commit
2b5c3c48cc
|
@ -4,12 +4,12 @@ info:
|
||||||
name: EEA - Information Disclosure
|
name: EEA - Information Disclosure
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: high
|
severity: high
|
||||||
description: EEA is susceptible to information disclosure.
|
description: EEA is susceptible to information disclosure including the username and password.
|
||||||
reference:
|
reference:
|
||||||
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-10543
|
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-10543
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
cvss-score: 5.3
|
cvss-score: 7.5
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-200
|
||||||
tags: config,exposure,cnvd,cnvd2021
|
tags: config,exposure,cnvd,cnvd2021
|
||||||
|
|
||||||
|
|
|
@ -1,17 +1,17 @@
|
||||||
id: lutron-default-login
|
id: lutron-default-login
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Lutron - Default Login
|
name: Lutron - Default Account
|
||||||
author: geeknik
|
author: geeknik
|
||||||
severity: high
|
severity: critical
|
||||||
description: Multiple Lutron devices contain a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
description: Multiple Lutron devices contain a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
||||||
reference:
|
reference:
|
||||||
- https://www.lutron.com
|
- https://www.lutron.com
|
||||||
- https://vulners.com/openvas/OPENVAS:1361412562310113206
|
- https://vulners.com/openvas/OPENVAS:1361412562310113206
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
cvss-score: 5.8
|
cvss-score: 9.8
|
||||||
cwe-id: CWE-522
|
cwe-id: CWE-1391
|
||||||
tags: default-login,lutron,iot
|
tags: default-login,lutron,iot
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -8,9 +8,9 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://docs.commscope.com/bundle/fastiron-08092-securityguide/page/GUID-32D3BB01-E600-4FBE-B555-7570B5024D34.html
|
- https://docs.commscope.com/bundle/fastiron-08092-securityguide/page/GUID-32D3BB01-E600-4FBE-B555-7570B5024D34.html
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
cvss-score: 8.3
|
cvss-score: 9.8
|
||||||
cwe-id: CWE-522
|
cwe-id: CWE-1391
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
shodan-query: title:"ruckus"
|
shodan-query: title:"ruckus"
|
||||||
|
|
|
@ -6,8 +6,8 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
description: MyBB installation panel was detected.
|
description: MyBB installation panel was detected.
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
|
||||||
cvss-score: 5.3
|
cvss-score: 8.6
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-200
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
|
|
@ -3,12 +3,12 @@ id: osticket-install
|
||||||
info:
|
info:
|
||||||
name: osTicket Installer Panel - Detect
|
name: osTicket Installer Panel - Detect
|
||||||
author: ritikchaddha
|
author: ritikchaddha
|
||||||
severity: high
|
severity: critical
|
||||||
description: osTicket installer panel was detected.
|
description: osTicket installer panel was detected.
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
|
||||||
cvss-score: 5.3
|
cvss-score: 9.4
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-284
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
shodan-query: http.title:"osTicket Installer"
|
shodan-query: http.title:"osTicket Installer"
|
||||||
|
|
|
@ -7,7 +7,7 @@ info:
|
||||||
description: |
|
description: |
|
||||||
SaltStack config panel was detected.
|
SaltStack config panel was detected.
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||||
cvss-score: 0.0
|
cvss-score: 0.0
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-200
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -6,8 +6,8 @@ info:
|
||||||
severity: info
|
severity: info
|
||||||
description: Apache Solr admin panel was detected.
|
description: Apache Solr admin panel was detected.
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||||
cvss-score: 8.6
|
cvss-score: 0.0
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-200
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
|
|
@ -6,7 +6,7 @@ info:
|
||||||
severity: info
|
severity: info
|
||||||
description: The Wagtail panel has been detected.
|
description: The Wagtail panel has been detected.
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||||
cvss-score: 0.0
|
cvss-score: 0.0
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-200
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -3,7 +3,7 @@ id: couchbase-buckets-api
|
||||||
info:
|
info:
|
||||||
name: Couchbase Buckets Unauthenticated REST API - Detect
|
name: Couchbase Buckets Unauthenticated REST API - Detect
|
||||||
author: geeknik
|
author: geeknik
|
||||||
severity: info
|
severity: medium
|
||||||
description: Couchbase Buckets REST API without authentication was detected.
|
description: Couchbase Buckets REST API without authentication was detected.
