Auto-Update: 2025-01-11T00:55:32.905413+00:00

fkie-cad · Jan 11, 2025 · e4411ac · e4411ac
1 parent 13710f0
commit e4411ac
Show file tree

Hide file tree

Showing 3 changed files with 116 additions and 125 deletions.
diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23113.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23113.json
@@ -2,7 +2,7 @@
   "id": "CVE-2025-23113",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2025-01-10T22:15:28.023",
-  "lastModified": "2025-01-10T22:15:28.023",
+  "lastModified": "2025-01-10T23:15:08.810",
   "vulnStatus": "Received",
   "cveTags": [],
   "descriptions": [
@@ -11,7 +11,42 @@
       "value": "An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the alert-title while performing an upload of a CSV file containing a list of alert configuration. An attacker can send the victim a CSV file containing an HTML injection payload in the alert-title. Once the victim uploads the file, he automatically lands on a page to view the uploaded data. If the victim click on the alert-title value, it can trigger a logout request and terminates their session, or redirect to a phishing website. This vulnerability stems from the absence of CSRF protections on the logout functionality."
     }
   ],
-  "metrics": {},
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N",
+          "baseScore": 3.4,
+          "baseSeverity": "LOW",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 1.6,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@mitre.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "url": "https://github.com/ping-oui-no/Vulnerability-Research-CVESS/blob/main/RedCap/CVE_XXX/README.md",

