Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2022/05/GHSA-84qf-j5p4-2cph/GHSA-84qf-j5p4-2cph.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-84qf-j5p4-2cph",
-  "modified": "2022-05-24T19:10:15Z",
+  "modified": "2026-03-06T21:30:29Z",
   "published": "2022-05-24T19:10:15Z",
   "aliases": [
     "CVE-2021-31869"
   ],
   "details": "Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. This issue was fixed in version 6.9.4 of the product.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {

advisories/unreviewed/2022/05/GHSA-xhpg-8gj2-g9m7/GHSA-xhpg-8gj2-g9m7.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xhpg-8gj2-g9m7",
-  "modified": "2022-05-24T19:18:58Z",
+  "modified": "2026-03-06T21:30:29Z",
   "published": "2022-05-24T19:18:58Z",
   "aliases": [
     "CVE-2020-24932"
   ],
   "details": "An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {

advisories/unreviewed/2022/08/GHSA-6mwq-4j3f-rr3x/GHSA-6mwq-4j3f-rr3x.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6mwq-4j3f-rr3x",
-  "modified": "2022-08-17T00:00:33Z",
+  "modified": "2026-03-06T21:30:30Z",
   "published": "2022-08-11T00:00:16Z",
   "aliases": [
     "CVE-2022-1962"

advisories/unreviewed/2022/08/GHSA-6p55-r473-gcgm/GHSA-6p55-r473-gcgm.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6p55-r473-gcgm",
-  "modified": "2022-08-16T00:00:25Z",
+  "modified": "2026-03-06T21:30:30Z",
   "published": "2022-08-11T00:00:19Z",
   "aliases": [
     "CVE-2022-37007"

advisories/unreviewed/2022/08/GHSA-j55j-52j7-vq87/GHSA-j55j-52j7-vq87.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j55j-52j7-vq87",
-  "modified": "2022-08-17T00:00:32Z",
+  "modified": "2026-03-06T21:30:30Z",
   "published": "2022-08-11T00:00:17Z",
   "aliases": [
     "CVE-2022-30629"

advisories/unreviewed/2024/11/GHSA-26c6-c3h3-4qf7/GHSA-26c6-c3h3-4qf7.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-26c6-c3h3-4qf7",
-  "modified": "2024-11-27T06:30:39Z",
+  "modified": "2026-03-06T21:30:30Z",
   "published": "2024-11-27T06:30:39Z",
   "aliases": [
     "CVE-2024-52959"
   ],
   "details": "A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2024/11/GHSA-jfcq-6qwc-xqvx/GHSA-jfcq-6qwc-xqvx.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jfcq-6qwc-xqvx",
-  "modified": "2024-11-27T06:30:39Z",
+  "modified": "2026-03-06T21:30:30Z",
   "published": "2024-11-27T06:30:39Z",
   "aliases": [
     "CVE-2024-52958"
   ],
   "details": "A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/01/GHSA-4qf5-7jr3-q9pq/GHSA-4qf5-7jr3-q9pq.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4qf5-7jr3-q9pq",
-  "modified": "2026-01-21T18:30:31Z",
+  "modified": "2026-03-06T21:30:30Z",
   "published": "2026-01-21T18:30:31Z",
   "aliases": [
     "CVE-2021-47830"
   ],
   "details": "GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not directly enable remote code execution.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/01/GHSA-6hw4-fq3j-72w9/GHSA-6hw4-fq3j-72w9.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6hw4-fq3j-72w9",
-  "modified": "2026-01-21T18:30:30Z",
+  "modified": "2026-03-06T21:30:30Z",
   "published": "2026-01-21T18:30:30Z",
   "aliases": [
     "CVE-2021-47778"
   ],
   "details": "GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/01/GHSA-xcf5-jfw6-6364/GHSA-xcf5-jfw6-6364.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xcf5-jfw6-6364",
-  "modified": "2026-01-21T18:30:31Z",
+  "modified": "2026-03-06T21:30:30Z",
   "published": "2026-01-21T18:30:31Z",
   "aliases": [
     "CVE-2021-47870"
   ],
   "details": "GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting (XSS) vulnerability. The plugin attempts to sanitize user input using htmlspecialchars(), but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary client-side code that executes in the administrator's browser when visiting a malicious page.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"