Match severity with CVSS

patch-1
sullo 2023-03-03 10:27:54 -05:00
parent f89feb6457
commit 2a7b69bab3
62 changed files with 222 additions and 249 deletions

View File

@ -4,12 +4,12 @@ info:
name: EEA - Information Disclosure
author: pikpikcu
severity: high
description: EEA is susceptible to information disclosure.
description: EEA is susceptible to information disclosure including the username and password.
reference:
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-10543
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-200
tags: config,exposure,cnvd,cnvd2021

View File

@ -1,17 +1,17 @@
id: lutron-default-login
info:
name: Lutron - Default Login
name: Lutron - Default Account
author: geeknik
severity: high
severity: critical
description: Multiple Lutron devices contain a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://www.lutron.com
- https://vulners.com/openvas/OPENVAS:1361412562310113206
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
cvss-score: 5.8
cwe-id: CWE-522
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cwe-id: CWE-1391
tags: default-login,lutron,iot
requests:

View File

@ -8,9 +8,9 @@ info:
reference:
- https://docs.commscope.com/bundle/fastiron-08092-securityguide/page/GUID-32D3BB01-E600-4FBE-B555-7570B5024D34.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cwe-id: CWE-1391
metadata:
verified: true
shodan-query: title:"ruckus"

View File

@ -3,11 +3,11 @@ id: mybb-forum-install
info:
name: MyBB Installation Panel - Detect
author: ritikchaddha
severity: high
severity: info
description: MyBB installation panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true

View File

@ -3,12 +3,12 @@ id: osticket-install
info:
name: osTicket Installer Panel - Detect
author: ritikchaddha
severity: high
severity: critical
description: osTicket installer panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
cvss-score: 9.4
cwe-id: CWE-284
metadata:
verified: true
shodan-query: http.title:"osTicket Installer"

View File

@ -1,34 +1,34 @@
id: saltstack-config-panel
info:
name: SaltStack Config Panel - Detect
author: pussycat0x
severity: info
description: |
SaltStack config panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"SaltStack Config"
tags: panel,vmware,login,saltstack
requests:
- method: GET
path:
- "{{BaseURL}}/login"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "SaltStack Config"
- type: status
status:
- 200
# Enhanced by cs 01/26/2023
id: saltstack-config-panel
info:
name: SaltStack Config Panel - Detect
author: pussycat0x
severity: info
description: |
SaltStack config panel was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"SaltStack Config"
tags: panel,vmware,login,saltstack
requests:
- method: GET
path:
- "{{BaseURL}}/login"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "SaltStack Config"
- type: status
status:
- 200
# Enhanced by cs 01/26/2023

View File

@ -6,8 +6,8 @@ info:
severity: info
description: Apache Solr admin panel was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
cvss-score: 8.6
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true

View File

@ -1,35 +1,35 @@
id: wagtail-login
info:
name: Wagtail Login - Detect
author: kishore-hariram
severity: info
description: The Wagtail panel has been detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"Wagtail - Sign in"
tags: panel,wagtail
requests:
- method: GET
path:
- '{{BaseURL}}/login/?next=/'
- '{{BaseURL}}/admin/login/?next=/admin/'
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'Wagtail - Sign in'
- type: status
status:
- 200
# Enhanced by cs 01/23/2023
id: wagtail-login
info:
name: Wagtail Login - Detect
author: kishore-hariram
severity: info
description: The Wagtail panel has been detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"Wagtail - Sign in"
tags: panel,wagtail
requests:
- method: GET
path:
- '{{BaseURL}}/login/?next=/'
- '{{BaseURL}}/admin/login/?next=/admin/'
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'Wagtail - Sign in'
- type: status
status:
- 200
# Enhanced by cs 01/23/2023

View File

@ -3,7 +3,7 @@ id: couchbase-buckets-api
info:
name: Couchbase Buckets Unauthenticated REST API - Detect
author: geeknik
severity: info
severity: medium
description: Couchbase Buckets REST API without authentication was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

View File

@ -10,9 +10,9 @@ info:
- https://docs.djangoproject.com/en/1.11/topics/logging/#django-security
- https://github.com/projectdiscovery/nuclei-templates/blob/master/file/logs/django-framework-
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200exceptions.yaml
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
tags: exposure,config,django

