Auto Generated CVE annotations [Fri Sep 23 18:06:19 UTC 2022] 🤖

cves/2018/CVE-2018-19458.yaml

@@ -10,6 +10,7 @@ info:
     - https://www.exploit-db.com/exploits/45780
     - https://pentest.com.tr/exploits/PHP-Proxy-3-0-3-Local-File-Inclusion.html
     - https://nvd.nist.gov/vuln/detail/CVE-2018-19458
+    - https://www.exploit-db.com/exploits/45780/
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5

cves/2022/CVE-2022-31299.yaml

@@ -3,7 +3,7 @@ id: CVE-2022-31299
 info:
   name: Haraj 3.7 - Cross-Site Scripting
   author: edoardottt
-  severity: high
+  severity: medium
   description: |
     Haraj 3.7 contains a cross-site scripting vulnerability in the User Upgrade Form. An attacker can inject malicious script and thus steal authentication credentials and launch other attacks.
   reference:

vulnerabilities/other/mida-eframework-xss.yaml

@@ -11,7 +11,7 @@ info:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     cvss-score: 7.2
     cwe-id: CWE-79
-  tags: mida,xss
+  tags: mida,xss,edb
 
 requests:
   - raw:

vulnerabilities/other/ms-exchange-server-reflected-xss.yaml

@@ -9,11 +9,12 @@ info:
     - https://blog.orange.tw/2021/08/proxyoracle-a-new-attack-surface-on-ms-exchange-part-2.html
     - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31195
     - https://nvd.nist.gov/vuln/detail/CVE-2021-31195
+    - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31195
   classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
-    cwe-id: CWE-79
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
+    cvss-score: 8.8
     cve-id: CVE-2021-31195
+    cwe-id: CWE-79
   metadata:
     shodan-query: http.title:"Outlook"
   tags: microsoft,exchange,owa,xss

vulnerabilities/other/solarview-compact-xss.yaml

@@ -15,7 +15,7 @@ info:
   metadata:
     verified: true
     shodan-query: http.html:"SolarView Compact"
-  tags: xss,solarview
+  tags: xss,solarview,edb
 
 requests:
   - method: GET

vulnerabilities/other/tikiwiki-reflected-xss.yaml

@@ -12,7 +12,7 @@ info:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     cvss-score: 7.2
     cwe-id: CWE-79
-  tags: xss,tikiwiki
+  tags: packetstorm,edb,xss,tikiwiki
 
 requests:
   - method: GET

vulnerabilities/royalevent/royalevent-management-xss.yaml

@@ -15,7 +15,7 @@ info:
     cwe-id: CWE-79
   metadata:
     verified: true
-  tags: xss,authenticated,cms,royalevent
+  tags: cms,royalevent,packetstorm,xss,authenticated
 
 requests:
   - raw:

vulnerabilities/wordpress/wp-nextgen-xss.yaml

@@ -12,7 +12,7 @@ info:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     cvss-score: 7.2
     cwe-id: CWE-79
-  tags: wordpress,xss,wp-plugin
+  tags: wp-plugin,edb,wordpress,xss
 
 requests:
   - method: GET

vulnerabilities/wordpress/wp-phpfreechat-xss.yaml

@@ -12,7 +12,7 @@ info:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     cvss-score: 7.2
     cwe-id: CWE-79
-  tags: wordpress,xss,wp-plugin
+  tags: xss,wp-plugin,edb,wordpress
 
 requests:
   - method: GET

vulnerabilities/wordpress/wp-securimage-xss.yaml

@@ -12,7 +12,7 @@ info:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
     cvss-score: 7.2
     cwe-id: CWE-79
-  tags: wordpress,xss,wp-plugin
+  tags: edb,wordpress,xss,wp-plugin
 
 requests:
   - method: GET