Merge pull request #84 from michael1026/CVE-accuracy-fixes

Accuracy Fixes
2020-05-08 23:57:10 +05:30 · 2020-05-08 23:57:10 +05:30 · 14fad57a86
parent c53c7ea8aa 5caa7cecb9
commit 14fad57a86
3 changed files with 4 additions and 4 deletions
--- a/cves/CVE-2019-14974.yaml
+++ b/cves/CVE-2019-14974.yaml
@ -3,7 +3,7 @@ id: CVE-2019-14974
 info:
  name: SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
  author: madrobot
-  severity: medium 
+  severity: low 

 requests:
  - method: GET
@ -15,5 +15,5 @@ requests:
            - 200
      - type: word
        words:
-            - "1337"
+            - "url = window.location.search.split(\"?desktop_url=\")[1]"
        part: body
--- a/cves/CVE-2019-19368.yaml
+++ b/cves/CVE-2019-19368.yaml
@ -15,5 +15,5 @@ requests:
            - 200
      - type: word
        words:
-            - "1337"
+            - "value=''><sVg/OnLoAD=alert`1337`//'>"
        part: body
--- a/vulnerabilities/moodle-filter-jmol-xss.yaml
+++ b/vulnerabilities/moodle-filter-jmol-xss.yaml
@ -15,5 +15,5 @@ requests:
            - 200
      - type: word
        words:
-            - "alert(1337)"
+            - "\"};alert(1337);//"
        part: body