diff --git a/mapping.csv b/mapping.csv index f005ce0af5..da87bd4193 100644 --- a/mapping.csv +++ b/mapping.csv @@ -263247,3 +263247,4 @@ vulnerability,CVE-2024-56841,vulnerability--3e2cf671-8ab9-413f-ae31-2bbcd23026c9 vulnerability,CVE-2024-53649,vulnerability--38767296-c5c3-4dcf-b867-ec29b5f8f892 vulnerability,CVE-2024-47100,vulnerability--129a1005-103e-4b06-b4f7-dafcd23d94f8 vulnerability,CVE-2024-45385,vulnerability--95caa5e7-b0df-47ff-8288-4e815412dd61 +vulnerability,CVE-2024-12240,vulnerability--ff38791c-8dd8-44f0-9eb6-9ccd4e6faeb3 diff --git a/objects/vulnerability/vulnerability--ff38791c-8dd8-44f0-9eb6-9ccd4e6faeb3.json b/objects/vulnerability/vulnerability--ff38791c-8dd8-44f0-9eb6-9ccd4e6faeb3.json new file mode 100644 index 0000000000..060b8bc6b9 --- /dev/null +++ b/objects/vulnerability/vulnerability--ff38791c-8dd8-44f0-9eb6-9ccd4e6faeb3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--638ff526-89b4-4ed7-bd05-fc8f7e903842", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ff38791c-8dd8-44f0-9eb6-9ccd4e6faeb3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-14T12:36:54.035447Z", + "modified": "2025-01-14T12:36:54.035447Z", + "name": "CVE-2024-12240", + "description": "The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the row label parameter in all versions up to, and including, 2.31.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12240" + } + ] + } + ] +} \ No newline at end of file