":"WordPress Simple Membership \u003c4.1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Simple Membership plugin before 4.1.1 contains a reflected cross-site scripting vulnerability. It does not properly sanitize and escape parameters before outputting them back in AJAX actions.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1724.yaml"}
+{"ID":"CVE-2022-1756","Info":{"Name":"Newsletter \u003c 7.4.5 - Cross-Site Scripting","Severity":"medium","Description":"The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1756.yaml"}
 {"ID":"CVE-2022-1768","Info":{"Name":"WordPress RSVPMaker \u003c=9.3.2 - SQL Injection","Severity":"high","Description":"WordPress RSVPMaker plugin through 9.3.2 contains a SQL injection vulnerability due to insufficient escaping and parameterization on user-supplied data passed to multiple SQL queries in ~/rsvpmaker-email.php. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-1768.yaml"}
 {"ID":"CVE-2022-1815","Info":{"Name":"Drawio \u003c18.1.2 - Server-Side Request Forgery","Severity":"high","Description":"Drawio before 18.1.2 is susceptible to server-side request forgery via the /service endpoint in jgraph/drawio.  An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-1815.yaml"}
 {"ID":"CVE-2022-1883","Info":{"Name":"Terraboard \u003c2.2.0 - SQL Injection","Severity":"high","Description":"Terraboard prior to 2.2.0 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-1883.yaml"}

diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt
@@ -1 +1 @@
-e34b41355a525a44275b925934283544
+2a27df6e7720e91115a6f5f83175f4ea