Add GSD-2023-1001657 for #2447

2023/1001xxx/GSD-2023-1001657.json

@@ -0,0 +1,43 @@
+{
+  "GSD": {
+    "vendor_name": "ZeroSSL",
+    "product_name": "website",
+    "product_version": "all current versions",
+    "vulnerability_type": "XSS",
+    "affected_component": "https://app.zerossl.com",
+    "attack_vector": "phishing",
+    "impact": "Theft of private certificate keys, hashed password and/or session hijacking",
+    "credit": "mail@michalspacek.cz",
+    "references": [
+      "https://groups.google.com/a/ccadb.org/g/public/c/kqtoGeEv5Fc"
+    ],
+    "reporter": "kurtseifried",
+    "reporter_id": 582211,
+    "notes": "",
+    "description": "In the ZeroSSL website https://app.zerossl.com an XSS exists in it that can be attacked via phishing resulting in theft of private certificate keys, hashed password and/or session hijacking. It is not clear if the vendor has fixed this issue or not at this time."
+  },
+  "OSV": {
+    "id": "GSD-2023-1001657",
+    "modified": "2023-01-19T17:20:01.004554Z",
+    "published": "2023-01-19T17:20:01.004554Z",
+    "summary": "XSS in website version all current versions",
+    "details": "In the ZeroSSL website https://app.zerossl.com an XSS exists in it that can be attacked via phishing resulting in theft of private certificate keys, hashed password and/or session hijacking. It is not clear if the vendor has fixed this issue or not at this time.",
+    "affected": [
+      {
+        "package": {
+          "name": "website",
+          "ecosystem": "GSD"
+        },
+        "versions": [
+          "all current versions"
+        ]
+      }
+    ],
+    "references": [
+      {
+        "type": "WEB",
+        "url": "https://groups.google.com/a/ccadb.org/g/public/c/kqtoGeEv5Fc"
+      }
+    ]
+  }
+}