1 changes (1 new | 0 updated):

- 1 new CVEs: CVE-2024-13069 - 0 updated CVEs:
CVEProject · Dec 31, 2024 · 0c21398 · 0c21398
1 parent afb5064
commit 0c21398
Show file tree

Hide file tree

Showing 3 changed files with 182 additions and 86 deletions.
diff --git a/cves/2024/13xxx/CVE-2024-13069.json b/cves/2024/13xxx/CVE-2024-13069.json
@@ -0,0 +1,161 @@
+{
+    "dataType": "CVE_RECORD",
+    "dataVersion": "5.1",
+    "cveMetadata": {
+        "cveId": "CVE-2024-13069",
+        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
+        "state": "PUBLISHED",
+        "assignerShortName": "VulDB",
+        "dateReserved": "2024-12-31T08:41:08.229Z",
+        "datePublished": "2024-12-31T10:38:12.305Z",
+        "dateUpdated": "2024-12-31T10:38:12.305Z"
+    },
+    "containers": {
+        "cna": {
+            "providerMetadata": {
+                "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
+                "shortName": "VulDB",
+                "dateUpdated": "2024-12-31T10:38:12.305Z"
+            },
+            "title": "SourceCodester Multi Role Login System add-user.php cross site scripting",
+            "problemTypes": [
+                {
+                    "descriptions": [
+                        {
+                            "type": "CWE",
+                            "cweId": "CWE-79",
+                            "lang": "en",
+                            "description": "Cross Site Scripting"
+                        }
+                    ]
+                },
+                {
+                    "descriptions": [
+                        {
+                            "type": "CWE",
+                            "cweId": "CWE-94",
+                            "lang": "en",
+                            "description": "Code Injection"
+                        }
+                    ]
+                }
+            ],
+            "affected": [
+                {
+                    "vendor": "SourceCodester",
+                    "product": "Multi Role Login System",
+                    "versions": [
+                        {
+                            "version": "1.0",
+                            "status": "affected"
+                        }
+                    ]
+                }
+            ],
+            "descriptions": [
+                {
+                    "lang": "en",
+                    "value": "A vulnerability was found in SourceCodester Multi Role Login System 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/add-user.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
+                },
+                {
+                    "lang": "de",
+                    "value": "Es wurde eine problematische Schwachstelle in SourceCodester Multi Role Login System 1.0 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Datei /endpoint/add-user.php. Durch das Manipulieren des Arguments name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung."
+                }
+            ],
+            "metrics": [
+                {
+                    "cvssV4_0": {
+                        "version": "4.0",
+                        "baseScore": 5.3,
+                        "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
+                        "baseSeverity": "MEDIUM"
+                    }
+                },
+                {
+                    "cvssV3_1": {
+                        "version": "3.1",
+                        "baseScore": 3.5,
+                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+                        "baseSeverity": "LOW"
+                    }
+                },
+                {
+                    "cvssV3_0": {
+                        "version": "3.0",
+                        "baseScore": 3.5,
+                        "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+                        "baseSeverity": "LOW"
+                    }
+                },
+                {
+                    "cvssV2_0": {
+                        "version": "2.0",
+                        "baseScore": 4,
+                        "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
+                    }
+                }
+            ],
+            "timeline": [
+                {
+                    "time": "2024-12-31T00:00:00.000Z",
+                    "lang": "en",
+                    "value": "Advisory disclosed"
+                },
+                {
+                    "time": "2024-12-31T01:00:00.000Z",
+                    "lang": "en",
+                    "value": "VulDB entry created"
+                },
+                {
+                    "time": "2024-12-31T09:46:19.000Z",
+                    "lang": "en",
+                    "value": "VulDB entry last update"
+                }
+            ],
+            "credits": [
+                {
+                    "lang": "en",
+                    "value": "John Correche (VulDB User)",
+                    "type": "reporter"
+                }
+            ],
+            "references": [
+                {
+                    "url": "https://vuldb.com/?id.289824",
+                    "name": "VDB-289824 | SourceCodester Multi Role Login System add-user.php cross site scripting",
+                    "tags": [
+                        "vdb-entry",
+                        "technical-description"
+                    ]
+                },
+                {
+                    "url": "https://vuldb.com/?ctiid.289824",
