Publish Advisories

GHSA-3h9q-4c3c-c78x
GHSA-4fg9-8pmm-q36g
GHSA-6pxp-6h5g-5389
GHSA-98r8-pp4j-5cqj
GHSA-gqxf-64xx-wpj9

Author: advisory-database[bot]

advisories/unreviewed/2025/01/GHSA-3h9q-4c3c-c78x/GHSA-3h9q-4c3c-c78x.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3h9q-4c3c-c78x",
+  "modified": "2025-01-18T15:31:29Z",
+  "published": "2025-01-18T15:31:29Z",
+  "aliases": [
+    "CVE-2025-0559"
+  ],
+  "details": "A vulnerability, which was classified as problematic, has been found in Campcodes School Management Software 1.0. This issue affects some unknown processing of the file /create-id-card of the component Create Id Card Page. The manipulation of the argument ID Card Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0559"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/KhukuriRimal/Vulnerabilities/blob/main/CampCodes%20-%20School%20Management%20Software%20-%20Cross%20Site%20Scripting.pdf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.292493"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.292493"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.480306"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.campcodes.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-18T14:15:25Z"
+  }
+}

advisories/unreviewed/2025/01/GHSA-4fg9-8pmm-q36g/GHSA-4fg9-8pmm-q36g.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4fg9-8pmm-q36g",
+  "modified": "2025-01-18T15:31:30Z",
+  "published": "2025-01-18T15:31:30Z",
+  "aliases": [
+    "CVE-2025-0560"
+  ],
+  "details": "A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /photo-gallery of the component Photo Gallery Page. The manipulation of the argument Description leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0560"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/KhukuriRimal/Vulnerabilities/blob/main/CampCodes%20-%20School%20Management%20Software%20-%20Stored%20Cross%20Site%20Scripting.pdf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.292494"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.292494"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.480688"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.campcodes.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-18T15:15:08Z"
+  }
+}

advisories/unreviewed/2025/01/GHSA-6pxp-6h5g-5389/GHSA-6pxp-6h5g-5389.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6pxp-6h5g-5389",
+  "modified": "2025-01-18T15:31:30Z",
+  "published": "2025-01-18T15:31:30Z",
+  "aliases": [
+    "CVE-2024-51448"
+  ],
+  "details": "IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service. A subsequent service or server restart will then run that binary with administrator privilege.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51448"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ibm.com/support/pages/node/7177586"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-277"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-18T15:15:08Z"
+  }
+}

advisories/unreviewed/2025/01/GHSA-98r8-pp4j-5cqj/GHSA-98r8-pp4j-5cqj.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-98r8-pp4j-5cqj",
+  "modified": "2025-01-18T15:31:29Z",
+  "published": "2025-01-18T15:31:29Z",
+  "aliases": [
+    "CVE-2025-0558"
+  ],
+  "details": "A vulnerability classified as critical was found in TDuckCloud tduck-platform up to 4.0. This vulnerability affects the function QueryProThemeRequest of the file src/main/java/com/tduck/cloud/form/request/QueryProThemeRequest.java. The manipulation of the argument color leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0558"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/ggg48966/123123/blob/main/TDuckCloud.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.292492"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.292492"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.474613"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-18T13:15:20Z"
+  }
+}

advisories/unreviewed/2025/01/GHSA-gqxf-64xx-wpj9/GHSA-gqxf-64xx-wpj9.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gqxf-64xx-wpj9",
+  "modified": "2025-01-18T15:31:29Z",
+  "published": "2025-01-18T15:31:29Z",
+  "aliases": [
+    "CVE-2024-49338"
+  ],
+  "details": "IBM App Connect Enterprise 12.0.1.0 through 12.0.7.0and 13.0.1.0 under certain configurations could allow a privileged user to obtain JMS credentials.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49338"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ibm.com/support/pages/node/7175396"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1323"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-01-18T15:15:07Z"
+  }
+}