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||||
|
|
|
@ -10,9 +10,9 @@ info:
|
||||||
- https://docs.djangoproject.com/en/1.11/topics/logging/#django-security
|
- https://docs.djangoproject.com/en/1.11/topics/logging/#django-security
|
||||||
- https://github.com/projectdiscovery/nuclei-templates/blob/master/file/logs/django-framework-
|
- https://github.com/projectdiscovery/nuclei-templates/blob/master/file/logs/django-framework-
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||||
cvss-score: 5.3
|
cvss-score: 0.0
|
||||||
cwe-id: CWE-200exceptions.yaml
|
cwe-id: CWE-200
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
tags: exposure,config,django
|
tags: exposure,config,django
|
||||||
|
|
|
@ -8,8 +8,8 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://gruntjs.com/sample-gruntfile
|
- https://gruntjs.com/sample-gruntfile
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||||
cvss-score: 5.3
|
cvss-score: 0.0
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-200
|
||||||
tags: config,exposure
|
tags: config,exposure
|
||||||
|
|
||||||
|
|
|
@ -3,12 +3,12 @@ id: htpasswd-detection
|
||||||
info:
|
info:
|
||||||
name: Apache htpasswd Config - Detect
|
name: Apache htpasswd Config - Detect
|
||||||
author: geeknik
|
author: geeknik
|
||||||
severity: info
|
severity: high
|
||||||
description: Apache htpasswd configuration was detected.
|
description: Apache htpasswd configuration was detected.
|
||||||
reference: https://httpd.apache.org/docs/current/programs/htpasswd.html
|
reference: https://httpd.apache.org/docs/current/programs/htpasswd.html
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
cvss-score: 5.3
|
cvss-score: 7.5
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-200
|
||||||
tags: config,exposure
|
tags: config,exposure
|
||||||
|
|
||||||
|
|
|
@ -7,8 +7,8 @@ info:
|
||||||
description: Apache httpd configuration information was detected.
|
description: Apache httpd configuration information was detected.
|
||||||
reference: https://httpd.apache.org/docs/current/configuring.html
|
reference: https://httpd.apache.org/docs/current/configuring.html
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||||
cvss-score: 5.3
|
cvss-score: 0.0
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-200
|
||||||
tags: config,exposure,httpd
|
tags: config,exposure,httpd
|
||||||
|
|
||||||
|
|
|
@ -7,8 +7,8 @@ info:
|
||||||
description: Jetbrains IDE DataSources configuration information was detected.
|
description: Jetbrains IDE DataSources configuration information was detected.
|
||||||
reference: https://www.jetbrains.com
|
reference: https://www.jetbrains.com
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||||
cvss-score: 5.3
|
cvss-score: 0.0
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-200
|
||||||
tags: config,exposure,jetbrains
|
tags: config,exposure,jetbrains
|
||||||
|
|
||||||
|
|
|
@ -8,8 +8,8 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://issues.jboss.org/browse/KEYCLOAK-571
|
- https://issues.jboss.org/browse/KEYCLOAK-571
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||||
cvss-score: 5.3
|
cvss-score: 0.0
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-200
|
||||||
tags: keycloak,config
|
tags: keycloak,config
|
||||||
|
|
||||||
|
|
|
@ -8,8 +8,8 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://netbeans.apache.org/
|
- https://netbeans.apache.org/
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||||
cvss-score: 5.3
|
cvss-score: 0.0
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-200
|
||||||
tags: netbeans,config,exposure
|
tags: netbeans,config,exposure
|
||||||
|
|
||||||
|
|
|
@ -8,8 +8,8 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://owncloud.com/
|
- https://owncloud.com/
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||||
cvss-score: 5.3
|
cvss-score: 0.0
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-200
|
||||||
tags: config,exposure
|
tags: config,exposure
|
||||||
|
|
||||||
|
|
|
@ -7,8 +7,8 @@ info:
|
||||||
description: npm configuration information was detected. All npm packages contain a file, usually in the project root, called package.json - this file holds various metadata relevant to the project.
|
description: npm configuration information was detected. All npm packages contain a file, usually in the project root, called package.json - this file holds various metadata relevant to the project.