View File

@ -8,8 +8,8 @@ info:
reference:
- https://gruntjs.com/sample-gruntfile
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: config,exposure

View File

@ -3,12 +3,12 @@ id: htpasswd-detection
info:
name: Apache htpasswd Config - Detect
author: geeknik
severity: info
severity: high
description: Apache htpasswd configuration was detected.
reference: https://httpd.apache.org/docs/current/programs/htpasswd.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-200
tags: config,exposure

View File

@ -7,8 +7,8 @@ info:
description: Apache httpd configuration information was detected.
reference: https://httpd.apache.org/docs/current/configuring.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: config,exposure,httpd

View File

@ -7,8 +7,8 @@ info:
description: Jetbrains IDE DataSources configuration information was detected.
reference: https://www.jetbrains.com
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: config,exposure,jetbrains

View File

@ -8,8 +8,8 @@ info:
reference:
- https://issues.jboss.org/browse/KEYCLOAK-571
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: keycloak,config

View File

@ -8,8 +8,8 @@ info:
reference:
- https://netbeans.apache.org/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: netbeans,config,exposure

View File

@ -8,8 +8,8 @@ info:
reference:
- https://owncloud.com/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: config,exposure

View File

@ -7,8 +7,8 @@ info:
description: npm configuration information was detected. All npm packages contain a file, usually in the project root, called package.json - this file holds various metadata relevant to the project.
reference: https://www.npmjs.com
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: config,exposure

View File

@ -7,8 +7,8 @@ info:
description: phpspec configuration information was detected.
reference: https://phpspec.net/en/stable/cookbook/configuration.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true

View File

@ -7,8 +7,8 @@ info:
description: Pipfile configuration information was detected.
reference: https://pypi.org/project
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true

View File

@ -9,8 +9,8 @@ info:
- https://raw.githubusercontent.com/maurosoria/dirsearch/master/db/dicc.txt
- https://github.com/rubocop/rubocop
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true

View File

@ -3,7 +3,7 @@ id: lutron-iot-default-login
info:
name: Lutron IOT Device Default Login Panel - Detect
author: geeknik
severity: high
severity: info
description: Lutron IOT Device Default login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

View File

@ -1,27 +0,0 @@
id: addeventlistener-detect
info:
name: DOM EventListener - Cross-Site Scripting
author: yavolo,dwisiswant0
severity: info
description: EventListener contains a cross-site scripting vulnerability via the document object model (DOM). An attacker can execute arbitrary script which can then allow theft of cookie-based authentication credentials and launch of other attacks.
reference:
- https://portswigger.net/web-security/dom-based/controlling-the-web-message-source
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: xss,misc
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: regex
part: body
regex:
- (([\w\_]+)\.)?add[Ee]vent[Ll]istener\(["']?[\w\_]+["']? # Test cases: https://www.regextester.com/?fam=121118
# Enhanced by md on 2022/09/19

View File

@ -3,7 +3,7 @@ id: command-api-explorer
info:
name: Command API Explorer Panel - Detect
author: DhiyaneshDK
severity: low
severity: info
description: Command API Explorer panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

View File

@ -3,7 +3,7 @@ id: dgraph-dashboard-exposure
info:
name: Dgraph Ratel Dashboard Exposure Panel - Detect
author: dhiyaneshDk
severity: low
severity: info
description: Dgraph Ratel Dashboard Exposure panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

View File

@ -3,7 +3,7 @@ id: iot-vdme-simulator
info:
name: IoT vDME Simulator Panel - Detect
author: tess
severity: low
severity: info
description: |
loT vDME Simulator panel was detected. Exposure IoT vDME Simulator panel allows anonymous access to create new Items.
classification:

View File

@ -3,9 +3,9 @@ id: office365-open-redirect
info:
name: Office365 Autodiscover - Open Redirect
author: dhiyaneshDk
severity: low
severity: medium
description: Office365 Autodiscover contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
remediation: See https://learn.microsoft.com/en-us/outlook/troubleshoot/connectivity/how-to-suppress-autodiscover-redirect-warning for a workaround.
remediation: See the workaround detailed in the Medium post in the references.
reference:
- https://medium.com/@heinjame/office365-open-redirect-from-autodiscover-64284d26c168
classification:

