daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6823 from sullo/severity-matching 

Match severity with CVSS
patch-1
Ritik Chaddha 2023-03-15 20:48:33 +05:30 committed by GitHub
parent e518430a82 91a3e38f7d
commit 2b5c3c48cc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
61 changed files with 221 additions and 287 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cnvd/2021/CNVD-2021-10543.yaml
View File

@ -4,12 +4,12 @@ info:
name: EEA - Information Disclosure
author: pikpikcu
severity: high
description: EEA is susceptible to information disclosure.
description: EEA is susceptible to information disclosure including the username and password.
reference:
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-10543
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-200
tags: config,exposure,cnvd,cnvd2021

10
default-logins/lutron/lutron-default-login.yaml
View File

@ -1,17 +1,17 @@
id: lutron-default-login
info:
name: Lutron - Default Login
name: Lutron - Default Account
author: geeknik
severity: high
severity: critical
description: Multiple Lutron devices contain a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://www.lutron.com
- https://vulners.com/openvas/OPENVAS:1361412562310113206
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
cvss-score: 5.8
cwe-id: CWE-522
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cwe-id: CWE-1391
tags: default-login,lutron,iot
requests:

6
default-logins/ruckus/ruckus-wireless-default-login.yaml
View File

@ -8,9 +8,9 @@ info:
reference:
- https://docs.commscope.com/bundle/fastiron-08092-securityguide/page/GUID-32D3BB01-E600-4FBE-B555-7570B5024D34.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cwe-id: CWE-1391
metadata:
verified: true
shodan-query: title:"ruckus"

4
exposed-panels/mybb/mybb-forum-install.yaml
View File

@ -6,8 +6,8 @@ info:
severity: high
description: MyBB installation panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
cvss-score: 8.6
cwe-id: CWE-200
metadata:
verified: true

8
exposed-panels/osticket/osticket-install.yaml
View File

@ -3,12 +3,12 @@ id: osticket-install
info:
name: osTicket Installer Panel - Detect
author: ritikchaddha
severity: high
severity: critical
description: osTicket installer panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
cvss-score: 9.4
cwe-id: CWE-284
metadata:
verified: true
shodan-query: http.title:"osTicket Installer"

68
exposed-panels/saltstack-config-panel.yaml
View File

@ -1,34 +1,34 @@
id: saltstack-config-panel
info:
name: SaltStack Config Panel - Detect
author: pussycat0x
severity: info
description: |
SaltStack config panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"SaltStack Config"
tags: panel,vmware,login,saltstack
requests:
- method: GET
path:
- "{{BaseURL}}/login"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "SaltStack Config"
- type: status
status:
- 200
# Enhanced by cs 01/26/2023
id: saltstack-config-panel
info:
name: SaltStack Config Panel - Detect
author: pussycat0x
severity: info
description: |
SaltStack config panel was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"SaltStack Config"
tags: panel,vmware,login,saltstack
requests:
- method: GET
path:
- "{{BaseURL}}/login"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "SaltStack Config"
- type: status
status:
- 200
# Enhanced by cs 01/26/2023

4
exposed-panels/solr-panel-exposure.yaml
View File

@ -6,8 +6,8 @@ info:
severity: info
description: Apache Solr admin panel was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
cvss-score: 8.6
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true

70
exposed-panels/wagtail-cms-detect.yaml
View File

@ -1,35 +1,35 @@
id: wagtail-login
info:
name: Wagtail Login - Detect
author: kishore-hariram
severity: info
description: The Wagtail panel has been detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"Wagtail - Sign in"
tags: panel,wagtail
requests:
- method: GET
path:
- '{{BaseURL}}/login/?next=/'
- '{{BaseURL}}/admin/login/?next=/admin/'
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'Wagtail - Sign in'
- type: status
status:
- 200
# Enhanced by cs 01/23/2023
id: wagtail-login
info:
name: Wagtail Login - Detect
author: kishore-hariram
severity: info
description: The Wagtail panel has been detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
shodan-query: title:"Wagtail - Sign in"
tags: panel,wagtail
requests:
- method: GET
path:
- '{{BaseURL}}/login/?next=/'
- '{{BaseURL}}/admin/login/?next=/admin/'
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'Wagtail - Sign in'
- type: status
status:
- 200
# Enhanced by cs 01/23/2023

