Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 0b3ad856df0e · 2025-09-15T00:31:29.000Z
GHSA-7469-fh94-gpw7 GHSA-8rg5-53m4-4pgh GHSA-fxch-9pjc-28rh GHSA-hg98-h2rq-79xr GHSA-pfxr-38vx-h5vm GHSA-qhwp-454g-2gv4
diff --git a/advisories/unreviewed/2025/09/GHSA-7469-fh94-gpw7/GHSA-7469-fh94-gpw7.json b/advisories/unreviewed/2025/09/GHSA-7469-fh94-gpw7/GHSA-7469-fh94-gpw7.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7469-fh94-gpw7",
+  "modified": "2025-09-15T00:30:14Z",
+  "published": "2025-09-15T00:30:14Z",
+  "aliases": [
+    "CVE-2025-10413"
+  ],
+  "details": "A vulnerability has been found in Campcodes Grocery Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=delete_customer. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10413"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/zzb1388/cve/issues/82"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.323847"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.323847"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.646969"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.campcodes.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-14T22:15:32Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/09/GHSA-8rg5-53m4-4pgh/GHSA-8rg5-53m4-4pgh.json b/advisories/unreviewed/2025/09/GHSA-8rg5-53m4-4pgh/GHSA-8rg5-53m4-4pgh.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8rg5-53m4-4pgh",
+  "modified": "2025-09-15T00:30:15Z",
+  "published": "2025-09-15T00:30:15Z",
+  "aliases": [
+    "CVE-2025-10416"
+  ],
+  "details": "A vulnerability was identified in Campcodes Grocery Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=delete_supplier. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10416"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/zzb1388/cve/issues/79"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.323850"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.323850"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.646972"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.campcodes.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-15T00:15:31Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/09/GHSA-fxch-9pjc-28rh/GHSA-fxch-9pjc-28rh.json b/advisories/unreviewed/2025/09/GHSA-fxch-9pjc-28rh/GHSA-fxch-9pjc-28rh.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fxch-9pjc-28rh",
+  "modified": "2025-09-15T00:30:15Z",
+  "published": "2025-09-15T00:30:14Z",
+  "aliases": [
+    "CVE-2025-10414"
+  ],
+  "details": "A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0. The impacted element is an unknown function of the file /ajax.php?action=save_customer. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10414"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/zzb1388/cve/issues/81"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.323848"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.323848"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.646970"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.campcodes.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-14T23:15:36Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/09/GHSA-hg98-h2rq-79xr/GHSA-hg98-h2rq-79xr.json b/advisories/unreviewed/2025/09/GHSA-hg98-h2rq-79xr/GHSA-hg98-h2rq-79xr.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hg98-h2rq-79xr",
+  "modified": "2025-09-15T00:30:14Z",
+  "published": "2025-09-15T00:30:14Z",
+  "aliases": [
+    "CVE-2025-10411"
+  ],
+  "details": "A vulnerability was detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This issue affects some unknown processing of the file /stc-log-keeper/check_profile.php of the component POST Request Handler. The manipulation of the argument profile_id results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10411"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/yihaofuweng/cve/issues/21"
+    },
+    {
+      "type": "WEB",
+      "url": "https://itsourcecode.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.323845"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.323845"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.646922"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-14T22:15:31Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/09/GHSA-pfxr-38vx-h5vm/GHSA-pfxr-38vx-h5vm.json b/advisories/unreviewed/2025/09/GHSA-pfxr-38vx-h5vm/GHSA-pfxr-38vx-h5vm.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-pfxr-38vx-h5vm",
+  "modified": "2025-09-15T00:30:15Z",
+  "published": "2025-09-15T00:30:15Z",
+  "aliases": [
+    "CVE-2025-10415"
+  ],
+  "details": "A vulnerability was determined in Campcodes Grocery Sales and Inventory System 1.0. This affects an unknown function of the file /ajax.php?action=save_supplier. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10415"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/zzb1388/cve/issues/80"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.323849"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.323849"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.646971"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.campcodes.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-14T23:15:37Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/09/GHSA-qhwp-454g-2gv4/GHSA-qhwp-454g-2gv4.json b/advisories/unreviewed/2025/09/GHSA-qhwp-454g-2gv4/GHSA-qhwp-454g-2gv4.json
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-qhwp-454g-2gv4",
+  "modified": "2025-09-15T00:30:15Z",
+  "published": "2025-09-15T00:30:15Z",
+  "aliases": [
+    "CVE-2025-59364"
+  ],
+  "details": "The express-xss-sanitizer (aka Express XSS Sanitizer) package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59364"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gist.github.com/Spendroslav/177804eaef5acfb222a550de212a1b94"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/AhmedAdelFahim/express-xss-sanitizer"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.npmjs.com/package/express-xss-sanitizer"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-674"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-14T23:15:37Z"
+  }
+}