|
||||||
reference: https://www.npmjs.com
|
reference: https://www.npmjs.com
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||||
cvss-score: 5.3
|
cvss-score: 0.0
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-200
|
||||||
tags: config,exposure
|
tags: config,exposure
|
||||||
|
|
||||||
|
|
|
@ -7,8 +7,8 @@ info:
|
||||||
description: phpspec configuration information was detected.
|
description: phpspec configuration information was detected.
|
||||||
reference: https://phpspec.net/en/stable/cookbook/configuration.html
|
reference: https://phpspec.net/en/stable/cookbook/configuration.html
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||||
cvss-score: 5.3
|
cvss-score: 0.0
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-200
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
|
|
@ -7,8 +7,8 @@ info:
|
||||||
description: Pipfile configuration information was detected.
|
description: Pipfile configuration information was detected.
|
||||||
reference: https://pypi.org/project
|
reference: https://pypi.org/project
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||||
cvss-score: 5.3
|
cvss-score: 0.0
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-200
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
|
|
@ -9,8 +9,8 @@ info:
|
||||||
- https://raw.githubusercontent.com/maurosoria/dirsearch/master/db/dicc.txt
|
- https://raw.githubusercontent.com/maurosoria/dirsearch/master/db/dicc.txt
|
||||||
- https://github.com/rubocop/rubocop
|
- https://github.com/rubocop/rubocop
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||||
cvss-score: 5.3
|
cvss-score: 0.0
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-200
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
|
|
@ -1,39 +0,0 @@
|
||||||
id: lutron-iot-default-login
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: Lutron IOT Device Default Login Panel - Detect
|
|
||||||
author: geeknik
|
|
||||||
severity: high
|
|
||||||
description: Lutron IOT Device Default login panel was detected.
|
|
||||||
classification:
|
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
|
||||||
cvss-score: 0.0
|
|
||||||
cwe-id: CWE-200
|
|
||||||
reference:
|
|
||||||
- https://www.lutron.com
|
|
||||||
tags: iot,default-login,lutron,panel
|
|
||||||
|
|
||||||
requests:
|
|
||||||
- method: GET
|
|
||||||
path:
|
|
||||||
- "{{BaseURL}}/login?login=lutron&password=lutron"
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
words:
|
|
||||||
- "<TITLE>LUTRON</TITLE>"
|
|
||||||
- ">DeviceIP</A>"
|
|
||||||
- ">Get Database Info as XML</A>"
|
|
||||||
condition: and
|
|
||||||
|
|
||||||
- type: word
|
|
||||||
part: header
|
|
||||||
words:
|
|
||||||
- "text/html"
|
|
||||||
|
|
||||||
- type: status
|
|
||||||
status:
|
|
||||||
- 200
|
|
||||||
|
|
||||||
# Enhanced by mp on 2023/01/29
|
|
|
@ -1,27 +0,0 @@
|
||||||
id: addeventlistener-detect
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: DOM EventListener - Cross-Site Scripting
|
|
||||||
author: yavolo,dwisiswant0
|
|
||||||
severity: info
|
|
||||||
description: EventListener contains a cross-site scripting vulnerability via the document object model (DOM). An attacker can execute arbitrary script which can then allow theft of cookie-based authentication credentials and launch of other attacks.
|
|
||||||
reference:
|
|
||||||
- https://portswigger.net/web-security/dom-based/controlling-the-web-message-source
|
|
||||||
classification:
|
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
|
||||||
cvss-score: 7.2
|
|
||||||
cwe-id: CWE-79
|
|
||||||
tags: xss,misc
|
|
||||||
|
|
||||||
requests:
|
|
||||||
- method: GET
|
|
||||||
path:
|
|
||||||
- "{{BaseURL}}"
|
|
||||||
|
|
||||||
matchers:
|
|
||||||
- type: regex
|
|
||||||
part: body
|
|
||||||
regex:
|
|
||||||
- (([\w\_]+)\.)?add[Ee]vent[Ll]istener\(["']?[\w\_]+["']? # Test cases: https://www.regextester.com/?fam=121118
|
|
||||||
|
|
||||||
# Enhanced by md on 2022/09/19
|
|
|
@ -3,7 +3,7 @@ id: command-api-explorer
|
||||||
info:
|
info:
|
||||||
name: Command API Explorer Panel - Detect
|
name: Command API Explorer Panel - Detect
|
||||||
author: DhiyaneshDK
|
author: DhiyaneshDK
|
||||||
severity: low
|
severity: info
|
||||||
description: Command API Explorer panel was detected.
|
description: Command API Explorer panel was detected.
