generated content from 2023-10-22

mapping.csv

@@ -215444,3 +215444,18 @@ vulnerability,CVE-2023-3962,vulnerability--4eb84779-b44f-46ff-b787-be279c78f53d
 vulnerability,CVE-2023-3933,vulnerability--c2b04a99-3200-44c3-9cc3-468bcd2f88d0
 vulnerability,CVE-2023-3998,vulnerability--2f083020-0e5e-445d-b65e-2775d2908d6a
 vulnerability,CVE-2023-37824,vulnerability--fe0154b6-6547-4983-bb86-bcc5627c6628
+vulnerability,CVE-2023-5684,vulnerability--2e419f85-63e1-41e9-8c91-66f1c6a1c3f5
+vulnerability,CVE-2023-5205,vulnerability--4944d6cc-d0f3-4c34-9f00-a3b152a17682
+vulnerability,CVE-2023-5683,vulnerability--db045120-b3ec-40d7-8dea-bed3a71ff20c
+vulnerability,CVE-2023-5132,vulnerability--c685b1ff-d73a-4a7f-9815-40a024e5d069
+vulnerability,CVE-2023-38192,vulnerability--d4d45d87-af9d-4ace-9998-7e8cf6633190
+vulnerability,CVE-2023-38193,vulnerability--b0b075cb-ea28-47d2-9aed-bb40a86c7ce9
+vulnerability,CVE-2023-38194,vulnerability--716e919e-7273-4ddc-b94a-312a29953b7e
+vulnerability,CVE-2023-38190,vulnerability--72a68327-049d-4f7f-8cc8-cbb67d415529
+vulnerability,CVE-2023-4635,vulnerability--357b239e-72fd-4e53-9487-2ecda411fcda
+vulnerability,CVE-2023-4939,vulnerability--fab3201e-d663-4784-924b-69cbe235159b
+vulnerability,CVE-2023-46003,vulnerability--837e39c6-88fe-4920-ac35-f81120fdf9b8
+vulnerability,CVE-2023-46054,vulnerability--b5de092b-fec0-4ff5-a55f-b96f84848fdd
+vulnerability,CVE-2023-46078,vulnerability--ad1ea7dd-f157-42a0-b804-a4f6f65f3adc
+vulnerability,CVE-2023-46055,vulnerability--b73ffebb-4856-4ab1-8f79-1274443a71cf
+vulnerability,CVE-2023-46067,vulnerability--44d61f11-7eb7-40c8-b7b6-28edc9bf34e4