+                    "name": "VDB-289824 | CTI Indicators (IOB, IOC, TTP, IOA)",
+                    "tags": [
+                        "signature",
+                        "permissions-required"
+                    ]
+                },
+                {
+                    "url": "https://vuldb.com/?submit.469520",
+                    "name": "Submit #469520 | SourceCodester Multi Role Login System 1.0 Stored Cross-Site Scripting (XSS)",
+                    "tags": [
+                        "third-party-advisory"
+                    ]
+                },
+                {
+                    "url": "https://github.com/shaturo1337/POCs/blob/main/Stored%20XSS%20Vulnerability%20in%20Multi%20Role%20Login%20System.md",
+                    "tags": [
+                        "exploit"
+                    ]
+                },
+                {
+                    "url": "https://www.sourcecodester.com/",
+                    "tags": [
+                        "product"
+                    ]
+                }
+            ]
+        }
+    }
+}
diff --git a/cves/delta.json b/cves/delta.json
@@ -1,93 +1,14 @@
 {
-  "fetchTime": "2024-12-31T10:34:35.425Z",
-  "numberOfChanges": 14,
+  "fetchTime": "2024-12-31T10:41:58.682Z",
+  "numberOfChanges": 1,
   "new": [
     {
-      "cveId": "CVE-2024-12105",
-      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12105",
-      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12105.json",
-      "dateUpdated": "2024-12-31T10:32:08.238Z"
-    },
-    {
-      "cveId": "CVE-2024-12106",
-      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12106",
-      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12106.json",
-      "dateUpdated": "2024-12-31T10:32:02.035Z"
-    },
-    {
-      "cveId": "CVE-2024-12108",
-      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12108",
-      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12108.json",
-      "dateUpdated": "2024-12-31T10:31:56.107Z"
-    },
-    {
-      "cveId": "CVE-2024-56209",
-      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56209",
-      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56209.json",
-      "dateUpdated": "2024-12-31T10:33:43.176Z"
-    },
-    {
-      "cveId": "CVE-2024-56210",
-      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56210",
-      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56210.json",
-      "dateUpdated": "2024-12-31T10:32:48.853Z"
-    },
-    {
-      "cveId": "CVE-2024-56221",
-      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56221",
-      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56221.json",
-      "dateUpdated": "2024-12-31T10:31:42.399Z"
-    },
-    {
-      "cveId": "CVE-2024-56223",
-      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56223",
-      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56223.json",
-      "dateUpdated": "2024-12-31T10:30:46.565Z"
-    },
-    {
-      "cveId": "CVE-2024-56224",
-      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56224",
-      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56224.json",
-      "dateUpdated": "2024-12-31T10:29:57.649Z"
-    },
-    {
-      "cveId": "CVE-2024-56226",
-      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56226",
-      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56226.json",
-      "dateUpdated": "2024-12-31T10:29:08.495Z"
-    },
-    {
-      "cveId": "CVE-2024-56228",
-      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56228",
-      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56228.json",
-      "dateUpdated": "2024-12-31T10:28:22.918Z"
-    },
-    {
-      "cveId": "CVE-2024-56231",
-      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56231",
-      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56231.json",
-      "dateUpdated": "2024-12-31T10:27:14.085Z"
-    },
-    {
-      "cveId": "CVE-2024-56233",
-      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56233",
-      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56233.json",
-      "dateUpdated": "2024-12-31T10:26:25.270Z"
-    },
-    {
-      "cveId": "CVE-2024-56234",
-      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56234",
-      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56234.json",
-      "dateUpdated": "2024-12-31T10:25:39.128Z"
-    }
-  ],
-  "updated": [
-    {
-      "cveId": "CVE-2024-9355",
-      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-9355",
-      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/9xxx/CVE-2024-9355.json",
-      "dateUpdated": "2024-12-31T10:28:33.446Z"
+      "cveId": "CVE-2024-13069",
+      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13069",
+      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13069.json",
+      "dateUpdated": "2024-12-31T10:38:12.305Z"
     }
   ],
+  "updated": [],
   "error": []
 }
diff --git a/cves/deltaLog.json b/cves/deltaLog.json
@@ -1,4 +1,18 @@
 [
+  {
+    "fetchTime": "2024-12-31T10:41:58.682Z",
+    "numberOfChanges": 1,
+    "new": [
+      {
+        "cveId": "CVE-2024-13069",
+        "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-13069",
+        "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/13xxx/CVE-2024-13069.json",
+        "dateUpdated": "2024-12-31T10:38:12.305Z"
+      }
+    ],
+    "updated": [],
+    "error": []
+  },
   {
     "fetchTime": "2024-12-31T10:34:35.425Z",
     "numberOfChanges": 14,