2
exposures/apis/couchbase-buckets-api.yaml
View File

@ -3,7 +3,7 @@ id: couchbase-buckets-api
info:
name: Couchbase Buckets Unauthenticated REST API - Detect
author: geeknik
severity: info
severity: medium
description: Couchbase Buckets REST API without authentication was detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6
exposures/configs/django-variables-exposed.yaml
View File

@ -10,9 +10,9 @@ info:
- https://docs.djangoproject.com/en/1.11/topics/logging/#django-security
- https://github.com/projectdiscovery/nuclei-templates/blob/master/file/logs/django-framework-
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200exceptions.yaml
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
tags: exposure,config,django

4
exposures/configs/gruntfile-exposure.yaml
View File

@ -8,8 +8,8 @@ info:
reference:
- https://gruntjs.com/sample-gruntfile
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: config,exposure

6
exposures/configs/htpasswd-detection.yaml
View File

@ -3,12 +3,12 @@ id: htpasswd-detection
info:
name: Apache htpasswd Config - Detect
author: geeknik
severity: info
severity: high
description: Apache htpasswd configuration was detected.
reference: https://httpd.apache.org/docs/current/programs/htpasswd.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-200
tags: config,exposure

4
exposures/configs/httpd-config.yaml
View File

@ -7,8 +7,8 @@ info:
description: Apache httpd configuration information was detected.
reference: https://httpd.apache.org/docs/current/configuring.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: config,exposure,httpd

4
exposures/configs/jetbrains-datasources.yaml
View File

@ -7,8 +7,8 @@ info:
description: Jetbrains IDE DataSources configuration information was detected.
reference: https://www.jetbrains.com
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: config,exposure,jetbrains

4
exposures/configs/keycloak-openid-config.yaml
View File

@ -8,8 +8,8 @@ info:
reference:
- https://issues.jboss.org/browse/KEYCLOAK-571
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: keycloak,config

4
exposures/configs/netbeans-config.yaml
View File

@ -8,8 +8,8 @@ info:
reference:
- https://netbeans.apache.org/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: netbeans,config,exposure

4
exposures/configs/owncloud-config.yaml
View File

@ -8,8 +8,8 @@ info:
reference:
- https://owncloud.com/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: config,exposure

4
exposures/configs/package-json.yaml
View File

@ -7,8 +7,8 @@ info:
description: npm configuration information was detected. All npm packages contain a file, usually in the project root, called package.json - this file holds various metadata relevant to the project.
reference: https://www.npmjs.com
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: config,exposure

4
exposures/configs/phpsec-config.yaml
View File

@ -7,8 +7,8 @@ info:
description: phpspec configuration information was detected.
reference: https://phpspec.net/en/stable/cookbook/configuration.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true

4
exposures/configs/pipfile-config.yaml
View File

@ -7,8 +7,8 @@ info:
description: Pipfile configuration information was detected.
reference: https://pypi.org/project
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true

4
exposures/configs/rubocop-config.yaml
View File

@ -9,8 +9,8 @@ info:
- https://raw.githubusercontent.com/maurosoria/dirsearch/master/db/dicc.txt
- https://github.com/rubocop/rubocop
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true

39
iot/lutron-iot-default-login.yaml
View File

@ -1,39 +0,0 @@
id: lutron-iot-default-login
info:
name: Lutron IOT Device Default Login Panel - Detect
author: geeknik
severity: high
description: Lutron IOT Device Default login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
reference:
- https://www.lutron.com
tags: iot,default-login,lutron,panel
requests:
- method: GET
path:
- "{{BaseURL}}/login?login=lutron&password=lutron"
matchers-condition: and
matchers:
- type: word
words:
- "<TITLE>LUTRON</TITLE>"
- ">DeviceIP</A>"
- ">Get Database Info as XML</A>"
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
# Enhanced by mp on 2023/01/29

27
miscellaneous/addeventlistener-detect.yaml
View File

@ -1,27 +0,0 @@
id: addeventlistener-detect
info:
name: DOM EventListener - Cross-Site Scripting
author: yavolo,dwisiswant0
severity: info
description: EventListener contains a cross-site scripting vulnerability via the document object model (DOM). An attacker can execute arbitrary script which can then allow theft of cookie-based authentication credentials and launch of other attacks.
reference:
- https://portswigger.net/web-security/dom-based/controlling-the-web-message-source
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: xss,misc
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: regex
part: body
regex:
- (([\w\_]+)\.)?add[Ee]vent[Ll]istener\(["']?[\w\_]+["']? # Test cases: https://www.regextester.com/?fam=121118
# Enhanced by md on 2022/09/19