View File

@ -3,7 +3,7 @@ id: pghero-dashboard-exposure
info:
name: PgHero Dashboard Exposure Panel - Detect
author: DhiyaneshDk
severity: low
severity: info
description: PgHero Dashboard Exposure panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

View File

@ -6,8 +6,8 @@ info:
severity: medium
description: Fastvue Dashboard panel was detected without authentication.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
metadata:
verified: true

View File

@ -8,8 +8,8 @@ info:
reference:
- https://github.com/Tinram/MySQL-Brute
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: network,mysql,bruteforce,db

View File

@ -9,9 +9,9 @@ info:
- https://sir.kr/g5_pds/4788?page=5
- https://github.com/gnuboard/gnuboard5/commit/8182cac90d2ee2f9da06469ecba759170e782ee3
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
metadata:
verified: true
shodan-query: http.html:"Gnuboard"

View File

@ -10,9 +10,9 @@ info:
- https://huntr.dev/bounties/ed317cde-9bd1-429e-b6d3-547e72534dd5/
- https://vulners.com/huntr/25775287-88CD-4F00-B978-692D627DFF04
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
metadata:
verified: true
shodan-query: http.html:"gnuboard5"

View File

@ -9,9 +9,9 @@ info:
reference:
- https://huntr.dev/bounties/ad2a9b32-fe6c-43e9-9b05-2c77c58dde6a/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
metadata:
verified: true
shodan-query: http.html:"gnuboard5"

View File

@ -8,9 +8,9 @@ info:
reference:
- https://www.dionach.com/blog/moodle-jmol-plugin-multiple-vulnerabilities/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: moodle,xss
requests:

View File

@ -9,9 +9,9 @@ info:
- https://twitter.com/JacksonHHax/status/1391367064154042377
- https://nvd.nist.gov/vuln/detail/CVE-2021-32478
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: moodle,xss
requests:

View File

@ -10,9 +10,9 @@ info:
- https://www.exploit-db.com/exploits/49546
- https://www.sourcecodester.com/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
metadata:
verified: true
shodan-query: http.html:"Car Rental Management System"

View File

@ -3,7 +3,7 @@ id: kavita-lfi
info:
name: Kavita - Local File Inclusion
author: arafatansari
severity: medium
severity: high
description: |
Kavita - Path Traversal is vulnerable to local file inclusion via abusing the Path Traversal filename parameter of the /api/image/cover-upload.
reference:

View File

@ -3,14 +3,14 @@ id: keycloak-xss
info:
name: Keycloak <= 8.0 - Cross-Site Scripting
author: incogbyte
severity: info
severity: medium
description: Keycloak 8.0 and prior contains a cross-site scripting vulnerability. An attacker can execute arbitrary script and thus steal cookie-based authentication credentials and launch other attacks.
reference:
- https://cure53.de/pentest-report_keycloak.pdf
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: keycloak,xss
requests:

View File

@ -8,9 +8,9 @@ info:
reference:
- https://www.exploit-db.com/exploits/26305
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: edb,xss,squirrelmail,plugin
requests:

View File

@ -8,9 +8,9 @@ info:
reference:
- https://www.exploit-db.com/exploits/34814
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: xss,squirrelmail,plugin,edb
requests:

View File

@ -3,13 +3,13 @@ id: ecology-arbitrary-file-upload
info:
name: Ecology - Arbitrary File Upload
author: ritikchaddha
severity: medium
severity: critical
description: Ecology contains an arbitrary file upload vulnerability. An attacker can upload arbitrary files to the server, which in turn can be used to make the application execute file content as code, As a result, an attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://mp.weixin.qq.com/s/wH5luLISE_G381W2ssv93g
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cwe-id: CWE-434
metadata:
fofa-query: app="泛微-协同办公OA"

View File

@ -9,9 +9,9 @@ info:
- https://wpscan.com/vulnerability/4a310b4f-79fa-4b74-93f8-e4522921abe1
- https://wordpress.org/plugins/404-to-301
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: wpscan,wp-plugin,xss,wp,wordpress,authenticated
requests:

View File

@ -12,9 +12,9 @@ info:
verified: true
google-query: inurl:/wp-content/plugins/wp-analytify
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: wp,wordpress,analytify,wpscan,wp-plugin,xss
requests:

