Publish Advisories

GHSA-79x8-79gq-rxxc
GHSA-fmpp-8f7j-vvr4
GHSA-2v7w-p95j-mfhp
GHSA-4gr5-vxg2-5c62
GHSA-5gjw-c85q-72c7
GHSA-773x-pxjg-gxgx
GHSA-7f2q-g84r-xq9f
GHSA-942h-7wq8-4623
GHSA-9phg-gg4w-6m7h
GHSA-gx24-fg4m-2f7m
GHSA-j7h5-wpgx-r8m9
GHSA-mfvj-g4mp-wqx2
GHSA-phfp-9x4x-56gj
GHSA-rcp3-h3cv-rfv7
GHSA-rf8c-553r-qgf7
GHSA-2j3x-fvgp-v399
GHSA-4mch-p64h-q4jf
GHSA-5p4m-vh8m-vc4h
GHSA-gj25-8h3h-5p86
GHSA-mc3r-j8vp-9xmx
GHSA-rp7w-qpv5-65rh
GHSA-rxq6-2jg5-8jc6
GHSA-w3qg-5chj-8g9g

Author: advisory-database[bot]

advisories/unreviewed/2024/11/GHSA-79x8-79gq-rxxc/GHSA-79x8-79gq-rxxc.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-79x8-79gq-rxxc",
-  "modified": "2024-11-20T21:30:50Z",
+  "modified": "2025-06-11T21:30:38Z",
   "published": "2024-11-20T21:30:50Z",
   "aliases": [
     "CVE-2024-45510"
   ],
   "details": "An issue was discovered in Zimbra Collaboration (ZCS) through 10.0. Zimbra Webmail (Modern UI) is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper sanitization of user input. This allows an attacker to inject malicious code into specific fields of an e-mail message. When the victim adds the attacker to their contacts, the malicious code is stored and executed when viewing the contact list. This can lead to unauthorized actions such as arbitrary mail sending, mailbox exfiltration, profile picture alteration, and other malicious actions. Proper sanitization and escaping of input fields are necessary to mitigate this vulnerability.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -36,8 +41,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-11-20T20:15:18Z"

advisories/unreviewed/2024/11/GHSA-fmpp-8f7j-vvr4/GHSA-fmpp-8f7j-vvr4.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fmpp-8f7j-vvr4",
-  "modified": "2024-11-20T21:30:50Z",
+  "modified": "2025-06-11T21:30:37Z",
   "published": "2024-11-20T21:30:50Z",
   "aliases": [
     "CVE-2024-45511"
   ],
   "details": "An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A reflected Cross-Site Scripting (XSS) issue exists through the Briefcase module due to improper sanitization of file content by the OnlyOffice formatter. This occurs when the victim opens a crafted URL pointing to a shared folder containing a malicious file uploaded by the attacker. The vulnerability allows the attacker to execute arbitrary JavaScript in the context of the victim's session.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2024-11-20T19:15:06Z"

advisories/unreviewed/2025/05/GHSA-2v7w-p95j-mfhp/GHSA-2v7w-p95j-mfhp.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-89"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/05/GHSA-4gr5-vxg2-5c62/GHSA-4gr5-vxg2-5c62.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-79"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/05/GHSA-5gjw-c85q-72c7/GHSA-5gjw-c85q-72c7.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-89"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/05/GHSA-773x-pxjg-gxgx/GHSA-773x-pxjg-gxgx.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-773x-pxjg-gxgx",
-  "modified": "2025-05-30T03:30:32Z",
+  "modified": "2025-06-11T21:30:40Z",
   "published": "2025-05-30T03:30:32Z",
   "aliases": [
     "CVE-2025-48757"
@@ -31,6 +31,10 @@
       "type": "WEB",
       "url": "https://mattpalmer.io/posts/CVE-2025-48757"
     },
+    {
+      "type": "WEB",
+      "url": "https://mattpalmer.io/posts/statement-on-CVE-2025-48757"
+    },
     {
       "type": "WEB",
       "url": "https://x.com/danialasaria/status/1911862269996118272"

advisories/unreviewed/2025/05/GHSA-7f2q-g84r-xq9f/GHSA-7f2q-g84r-xq9f.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-352"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/05/GHSA-942h-7wq8-4623/GHSA-942h-7wq8-4623.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-352"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/05/GHSA-9phg-gg4w-6m7h/GHSA-9phg-gg4w-6m7h.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-79"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/05/GHSA-gx24-fg4m-2f7m/GHSA-gx24-fg4m-2f7m.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-79"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/05/GHSA-j7h5-wpgx-r8m9/GHSA-j7h5-wpgx-r8m9.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-601"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/05/GHSA-mfvj-g4mp-wqx2/GHSA-mfvj-g4mp-wqx2.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-352"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/05/GHSA-phfp-9x4x-56gj/GHSA-phfp-9x4x-56gj.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-352"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/05/GHSA-rcp3-h3cv-rfv7/GHSA-rcp3-h3cv-rfv7.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-352"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/05/GHSA-rf8c-553r-qgf7/GHSA-rf8c-553r-qgf7.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-79"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/06/GHSA-2j3x-fvgp-v399/GHSA-2j3x-fvgp-v399.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2j3x-fvgp-v399",
+  "modified": "2025-06-11T21:30:40Z",
+  "published": "2025-06-11T21:30:40Z",
+  "aliases": [
+    "CVE-2025-30085"
+  ],
+  "details": "Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla was discovered. The issue occurs within the submission export feature and requires administrative access to the export feature.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:X/V:X/RE:L/U:Clear"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30085"
+    },
+    {
+      "type": "WEB",
+      "url": "https://rsjoomla.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-94"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-06-11T20:15:22Z"
+  }
+}

advisories/unreviewed/2025/06/GHSA-4mch-p64h-q4jf/GHSA-4mch-p64h-q4jf.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4mch-p64h-q4jf",
+  "modified": "2025-06-11T21:30:39Z",
+  "published": "2025-06-11T21:30:39Z",
+  "aliases": [
+    "CVE-2024-45513"
+  ],
+  "details": "An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A stored Cross-Site Scripting (XSS) vulnerability exists in the /modern/contacts/print endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code in the context of the victim's browser when a crafted vCard (VCF) file is processed and printed. This could lead to unauthorized actions within the victim's session.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45513"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wiki.zimbra.com/wiki/Security_Center"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-21T17:15:15Z"
+  }
+}

advisories/unreviewed/2025/06/GHSA-5p4m-vh8m-vc4h/GHSA-5p4m-vh8m-vc4h.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5p4m-vh8m-vc4h",
+  "modified": "2025-06-11T21:30:40Z",
+  "published": "2025-06-11T21:30:40Z",
+  "aliases": [
+    "CVE-2025-32465"
+  ],
+  "details": "A stored XSS vulnerability in RSTickets! component 1.9.12 - 3.3.0 for Joomla was discovered. It allows attackers to perform cross-site scripting (XSS) attacks via sending crafted payload.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:X/V:X/RE:L/U:Clear"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32465"
+    },
+    {
+      "type": "WEB",
+      "url": "https://rsjoomla.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-06-11T20:15:23Z"
+  }
+}