objects/vulnerability/vulnerability--2e419f85-63e1-41e9-8c91-66f1c6a1c3f5.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--c9bbe81c-1fac-4675-8bdb-6f6ab814cc5a",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--2e419f85-63e1-41e9-8c91-66f1c6a1c3f5",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-10-22T00:17:13.459331Z",
+            "modified": "2023-10-22T00:17:13.459331Z",
+            "name": "CVE-2023-5684",
+            "description": "A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231012. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /importexport.php. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-5684"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--357b239e-72fd-4e53-9487-2ecda411fcda.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--7c4bd24b-0923-4318-9f23-4d788246bb3b",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--357b239e-72fd-4e53-9487-2ecda411fcda",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-10-22T00:17:13.963777Z",
+            "modified": "2023-10-22T00:17:13.963777Z",
+            "name": "CVE-2023-4635",
+            "description": "The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-4635"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--44d61f11-7eb7-40c8-b7b6-28edc9bf34e4.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--e9f68399-c8af-4c5a-a64e-4424476f49bf",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--44d61f11-7eb7-40c8-b7b6-28edc9bf34e4",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-10-22T00:17:15.129404Z",
+            "modified": "2023-10-22T00:17:15.129404Z",
+            "name": "CVE-2023-46067",
+            "description": "Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Font plugin <= 1.2.3 versions.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-46067"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--4944d6cc-d0f3-4c34-9f00-a3b152a17682.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--4815f0df-efc0-44cb-b802-c6d7f393cafb",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--4944d6cc-d0f3-4c34-9f00-a3b152a17682",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-10-22T00:17:13.492866Z",
+            "modified": "2023-10-22T00:17:13.492866Z",
+            "name": "CVE-2023-5205",
+            "description": "The Add Custom Body Class plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_custom_body_class' value in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-5205"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--716e919e-7273-4ddc-b94a-312a29953b7e.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--f7a0c1e5-fb86-408b-b4ce-b7608ef0c2de",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--716e919e-7273-4ddc-b94a-312a29953b7e",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-10-22T00:17:13.552135Z",
+            "modified": "2023-10-22T00:17:13.552135Z",
+            "name": "CVE-2023-38194",
+            "description": "An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keepalive.php XSS via a GET parameter.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-38194"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--72a68327-049d-4f7f-8cc8-cbb67d415529.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--75b9d607-cb75-4e5b-bde6-a66ffc1d3932",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--72a68327-049d-4f7f-8cc8-cbb67d415529",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-10-22T00:17:13.566871Z",
+            "modified": "2023-10-22T00:17:13.566871Z",
+            "name": "CVE-2023-38190",
+            "description": "An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Export SQL Injection via the size parameter.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-38190"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--837e39c6-88fe-4920-ac35-f81120fdf9b8.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--5d58d967-f2cc-4f21-a79a-fa17b4da5d4d",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--837e39c6-88fe-4920-ac35-f81120fdf9b8",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-10-22T00:17:15.096344Z",
+            "modified": "2023-10-22T00:17:15.096344Z",
+            "name": "CVE-2023-46003",
+            "description": "I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-46003"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--ad1ea7dd-f157-42a0-b804-a4f6f65f3adc.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--49950448-5ead-40b6-b90c-3322c1a15418",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--ad1ea7dd-f157-42a0-b804-a4f6f65f3adc",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-10-22T00:17:15.121931Z",
+            "modified": "2023-10-22T00:17:15.121931Z",
+            "name": "CVE-2023-46078",
+            "description": "Cross-Site Request Forgery (CSRF) vulnerability in PluginEver WC Serial Numbers plugin <= 1.6.3 versions.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-46078"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--b0b075cb-ea28-47d2-9aed-bb40a86c7ce9.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--fb409a07-f64c-406e-9c1e-5d9d4e153a88",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--b0b075cb-ea28-47d2-9aed-bb40a86c7ce9",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-10-22T00:17:13.549814Z",
+            "modified": "2023-10-22T00:17:13.549814Z",
+            "name": "CVE-2023-38193",
+            "description": "An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a crafted sendmail command line.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-38193"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--b5de092b-fec0-4ff5-a55f-b96f84848fdd.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--4238f05d-87fc-44b9-be17-6292791b02f3",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--b5de092b-fec0-4ff5-a55f-b96f84848fdd",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-10-22T00:17:15.100853Z",
+            "modified": "2023-10-22T00:17:15.100853Z",
+            "name": "CVE-2023-46054",
+            "description": "Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-46054"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--b73ffebb-4856-4ab1-8f79-1274443a71cf.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--82e5cc70-7e87-4512-8c86-4441a86b1b3f",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--b73ffebb-4856-4ab1-8f79-1274443a71cf",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-10-22T00:17:15.127839Z",
+            "modified": "2023-10-22T00:17:15.127839Z",
+            "name": "CVE-2023-46055",
+            "description": "An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the \"thingnario Logger Maintenance Webpage\" endpoint.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-46055"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--c685b1ff-d73a-4a7f-9815-40a024e5d069.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--b2dc5205-9e39-44d6-9488-f4041f2f6ee3",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--c685b1ff-d73a-4a7f-9815-40a024e5d069",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-10-22T00:17:13.515028Z",
+            "modified": "2023-10-22T00:17:13.515028Z",
+            "name": "CVE-2023-5132",
+            "description": "The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerce Order ID to expose sensitive WooCommerce order information (e.g., Name, Address, Email Address, and other order metadata).",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-5132"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--d4d45d87-af9d-4ace-9998-7e8cf6633190.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--154db47a-75a2-4b2c-b759-a4e89ceb3b9e",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--d4d45d87-af9d-4ace-9998-7e8cf6633190",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-10-22T00:17:13.544683Z",
+            "modified": "2023-10-22T00:17:13.544683Z",
+            "name": "CVE-2023-38192",
+            "description": "An issue was discovered in SuperWebMailer 9.00.0.01710. It allows superadmincreate.php XSS via crafted incorrect passwords.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-38192"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--db045120-b3ec-40d7-8dea-bed3a71ff20c.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--be8be2ae-1e0c-4fd1-94c2-3a10514143ac",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--db045120-b3ec-40d7-8dea-bed3a71ff20c",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-10-22T00:17:13.512959Z",
+            "modified": "2023-10-22T00:17:13.512959Z",
+            "name": "CVE-2023-5683",
+            "description": "A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231010 and classified as critical. This issue affects some unknown processing of the file /sysmanage/importconf.php. The manipulation of the argument btn_file_renew leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-5683"
+                }
+            ]
+        }
+    ]
+}

objects/vulnerability/vulnerability--fab3201e-d663-4784-924b-69cbe235159b.json

@@ -0,0 +1,22 @@
+{
+    "type": "bundle",
+    "id": "bundle--2d31842a-7ef0-4640-9e04-600b18444c96",
+    "objects": [
+        {
+            "type": "vulnerability",
+            "spec_version": "2.1",
+            "id": "vulnerability--fab3201e-d663-4784-924b-69cbe235159b",
+            "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+            "created": "2023-10-22T00:17:13.974016Z",
+            "modified": "2023-10-22T00:17:13.974016Z",
+            "name": "CVE-2023-4939",
+            "description": "The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. This is due to the use of a weak authentication token for the /wp-json/salesmanago/v1/callbackApiV3 API endpoint which is simply a SHA1 hash of the site URL and client ID found in the page source of the website. This makes it possible for unauthenticated attackers to inject arbitrary content into the log files, and when combined with another vulnerability this could have significant consequences.",
+            "external_references": [
+                {
+                    "source_name": "cve",
+                    "external_id": "CVE-2023-4939"
+                }
+            ]
+        }
+    ]
+}