2
misconfiguration/command-api-explorer.yaml
View File

@ -3,7 +3,7 @@ id: command-api-explorer
info:
name: Command API Explorer Panel - Detect
author: DhiyaneshDK
severity: low
severity: info
description: Command API Explorer panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

2
misconfiguration/dgraph-dashboard-exposure.yaml
View File

@ -3,7 +3,7 @@ id: dgraph-dashboard-exposure
info:
name: Dgraph Ratel Dashboard Exposure Panel - Detect
author: dhiyaneshDk
severity: low
severity: info
description: Dgraph Ratel Dashboard Exposure panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

4
misconfiguration/office365-open-redirect.yaml
View File

@ -3,9 +3,9 @@ id: office365-open-redirect
info:
name: Office365 Autodiscover - Open Redirect
author: dhiyaneshDk
severity: low
severity: medium
description: Office365 Autodiscover contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
remediation: See https://learn.microsoft.com/en-us/outlook/troubleshoot/connectivity/how-to-suppress-autodiscover-redirect-warning for a workaround.
remediation: See the workaround detailed in the Medium post in the references.
reference:
- https://medium.com/@heinjame/office365-open-redirect-from-autodiscover-64284d26c168
classification:

6
misconfiguration/pghero-dashboard-exposure.yaml
View File

@ -3,11 +3,11 @@ id: pghero-dashboard-exposure
info:
name: PgHero Dashboard Exposure Panel - Detect
author: DhiyaneshDk
severity: low
severity: medium
description: PgHero Dashboard Exposure panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
reference:
- https://github.com/ankane/pghero

4
misconfiguration/unauth-fastvue-dashboard.yaml
View File

@ -6,8 +6,8 @@ info:
severity: medium
description: Fastvue Dashboard panel was detected without authentication.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
metadata:
verified: true

4
network/mysql-native-password.yaml
View File

@ -8,8 +8,8 @@ info:
reference:
- https://github.com/Tinram/MySQL-Brute
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: network,mysql,bruteforce,db

6
vulnerabilities/gnuboard/gnuboard-sms-xss.yaml
View File

@ -9,9 +9,9 @@ info:
- https://sir.kr/g5_pds/4788?page=5
- https://github.com/gnuboard/gnuboard5/commit/8182cac90d2ee2f9da06469ecba759170e782ee3
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
metadata:
verified: true
shodan-query: http.html:"Gnuboard"

6
vulnerabilities/gnuboard/gnuboard5-rxss.yaml
View File

@ -10,9 +10,9 @@ info:
- https://huntr.dev/bounties/ed317cde-9bd1-429e-b6d3-547e72534dd5/
- https://vulners.com/huntr/25775287-88CD-4F00-B978-692D627DFF04
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
metadata:
verified: true
shodan-query: http.html:"gnuboard5"

6
vulnerabilities/gnuboard/gnuboard5-xss.yaml
View File

@ -9,9 +9,9 @@ info:
reference:
- https://huntr.dev/bounties/ad2a9b32-fe6c-43e9-9b05-2c77c58dde6a/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
metadata:
verified: true
shodan-query: http.html:"gnuboard5"

6
vulnerabilities/moodle/moodle-filter-jmol-xss.yaml
View File

@ -8,9 +8,9 @@ info:
reference:
- https://www.dionach.com/blog/moodle-jmol-plugin-multiple-vulnerabilities/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: moodle,xss
requests:

6
vulnerabilities/moodle/moodle-xss.yaml
View File

@ -9,9 +9,9 @@ info:
- https://twitter.com/JacksonHHax/status/1391367064154042377
- https://nvd.nist.gov/vuln/detail/CVE-2021-32478
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: moodle,xss
requests:

6
vulnerabilities/other/carrental-xss.yaml
View File

@ -10,9 +10,9 @@ info:
- https://www.exploit-db.com/exploits/49546
- https://www.sourcecodester.com/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
metadata:
verified: true
shodan-query: http.html:"Car Rental Management System"