View File

@ -12,9 +12,9 @@ info:
metadata:
verified: true
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: xss,,wp,wpscan,wordpress,wp-plugin

View File

@ -13,9 +13,9 @@ info:
metadata:
verified: true
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: wordpress,wp-plugin,xss,wp,wpscan
requests:

View File

@ -11,9 +11,9 @@ info:
metadata:
verified: true
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: xss,wp,wordpress,authenticated,woocommerce,wpscan,wp-plugin
requests:

View File

@ -9,9 +9,9 @@ info:
- https://wpscan.com/vulnerability/a59e7102-13d6-4f1e-b7b1-75eae307e516
- https://wordpress.org/plugins/clearfy
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: xss,wp,wordpress,authenticated,clearfy-cache,wpscan,wp-plugin
requests:

View File

@ -11,9 +11,9 @@ info:
metadata:
verified: true
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: wp-plugin,xss,wp,wordpress,authenticated,curcy,wpscan
requests:

View File

@ -8,9 +8,9 @@ info:
reference:
- https://wpscan.com/vulnerability/8354b34e-40f4-4b70-bb09-38e2cf572ce9
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: xss,wordpress,wpscan
requests:

View File

@ -8,9 +8,9 @@ info:
reference:
- https://wpscan.com/vulnerability/d13f26f0-5d91-49d7-b514-1577d4247648
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: wp,wordpress,wp-plugin,xss,wpscan
requests:

View File

@ -11,9 +11,9 @@ info:
metadata:
verified: true
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: authenticated,wpscan,wp-plugin,xss,wp,wordpress
requests:

View File

@ -11,9 +11,9 @@ info:
metadata:
verified: true
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: wordpress,xss,authenticated,wp-plugin,wpscan,wp
requests:

View File

@ -9,9 +9,9 @@ info:
reference:
- https://wpscan.com/vulnerability/4631519b-2060-43a0-b69b-b3d7ed94c705
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: xss,wp,wpscan,wordpress,wp-plugin,sassy
requests:

View File

@ -10,9 +10,9 @@ info:
reference:
- https://wpscan.com/vulnerability/b694b9c0-a367-468c-99c2-6ba35bcf21ea
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: wordpress,xss,wp-plugin,authenticated,wpscan
requests:

View File

@ -11,9 +11,9 @@ info:
metadata:
verified: true
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: shortpixel,authenticated,wpscan,xss,wp-plugin,wp,wordpress
requests:

View File

@ -9,9 +9,9 @@ info:
- https://wpscan.com/vulnerability/bc05dde0-98a2-46e3-b2c8-7bdc8c32394b
- https://wordpress.org/plugins/woocommerce-pdf-invoices-packing-slips/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: xss,wp,wordpress,woocommerce,authenticated,wpscan,wp-plugin
requests:

View File

@ -8,9 +8,9 @@ info:
reference:
- https://twitter.com/naglinagli/status/1382082473744564226
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: wordpress,wordfence,xss,bypass
requests:

View File

@ -6,9 +6,9 @@ info:
severity: medium
description: WordPress Wordfence 7.4.6 is vulnerable to cross-site scripting.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: wordpress,wp-plugin,xss,wordfence
requests:

View File

@ -10,9 +10,9 @@ info:
- https://blog.wpscan.com/2021/02/15/zebra-form-xss-wordpress-vulnerability-affects-multiple-plugins.html
- https://wpscan.com/vulnerability/e4b796fa-3215-43ff-a6aa-71f6e1db25e5
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: wordpress,xss,wp,wpscan
requests:

View File

@ -10,9 +10,9 @@ info:
reference:
- https://wpscan.com/vulnerability/de330a59-d64d-40be-86df-98997949e5e4
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: wp-plugin,xss,wp,wordpress,authenticated,wpscan
requests:

View File

@ -10,9 +10,9 @@ info:
- https://www.exploit-db.com/expl oits/38568
- https://wpscan.com/vulnerability/c465e5c1-fe43-40e9-894a-97b8ac462381
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: wp-plugin,wp,edb,wpscan,wordpress,xss
requests:

View File

@ -8,9 +8,9 @@ info:
reference:
- https://www.securify.nl/en/advisory/cross-site-scripting-in-code-snippets-wordpress-plugin/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: wordpress,xss,wp-plugin,authenticated
requests: