-
Notifications
You must be signed in to change notification settings - Fork 345
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
GHSA-3fvg-xwx5-3cr8 GHSA-43c2-phgp-56f4 GHSA-47x9-rgw2-xh4h GHSA-pc87-q35p-2r45 GHSA-pfp6-3p25-49rj GHSA-w36g-fvwm-vmc3
- Loading branch information
1 parent
61dfa10
commit 6242307
Showing
6 changed files
with
316 additions
and
0 deletions.
There are no files selected for viewing
52 changes: 52 additions & 0 deletions
52
advisories/unreviewed/2024/12/GHSA-3fvg-xwx5-3cr8/GHSA-3fvg-xwx5-3cr8.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-3fvg-xwx5-3cr8", | ||
| "modified": "2024-12-29T21:30:30Z", | ||
| "published": "2024-12-29T21:30:30Z", | ||
| "aliases": [ | ||
| "CVE-2024-13023" | ||
| ], | ||
| "details": "A vulnerability has been found in PHPGurukul Maid Hiring Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/search-maid.php of the component Search Maid Page. The manipulation of the argument searchdata leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" | ||
| }, | ||
| { | ||
| "type": "CVSS_V4", | ||
| "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13023" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://phpgurukul.com" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?ctiid.289714" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?id.289714" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?submit.470461" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-79" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-29T21:15:06Z" | ||
| } | ||
| } |
52 changes: 52 additions & 0 deletions
52
advisories/unreviewed/2024/12/GHSA-43c2-phgp-56f4/GHSA-43c2-phgp-56f4.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-43c2-phgp-56f4", | ||
| "modified": "2024-12-29T21:30:29Z", | ||
| "published": "2024-12-29T21:30:29Z", | ||
| "aliases": [ | ||
| "CVE-2024-13019" | ||
| ], | ||
| "details": "A vulnerability classified as problematic has been found in code-projects Chat System 1.0. Affected is an unknown function of the file /admin/update_room.php of the component Chat Room Page. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" | ||
| }, | ||
| { | ||
| "type": "CVSS_V4", | ||
| "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13019" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://code-projects.org" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?ctiid.289710" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?id.289710" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?submit.470599" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-79" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-29T19:15:06Z" | ||
| } | ||
| } |
52 changes: 52 additions & 0 deletions
52
advisories/unreviewed/2024/12/GHSA-47x9-rgw2-xh4h/GHSA-47x9-rgw2-xh4h.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-47x9-rgw2-xh4h", | ||
| "modified": "2024-12-29T21:30:30Z", | ||
| "published": "2024-12-29T21:30:30Z", | ||
| "aliases": [ | ||
| "CVE-2024-13024" | ||
| ], | ||
| "details": "A vulnerability was found in Codezips Blood Bank Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /campaign.php. The manipulation of the argument cname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" | ||
| }, | ||
| { | ||
| "type": "CVSS_V4", | ||
| "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13024" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/isRainy/VULDB/blob/main/Blood_Bank_Management_System.md" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?ctiid.289715" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?id.289715" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?submit.471038" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-74" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-29T21:15:06Z" | ||
| } | ||
| } |
52 changes: 52 additions & 0 deletions
52
advisories/unreviewed/2024/12/GHSA-pc87-q35p-2r45/GHSA-pc87-q35p-2r45.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-pc87-q35p-2r45", | ||
| "modified": "2024-12-29T21:30:29Z", | ||
| "published": "2024-12-29T21:30:29Z", | ||
| "aliases": [ | ||
| "CVE-2024-13020" | ||
| ], | ||
| "details": "A vulnerability classified as critical was found in code-projects Chat System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/chatroom.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" | ||
| }, | ||
| { | ||
| "type": "CVSS_V4", | ||
| "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13020" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://code-projects.org" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?ctiid.289711" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?id.289711" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?submit.470600" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-74" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-29T19:15:07Z" | ||
| } | ||
| } |
56 changes: 56 additions & 0 deletions
56
advisories/unreviewed/2024/12/GHSA-pfp6-3p25-49rj/GHSA-pfp6-3p25-49rj.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-pfp6-3p25-49rj", | ||
| "modified": "2024-12-29T21:30:30Z", | ||
| "published": "2024-12-29T21:30:30Z", | ||
| "aliases": [ | ||
| "CVE-2024-13021" | ||
| ], | ||
| "details": "A vulnerability, which was classified as problematic, has been found in SourceCodester Road Accident Map Marker 1.0. Affected by this issue is some unknown functionality of the file /endpoint/add-mark.php. The manipulation of the argument mark_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" | ||
| }, | ||
| { | ||
| "type": "CVSS_V4", | ||
| "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13021" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/shaturo1337/POCs/blob/main/Stored%20XSS%20Vulnerability%20in%20Road%20Accident%20Map%20Marker.md" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?ctiid.289712" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?id.289712" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?submit.469267" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.sourcecodester.com" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-79" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-29T20:15:05Z" | ||
| } | ||
| } |
52 changes: 52 additions & 0 deletions
52
advisories/unreviewed/2024/12/GHSA-w36g-fvwm-vmc3/GHSA-w36g-fvwm-vmc3.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-w36g-fvwm-vmc3", | ||
| "modified": "2024-12-29T21:30:30Z", | ||
| "published": "2024-12-29T21:30:30Z", | ||
| "aliases": [ | ||
| "CVE-2024-13022" | ||
| ], | ||
| "details": "A vulnerability, which was classified as critical, was found in taisan tarzan-cms 1.0.0. This affects the function UploadResponse of the file src/main/java/com/tarzan/cms/modules/admin/controller/common/UploadController.java of the component Article Management. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" | ||
| }, | ||
| { | ||
| "type": "CVSS_V4", | ||
| "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13022" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://gitee.com/taisan/tarzan-cms/issues/IBCUPG" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?ctiid.289713" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?id.289713" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?submit.467471" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-284" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-12-29T20:15:05Z" | ||
| } | ||
| } |