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||||
|
|
|
@ -3,7 +3,7 @@ id: dgraph-dashboard-exposure
|
||||||
info:
|
info:
|
||||||
name: Dgraph Ratel Dashboard Exposure Panel - Detect
|
name: Dgraph Ratel Dashboard Exposure Panel - Detect
|
||||||
author: dhiyaneshDk
|
author: dhiyaneshDk
|
||||||
severity: low
|
severity: info
|
||||||
description: Dgraph Ratel Dashboard Exposure panel was detected.
|
description: Dgraph Ratel Dashboard Exposure panel was detected.
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||||
|
|
|
@ -3,9 +3,9 @@ id: office365-open-redirect
|
||||||
info:
|
info:
|
||||||
name: Office365 Autodiscover - Open Redirect
|
name: Office365 Autodiscover - Open Redirect
|
||||||
author: dhiyaneshDk
|
author: dhiyaneshDk
|
||||||
severity: low
|
severity: medium
|
||||||
description: Office365 Autodiscover contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
|
description: Office365 Autodiscover contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
|
||||||
remediation: See https://learn.microsoft.com/en-us/outlook/troubleshoot/connectivity/how-to-suppress-autodiscover-redirect-warning for a workaround.
|
remediation: See the workaround detailed in the Medium post in the references.
|
||||||
reference:
|
reference:
|
||||||
- https://medium.com/@heinjame/office365-open-redirect-from-autodiscover-64284d26c168
|
- https://medium.com/@heinjame/office365-open-redirect-from-autodiscover-64284d26c168
|
||||||
classification:
|
classification:
|
||||||
|
|
|
@ -3,11 +3,11 @@ id: pghero-dashboard-exposure
|
||||||
info:
|
info:
|
||||||
name: PgHero Dashboard Exposure Panel - Detect
|
name: PgHero Dashboard Exposure Panel - Detect
|
||||||
author: DhiyaneshDk
|
author: DhiyaneshDk
|
||||||
severity: low
|
severity: medium
|
||||||
description: PgHero Dashboard Exposure panel was detected.
|
description: PgHero Dashboard Exposure panel was detected.
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||||
cvss-score: 0.0
|
cvss-score: 5.3
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-200
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/ankane/pghero
|
- https://github.com/ankane/pghero
|
||||||
|
|
|
@ -6,8 +6,8 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
description: Fastvue Dashboard panel was detected without authentication.
|
description: Fastvue Dashboard panel was detected without authentication.
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||||
cvss-score: 0.0
|
cvss-score: 5.3
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-200
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
|
|
@ -8,8 +8,8 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/Tinram/MySQL-Brute
|
- https://github.com/Tinram/MySQL-Brute
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||||
cvss-score: 5.3
|
cvss-score: 0.0
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-200
|
||||||
tags: network,mysql,bruteforce,db
|
tags: network,mysql,bruteforce,db
|
||||||
|
|
||||||
|
|
|
@ -9,9 +9,9 @@ info:
|
||||||
- https://sir.kr/g5_pds/4788?page=5
|
- https://sir.kr/g5_pds/4788?page=5
|
||||||
- https://github.com/gnuboard/gnuboard5/commit/8182cac90d2ee2f9da06469ecba759170e782ee3
|
- https://github.com/gnuboard/gnuboard5/commit/8182cac90d2ee2f9da06469ecba759170e782ee3
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
shodan-query: http.html:"Gnuboard"
|
shodan-query: http.html:"Gnuboard"
|
||||||
|
|
|
@ -10,9 +10,9 @@ info:
|
||||||
- https://huntr.dev/bounties/ed317cde-9bd1-429e-b6d3-547e72534dd5/
|
- https://huntr.dev/bounties/ed317cde-9bd1-429e-b6d3-547e72534dd5/
|
||||||
- https://vulners.com/huntr/25775287-88CD-4F00-B978-692D627DFF04
|
- https://vulners.com/huntr/25775287-88CD-4F00-B978-692D627DFF04
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
shodan-query: http.html:"gnuboard5"
|
shodan-query: http.html:"gnuboard5"
|
||||||
|
|
|
@ -9,9 +9,9 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://huntr.dev/bounties/ad2a9b32-fe6c-43e9-9b05-2c77c58dde6a/
|
- https://huntr.dev/bounties/ad2a9b32-fe6c-43e9-9b05-2c77c58dde6a/
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
shodan-query: http.html:"gnuboard5"
|
