Skip to content

Commit 9a567ff

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-r93j-3mmp-px57 GHSA-rx48-gqc2-4w47 GHSA-r93j-3mmp-px57
1 parent beb54a0 commit 9a567ff

File tree

3 files changed

+112
-34
lines changed

3 files changed

+112
-34
lines changed

advisories/github-reviewed/2022/05/GHSA-r93j-3mmp-px57/GHSA-r93j-3mmp-px57.json

Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,70 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-r93j-3mmp-px57",
4+
"modified": "2025-10-21T22:38:56Z",
5+
"published": "2022-05-24T17:21:01Z",
6+
"aliases": [
7+
"CVE-2016-11066"
8+
],
9+
"summary": "Mattermost Server: initial_load API exposes unnecessary information",
10+
"details": "An issue was discovered in Mattermost Server before 3.1.1. The initial_load API disclosed unnecessary personal information.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
15+
},
16+
{
17+
"type": "CVSS_V4",
18+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
19+
}
20+
],
21+
"affected": [
22+
{
23+
"package": {
24+
"ecosystem": "Go",
25+
"name": "github.com/mattermost/mattermost-server"
26+
},
27+
"ranges": [
28+
{
29+
"type": "ECOSYSTEM",
30+
"events": [
31+
{
32+
"introduced": "0"
33+
},
34+
{
35+
"fixed": "3.1.1"
36+
}
37+
]
38+
}
39+
]
40+
}
41+
],
42+
"references": [
43+
{
44+
"type": "ADVISORY",
45+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-11066"
46+
},
47+
{
48+
"type": "WEB",
49+
"url": "https://github.com/mattermost/mattermost/commit/f89e7c6d543a82d6078c2ca0f892914d7976a6f5"
50+
},
51+
{
52+
"type": "PACKAGE",
53+
"url": "https://github.com/mattermost/mattermost"
54+
},
55+
{
56+
"type": "WEB",
57+
"url": "https://mattermost.com/security-updates"
58+
}
59+
],
60+
"database_specific": {
61+
"cwe_ids": [
62+
"CWE-200",
63+
"CWE-359"
64+
],
65+
"severity": "HIGH",
66+
"github_reviewed": true,
67+
"github_reviewed_at": "2025-10-21T22:38:28Z",
68+
"nvd_published_at": "2020-06-19T20:15:00Z"
69+
}
70+
}

advisories/unreviewed/2025/10/GHSA-rx48-gqc2-4w47/GHSA-rx48-gqc2-4w47.json renamed to advisories/github-reviewed/2025/10/GHSA-rx48-gqc2-4w47/GHSA-rx48-gqc2-4w47.json

Lines changed: 42 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,24 +1,61 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-rx48-gqc2-4w47",
4-
"modified": "2025-10-21T21:33:41Z",
4+
"modified": "2025-10-21T22:37:39Z",
55
"published": "2025-10-21T21:33:41Z",
66
"aliases": [
77
"CVE-2025-62249"
88
],
9+
"summary": "Liferay Portal reflected cross-site scripting (XSS) vulnerability in the google_gaget",
910
"details": "A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q3.0 through 2025.Q3.2, 2025.Q2.0 through 2025.Q2.12, 2025.Q1.0 through 2025.Q1.17, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.20, and 2023.Q4.0 through 2023.Q4.10 allows an remote non-authenticated attacker to inject JavaScript into the google_gadget.",
1011
"severity": [
1112
{
1213
"type": "CVSS_V4",
13-
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Maven",
21+
"name": "com.liferay.portal:com.liferay.portal.impl"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"last_affected": "114.1.0"
32+
}
33+
]
34+
}
35+
]
1436
}
1537
],
16-
"affected": [],
1738
"references": [
1839
{
1940
"type": "ADVISORY",
2041
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62249"
2142
},
43+
{
44+
"type": "WEB",
45+
"url": "https://github.com/liferay/liferay-portal/commit/66c51e026f7c9eee8f82137a586ceea5bdc081a5"
46+
},
47+
{
48+
"type": "WEB",
49+
"url": "https://github.com/liferay/liferay-portal/commit/8309d01f151124e1af392b67baf9711e46488791"
50+
},
51+
{
52+
"type": "WEB",
53+
"url": "https://github.com/liferay/liferay-portal/commit/f041e7058929618bb101b8e4bae5a8a226e6f8b8"
54+
},
55+
{
56+
"type": "PACKAGE",
57+
"url": "https://github.com/liferay/liferay-portal"
58+
},
2259
{
2360
"type": "WEB",
2461
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62249"
@@ -29,8 +66,8 @@
2966
"CWE-79"
3067
],
3168
"severity": "MODERATE",
32-
"github_reviewed": false,
33-
"github_reviewed_at": null,
69+
"github_reviewed": true,
70+
"github_reviewed_at": "2025-10-21T22:37:39Z",
3471
"nvd_published_at": "2025-10-21T19:21:25Z"
3572
}
3673
}

advisories/unreviewed/2022/05/GHSA-r93j-3mmp-px57/GHSA-r93j-3mmp-px57.json

Lines changed: 0 additions & 29 deletions
This file was deleted.

0 commit comments

Comments
 (0)