diff --git a/README.md b/README.md
@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2025-01-10T23:00:21.119750+00:00
+2025-01-11T00:55:32.905413+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2025-01-10T22:15:28.023000+00:00
+2025-01-10T23:15:08.810000+00:00
 ```
 
 ### Last Data Feed Release
@@ -38,59 +38,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `20`
-
-- [CVE-2024-47517](CVE-2024/CVE-2024-475xx/CVE-2024-47517.json) (`2025-01-10T22:15:25.923`)
-- [CVE-2024-47518](CVE-2024/CVE-2024-475xx/CVE-2024-47518.json) (`2025-01-10T22:15:26.053`)
-- [CVE-2024-47519](CVE-2024/CVE-2024-475xx/CVE-2024-47519.json) (`2025-01-10T22:15:26.177`)
-- [CVE-2024-47520](CVE-2024/CVE-2024-475xx/CVE-2024-47520.json) (`2025-01-10T22:15:26.290`)
-- [CVE-2024-54994](CVE-2024/CVE-2024-549xx/CVE-2024-54994.json) (`2025-01-10T21:15:12.833`)
-- [CVE-2024-54996](CVE-2024/CVE-2024-549xx/CVE-2024-54996.json) (`2025-01-10T21:15:12.963`)
-- [CVE-2024-54997](CVE-2024/CVE-2024-549xx/CVE-2024-54997.json) (`2025-01-10T21:15:13.083`)
-- [CVE-2024-54998](CVE-2024/CVE-2024-549xx/CVE-2024-54998.json) (`2025-01-10T21:15:13.203`)
-- [CVE-2024-5872](CVE-2024/CVE-2024-58xx/CVE-2024-5872.json) (`2025-01-10T21:15:13.367`)
-- [CVE-2024-7095](CVE-2024/CVE-2024-70xx/CVE-2024-7095.json) (`2025-01-10T21:15:13.570`)
-- [CVE-2024-7142](CVE-2024/CVE-2024-71xx/CVE-2024-7142.json) (`2025-01-10T22:15:26.403`)
-- [CVE-2024-9131](CVE-2024/CVE-2024-91xx/CVE-2024-9131.json) (`2025-01-10T22:15:26.667`)
-- [CVE-2024-9132](CVE-2024/CVE-2024-91xx/CVE-2024-9132.json) (`2025-01-10T22:15:26.783`)
-- [CVE-2024-9133](CVE-2024/CVE-2024-91xx/CVE-2024-9133.json) (`2025-01-10T22:15:26.907`)
-- [CVE-2024-9134](CVE-2024/CVE-2024-91xx/CVE-2024-9134.json) (`2025-01-10T22:15:27.033`)
-- [CVE-2024-9188](CVE-2024/CVE-2024-91xx/CVE-2024-9188.json) (`2025-01-10T22:15:27.150`)
-- [CVE-2025-23110](CVE-2025/CVE-2025-231xx/CVE-2025-23110.json) (`2025-01-10T22:15:27.550`)
-- [CVE-2025-23111](CVE-2025/CVE-2025-231xx/CVE-2025-23111.json) (`2025-01-10T22:15:27.723`)
-- [CVE-2025-23112](CVE-2025/CVE-2025-231xx/CVE-2025-23112.json) (`2025-01-10T22:15:27.863`)
-- [CVE-2025-23113](CVE-2025/CVE-2025-231xx/CVE-2025-23113.json) (`2025-01-10T22:15:28.023`)
+Recently added CVEs: `0`
+
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `52`
-
-- [CVE-2024-12846](CVE-2024/CVE-2024-128xx/CVE-2024-12846.json) (`2025-01-10T21:34:58.917`)
-- [CVE-2024-12883](CVE-2024/CVE-2024-128xx/CVE-2024-12883.json) (`2025-01-10T21:24:53.957`)
-- [CVE-2024-12884](CVE-2024/CVE-2024-128xx/CVE-2024-12884.json) (`2025-01-10T21:22:48.413`)
-- [CVE-2024-12894](CVE-2024/CVE-2024-128xx/CVE-2024-12894.json) (`2025-01-10T21:12:49.420`)
-- [CVE-2024-12895](CVE-2024/CVE-2024-128xx/CVE-2024-12895.json) (`2025-01-10T21:14:24.240`)
-- [CVE-2024-13136](CVE-2024/CVE-2024-131xx/CVE-2024-13136.json) (`2025-01-10T21:01:43.337`)
-- [CVE-2024-13137](CVE-2024/CVE-2024-131xx/CVE-2024-13137.json) (`2025-01-10T21:01:53.403`)
-- [CVE-2024-13138](CVE-2024/CVE-2024-131xx/CVE-2024-13138.json) (`2025-01-10T21:01:57.583`)
-- [CVE-2024-13139](CVE-2024/CVE-2024-131xx/CVE-2024-13139.json) (`2025-01-10T21:02:02.510`)
-- [CVE-2024-13140](CVE-2024/CVE-2024-131xx/CVE-2024-13140.json) (`2025-01-10T21:34:19.453`)
-- [CVE-2024-13141](CVE-2024/CVE-2024-131xx/CVE-2024-13141.json) (`2025-01-10T21:39:47.827`)
-- [CVE-2024-13248](CVE-2024/CVE-2024-132xx/CVE-2024-13248.json) (`2025-01-10T22:15:25.360`)
-- [CVE-2024-13249](CVE-2024/CVE-2024-132xx/CVE-2024-13249.json) (`2025-01-10T22:15:25.497`)
-- [CVE-2024-13261](CVE-2024/CVE-2024-132xx/CVE-2024-13261.json) (`2025-01-10T22:15:25.630`)
-- [CVE-2024-13263](CVE-2024/CVE-2024-132xx/CVE-2024-13263.json) (`2025-01-10T22:15:25.777`)
-- [CVE-2024-2798](CVE-2024/CVE-2024-27xx/CVE-2024-2798.json) (`2025-01-10T21:34:59.457`)
-- [CVE-2024-2799](CVE-2024/CVE-2024-27xx/CVE-2024-2799.json) (`2025-01-10T21:35:28.493`)
-- [CVE-2024-3645](CVE-2024/CVE-2024-36xx/CVE-2024-3645.json) (`2025-01-10T21:33:19.707`)
-- [CVE-2024-3733](CVE-2024/CVE-2024-37xx/CVE-2024-3733.json) (`2025-01-10T21:36:36.520`)
-- [CVE-2024-3889](CVE-2024/CVE-2024-38xx/CVE-2024-3889.json) (`2025-01-10T21:35:50.913`)
-- [CVE-2024-8775](CVE-2024/CVE-2024-87xx/CVE-2024-8775.json) (`2025-01-10T22:15:26.527`)
-- [CVE-2025-0207](CVE-2025/CVE-2025-02xx/CVE-2025-0207.json) (`2025-01-10T21:27:26.337`)
-- [CVE-2025-0208](CVE-2025/CVE-2025-02xx/CVE-2025-0208.json) (`2025-01-10T21:28:35.270`)
-- [CVE-2025-0210](CVE-2025/CVE-2025-02xx/CVE-2025-0210.json) (`2025-01-10T21:20:42.080`)
-- [CVE-2025-22376](CVE-2025/CVE-2025-223xx/CVE-2025-22376.json) (`2025-01-10T22:15:27.383`)
+Recently modified CVEs: `1`
+
+- [CVE-2025-23113](CVE-2025/CVE-2025-231xx/CVE-2025-23113.json) (`2025-01-10T23:15:08.810`)
 
 
 ## Download and Usage