shodan-query: http.html:"gnuboard5"
|
||||||
|
|
|
@ -8,9 +8,9 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.dionach.com/blog/moodle-jmol-plugin-multiple-vulnerabilities/
|
- https://www.dionach.com/blog/moodle-jmol-plugin-multiple-vulnerabilities/
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
tags: moodle,xss
|
tags: moodle,xss
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -9,9 +9,9 @@ info:
|
||||||
- https://twitter.com/JacksonHHax/status/1391367064154042377
|
- https://twitter.com/JacksonHHax/status/1391367064154042377
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-32478
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-32478
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
tags: moodle,xss
|
tags: moodle,xss
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -10,9 +10,9 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/49546
|
- https://www.exploit-db.com/exploits/49546
|
||||||
- https://www.sourcecodester.com/
|
- https://www.sourcecodester.com/
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
shodan-query: http.html:"Car Rental Management System"
|
shodan-query: http.html:"Car Rental Management System"
|
||||||
|
|
|
@ -3,7 +3,7 @@ id: kavita-lfi
|
||||||
info:
|
info:
|
||||||
name: Kavita - Local File Inclusion
|
name: Kavita - Local File Inclusion
|
||||||
author: arafatansari
|
author: arafatansari
|
||||||
severity: medium
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
Kavita - Path Traversal is vulnerable to local file inclusion via abusing the Path Traversal filename parameter of the /api/image/cover-upload.
|
Kavita - Path Traversal is vulnerable to local file inclusion via abusing the Path Traversal filename parameter of the /api/image/cover-upload.
|
||||||
reference:
|
reference:
|
||||||
|
|
|
@ -3,14 +3,14 @@ id: keycloak-xss
|
||||||
info:
|
info:
|
||||||
name: Keycloak <= 8.0 - Cross-Site Scripting
|
name: Keycloak <= 8.0 - Cross-Site Scripting
|
||||||
author: incogbyte
|
author: incogbyte
|
||||||
severity: info
|
severity: medium
|
||||||
description: Keycloak 8.0 and prior contains a cross-site scripting vulnerability. An attacker can execute arbitrary script and thus steal cookie-based authentication credentials and launch other attacks.
|
description: Keycloak 8.0 and prior contains a cross-site scripting vulnerability. An attacker can execute arbitrary script and thus steal cookie-based authentication credentials and launch other attacks.
|
||||||
reference:
|
reference:
|
||||||
- https://cure53.de/pentest-report_keycloak.pdf
|
- https://cure53.de/pentest-report_keycloak.pdf
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
tags: keycloak,xss
|
tags: keycloak,xss
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -8,9 +8,9 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/26305
|
- https://www.exploit-db.com/exploits/26305
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
tags: edb,xss,squirrelmail,plugin
|
tags: edb,xss,squirrelmail,plugin
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -8,9 +8,9 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/34814
|
- https://www.exploit-db.com/exploits/34814
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
tags: xss,squirrelmail,plugin,edb
|
tags: xss,squirrelmail,plugin,edb
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -3,13 +3,13 @@ id: ecology-arbitrary-file-upload
|
||||||
info:
|
info:
|
||||||
name: Ecology - Arbitrary File Upload
|
name: Ecology - Arbitrary File Upload
|
||||||
author: ritikchaddha
|
author: ritikchaddha
|
||||||
severity: medium
|
severity: critical
|
||||||
description: Ecology contains an arbitrary file upload vulnerability. An attacker can upload arbitrary files to the server, which in turn can be used to make the application execute file content as code, As a result, an attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
|
description: Ecology contains an arbitrary file upload vulnerability. An attacker can upload arbitrary files to the server, which in turn can be used to make the application execute file content as code, As a result, an attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
|
||||||
reference:
|
reference:
|
||||||
- https://mp.weixin.qq.com/s/wH5luLISE_G381W2ssv93g
|
- https://mp.weixin.qq.com/s/wH5luLISE_G381W2ssv93g
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
cvss-score: 8.8
|
cvss-score: 9.8
|
||||||
cwe-id: CWE-434
|
cwe-id: CWE-434
|
||||||
metadata:
|
metadata:
|
||||||
fofa-query: app="泛微-协同办公OA"
|
fofa-query: app="泛微-协同办公OA"
|
||||||
|
|
|
@ -9,9 +9,9 @@ info:
|
||||||
- https://wpscan.com/vulnerability/4a310b4f-79fa-4b74-93f8-e4522921abe1
|
- https://wpscan.com/vulnerability/4a310b4f-79fa-4b74-93f8-e4522921abe1
|
||||||
- https://wordpress.org/plugins/404-to-301
|
- https://wordpress.org/plugins/404-to-301
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
tags: wpscan,wp-plugin,xss,wp,wordpress,authenticated
|
tags: wpscan,wp-plugin,xss,wp,wordpress,authenticated
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -12,9 +12,9 @@ info:
|
||||||
verified: true
|
verified: true
|
||||||
google-query: inurl:/wp-content/plugins/wp-analytify
|
google-query: inurl:/wp-content/plugins/wp-analytify
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
tags: wp,wordpress,analytify,wpscan,wp-plugin,xss
|
tags: wp,wordpress,analytify,wpscan,wp-plugin,xss
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -12,9 +12,9 @@ info:
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
tags: xss,,wp,wpscan,wordpress,wp-plugin
|
tags: xss,,wp,wpscan,wordpress,wp-plugin
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -13,9 +13,9 @@ info:
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
tags: wordpress,wp-plugin,xss,wp,wpscan
|
tags: wordpress,wp-plugin,xss,wp,wpscan
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -11,9 +11,9 @@ info:
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
tags: xss,wp,wordpress,authenticated,woocommerce,wpscan,wp-plugin
|
tags: xss,wp,wordpress,authenticated,woocommerce,wpscan,wp-plugin
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -9,9 +9,9 @@ info:
|
||||||
- https://wpscan.com/vulnerability/a59e7102-13d6-4f1e-b7b1-75eae307e516
|
- https://wpscan.com/vulnerability/a59e7102-13d6-4f1e-b7b1-75eae307e516
|
||||||
- https://wordpress.org/plugins/clearfy
|
- https://wordpress.org/plugins/clearfy
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
tags: xss,wp,wordpress,authenticated,clearfy-cache,wpscan,wp-plugin
|
tags: xss,wp,wordpress,authenticated,clearfy-cache,wpscan,wp-plugin
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -11,9 +11,9 @@ info:
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
tags: wp-plugin,xss,wp,wordpress,authenticated,curcy,wpscan
|
tags: wp-plugin,xss,wp,wordpress,authenticated,curcy,wpscan
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -8,9 +8,9 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://wpscan.com/vulnerability/8354b34e-40f4-4b70-bb09-38e2cf572ce9
|
- https://wpscan.com/vulnerability/8354b34e-40f4-4b70-bb09-38e2cf572ce9
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
tags: xss,wordpress,wpscan
|
tags: xss,wordpress,wpscan
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -8,9 +8,9 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://wpscan.com/vulnerability/d13f26f0-5d91-49d7-b514-1577d4247648
|
- https://wpscan.com/vulnerability/d13f26f0-5d91-49d7-b514-1577d4247648
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
tags: wp,wordpress,wp-plugin,xss,wpscan
|
tags: wp,wordpress,wp-plugin,xss,wpscan
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -11,9 +11,9 @@ info:
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
tags: authenticated,wpscan,wp-plugin,xss,wp,wordpress
|
tags: authenticated,wpscan,wp-plugin,xss,wp,wordpress
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -11,9 +11,9 @@ info:
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
tags: wordpress,xss,authenticated,wp-plugin,wpscan,wp
|
tags: wordpress,xss,authenticated,wp-plugin,wpscan,wp
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -9,9 +9,9 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://wpscan.com/vulnerability/4631519b-2060-43a0-b69b-b3d7ed94c705
|
- https://wpscan.com/vulnerability/4631519b-2060-43a0-b69b-b3d7ed94c705
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
tags: xss,wp,wpscan,wordpress,wp-plugin,sassy
|
tags: xss,wp,wpscan,wordpress,wp-plugin,sassy
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -10,9 +10,9 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://wpscan.com/vulnerability/b694b9c0-a367-468c-99c2-6ba35bcf21ea
|
- https://wpscan.com/vulnerability/b694b9c0-a367-468c-99c2-6ba35bcf21ea
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
tags: wordpress,xss,wp-plugin,authenticated,wpscan
|
tags: wordpress,xss,wp-plugin,authenticated,wpscan
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -11,9 +11,9 @@ info:
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
tags: shortpixel,authenticated,wpscan,xss,wp-plugin,wp,wordpress
|
tags: shortpixel,authenticated,wpscan,xss,wp-plugin,wp,wordpress
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -9,9 +9,9 @@ info:
|
||||||
- https://wpscan.com/vulnerability/bc05dde0-98a2-46e3-b2c8-7bdc8c32394b
|
- https://wpscan.com/vulnerability/bc05dde0-98a2-46e3-b2c8-7bdc8c32394b
|
||||||
- https://wordpress.org/plugins/woocommerce-pdf-invoices-packing-slips/
|
- https://wordpress.org/plugins/woocommerce-pdf-invoices-packing-slips/
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
tags: xss,wp,wordpress,woocommerce,authenticated,wpscan,wp-plugin
|
tags: xss,wp,wordpress,woocommerce,authenticated,wpscan,wp-plugin
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -8,9 +8,9 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://twitter.com/naglinagli/status/1382082473744564226
|
- https://twitter.com/naglinagli/status/1382082473744564226
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
tags: wordpress,wordfence,xss,bypass
|
tags: wordpress,wordfence,xss,bypass
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -6,9 +6,9 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
description: WordPress Wordfence 7.4.6 is vulnerable to cross-site scripting.
|
description: WordPress Wordfence 7.4.6 is vulnerable to cross-site scripting.
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
tags: wordpress,wp-plugin,xss,wordfence
|
tags: wordpress,wp-plugin,xss,wordfence
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -10,9 +10,9 @@ info:
|
||||||
- https://blog.wpscan.com/2021/02/15/zebra-form-xss-wordpress-vulnerability-affects-multiple-plugins.html
|
- https://blog.wpscan.com/2021/02/15/zebra-form-xss-wordpress-vulnerability-affects-multiple-plugins.html
|
||||||
- https://wpscan.com/vulnerability/e4b796fa-3215-43ff-a6aa-71f6e1db25e5
|
- https://wpscan.com/vulnerability/e4b796fa-3215-43ff-a6aa-71f6e1db25e5
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
tags: wordpress,xss,wp,wpscan
|
tags: wordpress,xss,wp,wpscan
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -10,9 +10,9 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://wpscan.com/vulnerability/de330a59-d64d-40be-86df-98997949e5e4
|
- https://wpscan.com/vulnerability/de330a59-d64d-40be-86df-98997949e5e4
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
tags: wp-plugin,xss,wp,wordpress,authenticated,wpscan
|
tags: wp-plugin,xss,wp,wordpress,authenticated,wpscan
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -10,9 +10,9 @@ info:
|
||||||
- https://www.exploit-db.com/expl oits/38568
|
- https://www.exploit-db.com/expl oits/38568
|
||||||
- https://wpscan.com/vulnerability/c465e5c1-fe43-40e9-894a-97b8ac462381
|
- https://wpscan.com/vulnerability/c465e5c1-fe43-40e9-894a-97b8ac462381
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
tags: wp-plugin,wp,edb,wpscan,wordpress,xss
|
tags: wp-plugin,wp,edb,wpscan,wordpress,xss
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -8,9 +8,9 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.securify.nl/en/advisory/cross-site-scripting-in-code-snippets-wordpress-plugin/
|
- https://www.securify.nl/en/advisory/cross-site-scripting-in-code-snippets-wordpress-plugin/
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 7.2
|
cvss-score: 5.4
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-80
|
||||||
tags: wordpress,xss,wp-plugin,authenticated
|
tags: wordpress,xss,wp-plugin,authenticated
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
Loading…
Reference in New Issue