2
vulnerabilities/other/kavita-lfi.yaml
View File

@ -3,7 +3,7 @@ id: kavita-lfi
info:
name: Kavita - Local File Inclusion
author: arafatansari
severity: medium
severity: high
description: |
Kavita - Path Traversal is vulnerable to local file inclusion via abusing the Path Traversal filename parameter of the /api/image/cover-upload.
reference:

8
vulnerabilities/other/keycloak-xss.yaml
View File

@ -3,14 +3,14 @@ id: keycloak-xss
info:
name: Keycloak <= 8.0 - Cross-Site Scripting
author: incogbyte
severity: info
severity: medium
description: Keycloak 8.0 and prior contains a cross-site scripting vulnerability. An attacker can execute arbitrary script and thus steal cookie-based authentication credentials and launch other attacks.
reference:
- https://cure53.de/pentest-report_keycloak.pdf
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: keycloak,xss
requests:

6
vulnerabilities/squirrelmail/squirrelmail-add-xss.yaml
View File

@ -8,9 +8,9 @@ info:
reference:
- https://www.exploit-db.com/exploits/26305
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: edb,xss,squirrelmail,plugin
requests:

6
vulnerabilities/squirrelmail/squirrelmail-vkeyboard-xss.yaml
View File

@ -8,9 +8,9 @@ info:
reference:
- https://www.exploit-db.com/exploits/34814
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: xss,squirrelmail,plugin,edb
requests:

6
vulnerabilities/weaver/ecology/ecology-arbitrary-file-upload.yaml
View File

@ -3,13 +3,13 @@ id: ecology-arbitrary-file-upload
info:
name: Ecology - Arbitrary File Upload
author: ritikchaddha
severity: medium
severity: critical
description: Ecology contains an arbitrary file upload vulnerability. An attacker can upload arbitrary files to the server, which in turn can be used to make the application execute file content as code, As a result, an attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://mp.weixin.qq.com/s/wH5luLISE_G381W2ssv93g
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cwe-id: CWE-434
metadata:
fofa-query: app="泛微-协同办公OA"

6
vulnerabilities/wordpress/404-to-301-xss.yaml
View File

@ -9,9 +9,9 @@ info:
- https://wpscan.com/vulnerability/4a310b4f-79fa-4b74-93f8-e4522921abe1
- https://wordpress.org/plugins/404-to-301
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: wpscan,wp-plugin,xss,wp,wordpress,authenticated
requests:

6
vulnerabilities/wordpress/analytify-plugin-xss.yaml
View File

@ -12,9 +12,9 @@ info:
verified: true
google-query: inurl:/wp-content/plugins/wp-analytify
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: wp,wordpress,analytify,wpscan,wp-plugin,xss
requests:

6
vulnerabilities/wordpress/avchat-video-chat-xss.yaml
View File

@ -12,9 +12,9 @@ info:
metadata:
verified: true
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: xss,,wp,wpscan,wordpress,wp-plugin

6
vulnerabilities/wordpress/calameo-publications-xss.yaml
View File

@ -13,9 +13,9 @@ info:
metadata:
verified: true
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: wordpress,wp-plugin,xss,wp,wpscan
requests:

6
vulnerabilities/wordpress/checkout-fields-manager-xss.yaml
View File

@ -11,9 +11,9 @@ info:
metadata:
verified: true
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: xss,wp,wordpress,authenticated,woocommerce,wpscan,wp-plugin
requests:

6
vulnerabilities/wordpress/clearfy-cache-xss.yaml
View File

@ -9,9 +9,9 @@ info:
- https://wpscan.com/vulnerability/a59e7102-13d6-4f1e-b7b1-75eae307e516
- https://wordpress.org/plugins/clearfy
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: xss,wp,wordpress,authenticated,clearfy-cache,wpscan,wp-plugin
requests:

6
vulnerabilities/wordpress/curcy-xss.yaml
View File

@ -11,9 +11,9 @@ info:
metadata:
verified: true
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: wp-plugin,xss,wp,wordpress,authenticated,curcy,wpscan
requests:

6
vulnerabilities/wordpress/flow-flow-social-stream-xss.yaml
View File

@ -8,9 +8,9 @@ info:
reference:
- https://wpscan.com/vulnerability/8354b34e-40f4-4b70-bb09-38e2cf572ce9
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: xss,wordpress,wpscan
requests:

