admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

Browse Source
This commit is contained in:
ghost
2025-11-30 09:43:49 +00:00
parent fef0d43283
commit ad54827d62
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@@ -2552,6 +2552,7 @@
{"ID":"CVE-2023-3849","Info":{"Name":"mooDating 1.2 - Cross-site scripting","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. Affected is an unknown function of the file /find-a-match of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3849.yaml"}
{"ID":"CVE-2023-38501","Info":{"Name":"CopyParty v1.8.6 - Cross Site Scripting","Severity":"medium","Description":"Copyparty is a portable file server. Versions prior to 1.8.6 are subject to a reflected cross-site scripting (XSS) Attack.Vulnerability that exists in the web interface of the application could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-38501.yaml"}
{"ID":"CVE-2023-38646","Info":{"Name":"Metabase \u003c 0.46.6.1 - Remote Code Execution","Severity":"critical","Description":"Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38646.yaml"}
{"ID":"CVE-2023-38875","Info":{"Name":"PHP Login System 2.0.1 - Cross-Site Scripting","Severity":"medium","Description":"msaad1999's PHP-Login-System 2.0.1 contains a reflected cross-site scripting caused by unsanitized input in 'validator' parameter in /reset-password, letting remote attackers execute arbitrary JavaScript in a user's browser, exploit requires attacker to craft malicious URL\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-38875.yaml"}
{"ID":"CVE-2023-38879","Info":{"Name":"openSIS v9.0 - Path Traversal","Severity":"high","Description":"A path traversal vulnerability exists in openSIS Classic Community Edition v9.0 via the 'filename' parameter in DownloadWindow.php. An unauthenticated remote attacker can exploit this to read arbitrary files on the server by manipulating file paths.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-38879.yaml"}
{"ID":"CVE-2023-38950","Info":{"Name":"ZKTeco BioTime v8.5.5 - Path Traversal","Severity":"high","Description":"A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-38950.yaml"}
{"ID":"CVE-2023-38964","Info":{"Name":"Academy LMS 6.0 - Cross-Site Scripting","Severity":"medium","Description":"Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability through `query` parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-38964.yaml"}

2
cves.json-checksum.txt
View File

@@ -1 +1 @@
586c34d78b5069508832e896c7ef31aa
49e4d5d540dd5b4924b6a6931286e3db