6
vulnerabilities/wordpress/members-list-xss.yaml
View File

@ -8,9 +8,9 @@ info:
reference:
- https://wpscan.com/vulnerability/d13f26f0-5d91-49d7-b514-1577d4247648
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: wp,wordpress,wp-plugin,xss,wpscan
requests:

6
vulnerabilities/wordpress/modula-image-gallery-xss.yaml
View File

@ -11,9 +11,9 @@ info:
metadata:
verified: true
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: authenticated,wpscan,wp-plugin,xss,wp,wordpress
requests:

6
vulnerabilities/wordpress/new-user-approve-xss.yaml
View File

@ -11,9 +11,9 @@ info:
metadata:
verified: true
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: wordpress,xss,authenticated,wp-plugin,wpscan,wp
requests:

6
vulnerabilities/wordpress/sassy-social-share.yaml
View File

@ -9,9 +9,9 @@ info:
reference:
- https://wpscan.com/vulnerability/4631519b-2060-43a0-b69b-b3d7ed94c705
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: xss,wp,wpscan,wordpress,wp-plugin,sassy
requests:

6
vulnerabilities/wordpress/seo-redirection-xss.yaml
View File

@ -10,9 +10,9 @@ info:
reference:
- https://wpscan.com/vulnerability/b694b9c0-a367-468c-99c2-6ba35bcf21ea
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: wordpress,xss,wp-plugin,authenticated,wpscan
requests:

6
vulnerabilities/wordpress/shortpixel-image-optimizer-xss.yaml
View File

@ -11,9 +11,9 @@ info:
metadata:
verified: true
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: shortpixel,authenticated,wpscan,xss,wp-plugin,wp,wordpress
requests:

6
vulnerabilities/wordpress/woocommerce-pdf-invoices-xss.yaml
View File

@ -9,9 +9,9 @@ info:
- https://wpscan.com/vulnerability/bc05dde0-98a2-46e3-b2c8-7bdc8c32394b
- https://wordpress.org/plugins/woocommerce-pdf-invoices-packing-slips/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: xss,wp,wordpress,woocommerce,authenticated,wpscan,wp-plugin
requests:

6
vulnerabilities/wordpress/wordpress-wordfence-waf-bypass-xss.yaml
View File

@ -8,9 +8,9 @@ info:
reference:
- https://twitter.com/naglinagli/status/1382082473744564226
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: wordpress,wordfence,xss,bypass
requests:

6
vulnerabilities/wordpress/wordpress-wordfence-xss.yaml
View File

@ -6,9 +6,9 @@ info:
severity: medium
description: WordPress Wordfence 7.4.6 is vulnerable to cross-site scripting.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: wordpress,wp-plugin,xss,wordfence
requests:

6
vulnerabilities/wordpress/wordpress-zebra-form-xss.yaml
View File

@ -10,9 +10,9 @@ info:
- https://blog.wpscan.com/2021/02/15/zebra-form-xss-wordpress-vulnerability-affects-multiple-plugins.html
- https://wpscan.com/vulnerability/e4b796fa-3215-43ff-a6aa-71f6e1db25e5
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: wordpress,xss,wp,wpscan
requests:

6
vulnerabilities/wordpress/wp-all-export-xss.yaml
View File

@ -10,9 +10,9 @@ info:
reference:
- https://wpscan.com/vulnerability/de330a59-d64d-40be-86df-98997949e5e4
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: wp-plugin,xss,wp,wordpress,authenticated,wpscan
requests:

6
vulnerabilities/wordpress/wp-ambience-xss.yaml
View File

@ -10,9 +10,9 @@ info:
- https://www.exploit-db.com/expl oits/38568
- https://wpscan.com/vulnerability/c465e5c1-fe43-40e9-894a-97b8ac462381
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: wp-plugin,wp,edb,wpscan,wordpress,xss
requests:

6
vulnerabilities/wordpress/wp-code-snippets-xss.yaml
View File

@ -8,9 +8,9 @@ info:
reference:
- https://www.securify.nl/en/advisory/cross-site-scripting-in-code-snippets-wordpress-plugin/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
tags: wordpress,xss,wp-plugin,authenticated
requests: