Merge pull request #6823 from sullo/severity-matching

Match severity with CVSS
2023-03-15 20:48:33 +05:30 · 2023-03-15 20:48:33 +05:30 · 2b5c3c48cc
parent e518430a82 91a3e38f7d
commit 2b5c3c48cc
61 changed files with 221 additions and 287 deletions
--- a/cnvd/2021/CNVD-2021-10543.yaml
+++ b/cnvd/2021/CNVD-2021-10543.yaml
@ -4,12 +4,12 @@ info:
  name: EEA - Information Disclosure
  author: pikpikcu
  severity: high
-  description: EEA is susceptible to information disclosure.
+  description: EEA is susceptible to information disclosure including the username and password.
  reference:
    - https://www.cnvd.org.cn/flaw/show/CNVD-2021-10543
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
-    cvss-score: 5.3
+    cvss-score: 7.5
    cwe-id: CWE-200
  tags: config,exposure,cnvd,cnvd2021
--- a/default-logins/lutron/lutron-default-login.yaml
+++ b/default-logins/lutron/lutron-default-login.yaml
@ -1,17 +1,17 @@
 id: lutron-default-login
 info:
-  name: Lutron - Default Login
+  name: Lutron - Default Account
  author: geeknik
-  severity: high
+  severity: critical
  description: Multiple Lutron devices contain a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
  reference:
    - https://www.lutron.com
    - https://vulners.com/openvas/OPENVAS:1361412562310113206
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-    cvss-score: 5.8
+    cvss-score: 9.8
-    cwe-id: CWE-522
+    cwe-id: CWE-1391
  tags: default-login,lutron,iot
 requests:
--- a/default-logins/ruckus/ruckus-wireless-default-login.yaml
+++ b/default-logins/ruckus/ruckus-wireless-default-login.yaml
@ -8,9 +8,9 @@ info:
  reference:
    - https://docs.commscope.com/bundle/fastiron-08092-securityguide/page/GUID-32D3BB01-E600-4FBE-B555-7570B5024D34.html
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-    cvss-score: 8.3
+    cvss-score: 9.8
-    cwe-id: CWE-522
+    cwe-id: CWE-1391
  metadata:
    verified: true
    shodan-query: title:"ruckus"
--- a/exposed-panels/mybb/mybb-forum-install.yaml
+++ b/exposed-panels/mybb/mybb-forum-install.yaml
@ -6,8 +6,8 @@ info:
  severity: high
  description: MyBB installation panel was detected.
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
-    cvss-score: 5.3
+    cvss-score: 8.6
    cwe-id: CWE-200
  metadata:
    verified: true
--- a/exposed-panels/osticket/osticket-install.yaml
+++ b/exposed-panels/osticket/osticket-install.yaml
@ -3,12 +3,12 @@ id: osticket-install
 info:
  name: osTicket Installer Panel - Detect
  author: ritikchaddha
-  severity: high
+  severity: critical
  description: osTicket installer panel was detected.
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
-    cvss-score: 5.3
+    cvss-score: 9.4
-    cwe-id: CWE-200
+    cwe-id: CWE-284
  metadata:
    verified: true
    shodan-query: http.title:"osTicket Installer"
--- a/exposed-panels/saltstack-config-panel.yaml
+++ b/exposed-panels/saltstack-config-panel.yaml
@ -1,34 +1,34 @@
-id: saltstack-config-panel
+id: saltstack-config-panel
-
+
-info:
+info:
-  name: SaltStack Config Panel - Detect
+  name: SaltStack Config Panel - Detect
-  author: pussycat0x
+  author: pussycat0x
-  severity: info
+  severity: info
-  description: |
+  description: |
-    SaltStack config panel was detected.
+    SaltStack config panel was detected.
-  classification:
+  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
-    cvss-score: 0.0
+    cvss-score: 0.0
-    cwe-id: CWE-200
+    cwe-id: CWE-200
-  metadata:
+  metadata:
-    verified: true
+    verified: true
-    shodan-query: title:"SaltStack Config"
+    shodan-query: title:"SaltStack Config"
-  tags: panel,vmware,login,saltstack
+  tags: panel,vmware,login,saltstack
-
+
-requests:
+requests:
-  - method: GET
+  - method: GET
-    path:
+    path:
-      - "{{BaseURL}}/login"
+      - "{{BaseURL}}/login"
-
+
-    matchers-condition: and
+    matchers-condition: and
-    matchers:
+    matchers:
-      - type: word
+      - type: word
-        part: body
+        part: body
-        words:
+        words:
-          - "SaltStack Config"
+          - "SaltStack Config"
-
+
-      - type: status
+      - type: status
-        status:
+        status:
-          - 200
+          - 200
-
+
-# Enhanced by cs 01/26/2023
+# Enhanced by cs 01/26/2023
--- a/exposed-panels/solr-panel-exposure.yaml
+++ b/exposed-panels/solr-panel-exposure.yaml
@ -6,8 +6,8 @@ info:
  severity: info
  description: Apache Solr admin panel was detected.
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
-    cvss-score: 8.6
+    cvss-score: 0.0
    cwe-id: CWE-200
  metadata:
    verified: true
--- a/exposed-panels/wagtail-cms-detect.yaml
+++ b/exposed-panels/wagtail-cms-detect.yaml
@ -1,35 +1,35 @@
-id: wagtail-login
+id: wagtail-login
-
+
-info:
+info:
-  name: Wagtail Login - Detect
+  name: Wagtail Login - Detect
-  author: kishore-hariram
+  author: kishore-hariram
-  severity: info
+  severity: info
-  description: The Wagtail panel has been detected.
+  description: The Wagtail panel has been detected.
-  classification:
+  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
-    cvss-score: 0.0
+    cvss-score: 0.0
-    cwe-id: CWE-200
+    cwe-id: CWE-200
-  metadata:
+  metadata:
-    verified: true
+    verified: true
-    shodan-query: title:"Wagtail - Sign in"
+    shodan-query: title:"Wagtail - Sign in"
-  tags: panel,wagtail
+  tags: panel,wagtail
-
+
-requests:
+requests:
-  - method: GET
+  - method: GET
-    path:
+    path:
-      - '{{BaseURL}}/login/?next=/'
+      - '{{BaseURL}}/login/?next=/'
-      - '{{BaseURL}}/admin/login/?next=/admin/'
+      - '{{BaseURL}}/admin/login/?next=/admin/'
-
+
-    stop-at-first-match: true
+    stop-at-first-match: true
-    matchers-condition: and
+    matchers-condition: and
-    matchers:
+    matchers:
-      - type: word
+      - type: word
-        part: body
+        part: body
-        words:
+        words:
-          - 'Wagtail - Sign in'
+          - 'Wagtail - Sign in'
-
+
-      - type: status
+      - type: status
-        status:
+        status:
-          - 200
+          - 200
-
+
-# Enhanced by cs 01/23/2023
+# Enhanced by cs 01/23/2023
--- a/exposures/apis/couchbase-buckets-api.yaml
+++ b/exposures/apis/couchbase-buckets-api.yaml
@ -3,7 +3,7 @@ id: couchbase-buckets-api
 info:
  name: Couchbase Buckets Unauthenticated REST API - Detect
  author: geeknik
-  severity: info
+  severity: medium
  description: Couchbase Buckets REST API without authentication was detected.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
--- a/exposures/configs/django-variables-exposed.yaml
+++ b/exposures/configs/django-variables-exposed.yaml
@ -10,9 +10,9 @@ info:
    - https://docs.djangoproject.com/en/1.11/topics/logging/#django-security
    - https://github.com/projectdiscovery/nuclei-templates/blob/master/file/logs/django-framework-
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
-    cvss-score: 5.3
+    cvss-score: 0.0
-    cwe-id: CWE-200exceptions.yaml
+    cwe-id: CWE-200
  metadata:
    verified: true
  tags: exposure,config,django
--- a/exposures/configs/gruntfile-exposure.yaml
+++ b/exposures/configs/gruntfile-exposure.yaml
@ -8,8 +8,8 @@ info:
  reference:
    - https://gruntjs.com/sample-gruntfile
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
-    cvss-score: 5.3
+    cvss-score: 0.0
    cwe-id: CWE-200
  tags: config,exposure
--- a/exposures/configs/htpasswd-detection.yaml
+++ b/exposures/configs/htpasswd-detection.yaml
@ -3,12 +3,12 @@ id: htpasswd-detection
 info:
  name: Apache htpasswd Config - Detect
  author: geeknik
-  severity: info
+  severity: high
  description: Apache htpasswd configuration was detected.
  reference: https://httpd.apache.org/docs/current/programs/htpasswd.html
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
-    cvss-score: 5.3
+    cvss-score: 7.5
    cwe-id: CWE-200
  tags: config,exposure
--- a/exposures/configs/httpd-config.yaml
+++ b/exposures/configs/httpd-config.yaml
@ -7,8 +7,8 @@ info:
  description: Apache httpd configuration information was detected.
  reference: https://httpd.apache.org/docs/current/configuring.html
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
-    cvss-score: 5.3
+    cvss-score: 0.0
    cwe-id: CWE-200
  tags: config,exposure,httpd
--- a/exposures/configs/jetbrains-datasources.yaml
+++ b/exposures/configs/jetbrains-datasources.yaml
@ -7,8 +7,8 @@ info:
  description: Jetbrains IDE DataSources configuration information was detected.
  reference: https://www.jetbrains.com
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
-    cvss-score: 5.3
+    cvss-score: 0.0
    cwe-id: CWE-200
  tags: config,exposure,jetbrains
--- a/exposures/configs/keycloak-openid-config.yaml
+++ b/exposures/configs/keycloak-openid-config.yaml
@ -8,8 +8,8 @@ info:
  reference:
    - https://issues.jboss.org/browse/KEYCLOAK-571
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
-    cvss-score: 5.3
+    cvss-score: 0.0
    cwe-id: CWE-200
  tags: keycloak,config
--- a/exposures/configs/netbeans-config.yaml
+++ b/exposures/configs/netbeans-config.yaml
@ -8,8 +8,8 @@ info:
  reference:
    - https://netbeans.apache.org/
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
-    cvss-score: 5.3
+    cvss-score: 0.0
    cwe-id: CWE-200
  tags: netbeans,config,exposure
--- a/exposures/configs/owncloud-config.yaml
+++ b/exposures/configs/owncloud-config.yaml
@ -8,8 +8,8 @@ info:
  reference:
    - https://owncloud.com/
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
-    cvss-score: 5.3
+    cvss-score: 0.0
    cwe-id: CWE-200
  tags: config,exposure
--- a/exposures/configs/package-json.yaml
+++ b/exposures/configs/package-json.yaml
@ -7,8 +7,8 @@ info:
  description: npm configuration information was detected. All npm packages contain a file, usually in the project root, called package.json - this file holds various metadata relevant to the project.
  reference: https://www.npmjs.com
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
-    cvss-score: 5.3
+    cvss-score: 0.0
    cwe-id: CWE-200
  tags: config,exposure
--- a/exposures/configs/phpsec-config.yaml
+++ b/exposures/configs/phpsec-config.yaml
@ -7,8 +7,8 @@ info:
  description: phpspec configuration information was detected.
  reference: https://phpspec.net/en/stable/cookbook/configuration.html
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
-    cvss-score: 5.3
+    cvss-score: 0.0
    cwe-id: CWE-200
  metadata:
    verified: true
--- a/exposures/configs/pipfile-config.yaml
+++ b/exposures/configs/pipfile-config.yaml
@ -7,8 +7,8 @@ info:
  description: Pipfile configuration information was detected.
  reference: https://pypi.org/project
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
-    cvss-score: 5.3
+    cvss-score: 0.0
    cwe-id: CWE-200
  metadata:
    verified: true
--- a/exposures/configs/rubocop-config.yaml
+++ b/exposures/configs/rubocop-config.yaml
@ -9,8 +9,8 @@ info:
    - https://raw.githubusercontent.com/maurosoria/dirsearch/master/db/dicc.txt
    - https://github.com/rubocop/rubocop
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
-    cvss-score: 5.3
+    cvss-score: 0.0
    cwe-id: CWE-200
  metadata:
    verified: true
--- a/iot/lutron-iot-default-login.yaml
+++ b/iot/lutron-iot-default-login.yaml
@ -1,39 +0,0 @@
 id: lutron-iot-default-login
 info:
  name: Lutron IOT Device Default Login Panel - Detect
  author: geeknik
  severity: high
  description: Lutron IOT Device Default login panel was detected.
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cvss-score: 0.0
    cwe-id: CWE-200
  reference:
    - https://www.lutron.com
  tags: iot,default-login,lutron,panel
 requests:
  - method: GET
    path:
      - "{{BaseURL}}/login?login=lutron&password=lutron"
    matchers-condition: and
    matchers:
      - type: word
        words:
          - "<TITLE>LUTRON</TITLE>"
          - ">DeviceIP</A>"
          - ">Get Database Info as XML</A>"
        condition: and
      - type: word
        part: header
        words:
          - "text/html"
      - type: status
        status:
          - 200
 # Enhanced by mp on 2023/01/29
--- a/miscellaneous/addeventlistener-detect.yaml
+++ b/miscellaneous/addeventlistener-detect.yaml
@ -1,27 +0,0 @@
 id: addeventlistener-detect
 info:
  name: DOM EventListener - Cross-Site Scripting
  author: yavolo,dwisiswant0
  severity: info
  description: EventListener contains a cross-site scripting vulnerability via the document object model (DOM). An attacker can execute arbitrary script which can then allow theft of cookie-based authentication credentials and launch of  other attacks.
  reference:
    - https://portswigger.net/web-security/dom-based/controlling-the-web-message-source
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
    cvss-score: 7.2
    cwe-id: CWE-79
  tags: xss,misc
 requests:
  - method: GET
    path:
      - "{{BaseURL}}"
    matchers:
      - type: regex
        part: body
        regex:
          - (([\w\_]+)\.)?add[Ee]vent[Ll]istener\(["']?[\w\_]+["']? # Test cases: https://www.regextester.com/?fam=121118
 # Enhanced by md on 2022/09/19
--- a/misconfiguration/command-api-explorer.yaml
+++ b/misconfiguration/command-api-explorer.yaml
@ -3,7 +3,7 @@ id: command-api-explorer
 info:
  name: Command API Explorer Panel - Detect
  author: DhiyaneshDK
-  severity: low
+  severity: info
  description: Command API Explorer panel was detected.
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
--- a/misconfiguration/dgraph-dashboard-exposure.yaml
+++ b/misconfiguration/dgraph-dashboard-exposure.yaml
@ -3,7 +3,7 @@ id: dgraph-dashboard-exposure
 info:
  name: Dgraph Ratel Dashboard Exposure Panel - Detect
  author: dhiyaneshDk
-  severity: low
+  severity: info
  description: Dgraph Ratel Dashboard Exposure panel was detected.
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
--- a/misconfiguration/office365-open-redirect.yaml
+++ b/misconfiguration/office365-open-redirect.yaml
@ -3,9 +3,9 @@ id: office365-open-redirect
 info:
  name: Office365 Autodiscover - Open Redirect
  author: dhiyaneshDk
-  severity: low
+  severity: medium
  description: Office365 Autodiscover contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
-  remediation: See https://learn.microsoft.com/en-us/outlook/troubleshoot/connectivity/how-to-suppress-autodiscover-redirect-warning for a workaround.
+  remediation: See the workaround detailed in the Medium post in the references.
  reference:
    - https://medium.com/@heinjame/office365-open-redirect-from-autodiscover-64284d26c168
  classification:
--- a/misconfiguration/pghero-dashboard-exposure.yaml
+++ b/misconfiguration/pghero-dashboard-exposure.yaml
@ -3,11 +3,11 @@ id: pghero-dashboard-exposure
 info:
  name: PgHero Dashboard Exposure Panel - Detect
  author: DhiyaneshDk
-  severity: low
+  severity: medium
  description: PgHero Dashboard Exposure panel was detected.
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
-    cvss-score: 0.0
+    cvss-score: 5.3
    cwe-id: CWE-200
  reference:
    - https://github.com/ankane/pghero
--- a/misconfiguration/unauth-fastvue-dashboard.yaml
+++ b/misconfiguration/unauth-fastvue-dashboard.yaml
@ -6,8 +6,8 @@ info:
  severity: medium
  description: Fastvue Dashboard panel was detected without authentication.
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
-    cvss-score: 0.0
+    cvss-score: 5.3
    cwe-id: CWE-200
  metadata:
    verified: true
--- a/network/mysql-native-password.yaml
+++ b/network/mysql-native-password.yaml
@ -8,8 +8,8 @@ info:
  reference:
    - https://github.com/Tinram/MySQL-Brute
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
-    cvss-score: 5.3
+    cvss-score: 0.0
    cwe-id: CWE-200
  tags: network,mysql,bruteforce,db
--- a/vulnerabilities/gnuboard/gnuboard-sms-xss.yaml
+++ b/vulnerabilities/gnuboard/gnuboard-sms-xss.yaml
@ -9,9 +9,9 @@ info:
    - https://sir.kr/g5_pds/4788?page=5
    - https://github.com/gnuboard/gnuboard5/commit/8182cac90d2ee2f9da06469ecba759170e782ee3
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  metadata:
    verified: true
    shodan-query: http.html:"Gnuboard"
--- a/vulnerabilities/gnuboard/gnuboard5-rxss.yaml
+++ b/vulnerabilities/gnuboard/gnuboard5-rxss.yaml
@ -10,9 +10,9 @@ info:
    - https://huntr.dev/bounties/ed317cde-9bd1-429e-b6d3-547e72534dd5/
    - https://vulners.com/huntr/25775287-88CD-4F00-B978-692D627DFF04
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  metadata:
    verified: true
    shodan-query: http.html:"gnuboard5"
--- a/vulnerabilities/gnuboard/gnuboard5-xss.yaml
+++ b/vulnerabilities/gnuboard/gnuboard5-xss.yaml
@ -9,9 +9,9 @@ info:
  reference:
    - https://huntr.dev/bounties/ad2a9b32-fe6c-43e9-9b05-2c77c58dde6a/
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  metadata:
    verified: true
    shodan-query: http.html:"gnuboard5"
--- a/vulnerabilities/moodle/moodle-filter-jmol-xss.yaml
+++ b/vulnerabilities/moodle/moodle-filter-jmol-xss.yaml
@ -8,9 +8,9 @@ info:
  reference:
    - https://www.dionach.com/blog/moodle-jmol-plugin-multiple-vulnerabilities/
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  tags: moodle,xss
 requests:
--- a/vulnerabilities/moodle/moodle-xss.yaml
+++ b/vulnerabilities/moodle/moodle-xss.yaml
@ -9,9 +9,9 @@ info:
    - https://twitter.com/JacksonHHax/status/1391367064154042377
    - https://nvd.nist.gov/vuln/detail/CVE-2021-32478
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  tags: moodle,xss
 requests:
--- a/vulnerabilities/other/carrental-xss.yaml
+++ b/vulnerabilities/other/carrental-xss.yaml
@ -10,9 +10,9 @@ info:
    - https://www.exploit-db.com/exploits/49546
    - https://www.sourcecodester.com/
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  metadata:
    verified: true
    shodan-query: http.html:"Car Rental Management System"
--- a/vulnerabilities/other/kavita-lfi.yaml
+++ b/vulnerabilities/other/kavita-lfi.yaml
@ -3,7 +3,7 @@ id: kavita-lfi
 info:
  name: Kavita - Local File Inclusion
  author: arafatansari
-  severity: medium
+  severity: high
  description: |
    Kavita - Path Traversal is vulnerable to local file inclusion via abusing the Path Traversal filename parameter of the /api/image/cover-upload.
  reference:
--- a/vulnerabilities/other/keycloak-xss.yaml
+++ b/vulnerabilities/other/keycloak-xss.yaml
@ -3,14 +3,14 @@ id: keycloak-xss
 info:
  name: Keycloak <= 8.0 - Cross-Site Scripting
  author: incogbyte
-  severity: info
+  severity: medium
  description: Keycloak 8.0 and prior contains a cross-site scripting vulnerability. An attacker can execute arbitrary script and thus steal cookie-based authentication credentials and launch other attacks.
  reference:
    - https://cure53.de/pentest-report_keycloak.pdf
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  tags: keycloak,xss
 requests:
--- a/vulnerabilities/squirrelmail/squirrelmail-add-xss.yaml
+++ b/vulnerabilities/squirrelmail/squirrelmail-add-xss.yaml
@ -8,9 +8,9 @@ info:
  reference:
    - https://www.exploit-db.com/exploits/26305
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  tags: edb,xss,squirrelmail,plugin
 requests:
--- a/vulnerabilities/squirrelmail/squirrelmail-vkeyboard-xss.yaml
+++ b/vulnerabilities/squirrelmail/squirrelmail-vkeyboard-xss.yaml
@ -8,9 +8,9 @@ info:
  reference:
    - https://www.exploit-db.com/exploits/34814
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  tags: xss,squirrelmail,plugin,edb
 requests:
--- a/vulnerabilities/weaver/ecology/ecology-arbitrary-file-upload.yaml
+++ b/vulnerabilities/weaver/ecology/ecology-arbitrary-file-upload.yaml
@ -3,13 +3,13 @@ id: ecology-arbitrary-file-upload
 info:
  name: Ecology - Arbitrary File Upload
  author: ritikchaddha
-  severity: medium
+  severity: critical
  description: Ecology contains an arbitrary file upload vulnerability. An attacker can upload arbitrary files to the server, which in turn can be used to make the application execute file content as code, As a result, an attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
  reference:
    - https://mp.weixin.qq.com/s/wH5luLISE_G381W2ssv93g
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-    cvss-score: 8.8
+    cvss-score: 9.8
    cwe-id: CWE-434
  metadata:
    fofa-query: app="泛微-协同办公OA"
--- a/vulnerabilities/wordpress/404-to-301-xss.yaml
+++ b/vulnerabilities/wordpress/404-to-301-xss.yaml
@ -9,9 +9,9 @@ info:
    - https://wpscan.com/vulnerability/4a310b4f-79fa-4b74-93f8-e4522921abe1
    - https://wordpress.org/plugins/404-to-301
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  tags: wpscan,wp-plugin,xss,wp,wordpress,authenticated
 requests:
--- a/vulnerabilities/wordpress/analytify-plugin-xss.yaml
+++ b/vulnerabilities/wordpress/analytify-plugin-xss.yaml
@ -12,9 +12,9 @@ info:
    verified: true
    google-query: inurl:/wp-content/plugins/wp-analytify
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  tags: wp,wordpress,analytify,wpscan,wp-plugin,xss
 requests:
--- a/vulnerabilities/wordpress/avchat-video-chat-xss.yaml
+++ b/vulnerabilities/wordpress/avchat-video-chat-xss.yaml
@ -12,9 +12,9 @@ info:
  metadata:
    verified: true
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  tags: xss,,wp,wpscan,wordpress,wp-plugin
--- a/vulnerabilities/wordpress/calameo-publications-xss.yaml
+++ b/vulnerabilities/wordpress/calameo-publications-xss.yaml
@ -13,9 +13,9 @@ info:
  metadata:
    verified: true
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  tags: wordpress,wp-plugin,xss,wp,wpscan
 requests:
--- a/vulnerabilities/wordpress/checkout-fields-manager-xss.yaml
+++ b/vulnerabilities/wordpress/checkout-fields-manager-xss.yaml
@ -11,9 +11,9 @@ info:
  metadata:
    verified: true
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  tags: xss,wp,wordpress,authenticated,woocommerce,wpscan,wp-plugin
 requests:
--- a/vulnerabilities/wordpress/clearfy-cache-xss.yaml
+++ b/vulnerabilities/wordpress/clearfy-cache-xss.yaml
@ -9,9 +9,9 @@ info:
    - https://wpscan.com/vulnerability/a59e7102-13d6-4f1e-b7b1-75eae307e516
    - https://wordpress.org/plugins/clearfy
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  tags: xss,wp,wordpress,authenticated,clearfy-cache,wpscan,wp-plugin
 requests:
--- a/vulnerabilities/wordpress/curcy-xss.yaml
+++ b/vulnerabilities/wordpress/curcy-xss.yaml
@ -11,9 +11,9 @@ info:
  metadata:
    verified: true
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  tags: wp-plugin,xss,wp,wordpress,authenticated,curcy,wpscan
 requests:
--- a/vulnerabilities/wordpress/flow-flow-social-stream-xss.yaml
+++ b/vulnerabilities/wordpress/flow-flow-social-stream-xss.yaml
@ -8,9 +8,9 @@ info:
  reference:
    - https://wpscan.com/vulnerability/8354b34e-40f4-4b70-bb09-38e2cf572ce9
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  tags: xss,wordpress,wpscan
 requests:
--- a/vulnerabilities/wordpress/members-list-xss.yaml
+++ b/vulnerabilities/wordpress/members-list-xss.yaml
@ -8,9 +8,9 @@ info:
  reference:
    - https://wpscan.com/vulnerability/d13f26f0-5d91-49d7-b514-1577d4247648
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  tags: wp,wordpress,wp-plugin,xss,wpscan
 requests:
--- a/vulnerabilities/wordpress/modula-image-gallery-xss.yaml
+++ b/vulnerabilities/wordpress/modula-image-gallery-xss.yaml
@ -11,9 +11,9 @@ info:
  metadata:
    verified: true
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  tags: authenticated,wpscan,wp-plugin,xss,wp,wordpress
 requests:
--- a/vulnerabilities/wordpress/new-user-approve-xss.yaml
+++ b/vulnerabilities/wordpress/new-user-approve-xss.yaml
@ -11,9 +11,9 @@ info:
  metadata:
    verified: true
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  tags: wordpress,xss,authenticated,wp-plugin,wpscan,wp
 requests:
--- a/vulnerabilities/wordpress/sassy-social-share.yaml
+++ b/vulnerabilities/wordpress/sassy-social-share.yaml
@ -9,9 +9,9 @@ info:
  reference:
    - https://wpscan.com/vulnerability/4631519b-2060-43a0-b69b-b3d7ed94c705
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  tags: xss,wp,wpscan,wordpress,wp-plugin,sassy
 requests:
--- a/vulnerabilities/wordpress/seo-redirection-xss.yaml
+++ b/vulnerabilities/wordpress/seo-redirection-xss.yaml
@ -10,9 +10,9 @@ info:
  reference:
    - https://wpscan.com/vulnerability/b694b9c0-a367-468c-99c2-6ba35bcf21ea
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  tags: wordpress,xss,wp-plugin,authenticated,wpscan
 requests:
--- a/vulnerabilities/wordpress/shortpixel-image-optimizer-xss.yaml
+++ b/vulnerabilities/wordpress/shortpixel-image-optimizer-xss.yaml
@ -11,9 +11,9 @@ info:
  metadata:
    verified: true
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  tags: shortpixel,authenticated,wpscan,xss,wp-plugin,wp,wordpress
 requests:
--- a/vulnerabilities/wordpress/woocommerce-pdf-invoices-xss.yaml
+++ b/vulnerabilities/wordpress/woocommerce-pdf-invoices-xss.yaml
@ -9,9 +9,9 @@ info:
    - https://wpscan.com/vulnerability/bc05dde0-98a2-46e3-b2c8-7bdc8c32394b
    - https://wordpress.org/plugins/woocommerce-pdf-invoices-packing-slips/
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  tags: xss,wp,wordpress,woocommerce,authenticated,wpscan,wp-plugin
 requests:
--- a/vulnerabilities/wordpress/wordpress-wordfence-waf-bypass-xss.yaml
+++ b/vulnerabilities/wordpress/wordpress-wordfence-waf-bypass-xss.yaml
@ -8,9 +8,9 @@ info:
  reference:
    - https://twitter.com/naglinagli/status/1382082473744564226
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  tags: wordpress,wordfence,xss,bypass
 requests:
--- a/vulnerabilities/wordpress/wordpress-wordfence-xss.yaml
+++ b/vulnerabilities/wordpress/wordpress-wordfence-xss.yaml
@ -6,9 +6,9 @@ info:
  severity: medium
  description: WordPress Wordfence 7.4.6 is vulnerable to cross-site scripting.
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  tags: wordpress,wp-plugin,xss,wordfence
 requests:
--- a/vulnerabilities/wordpress/wordpress-zebra-form-xss.yaml
+++ b/vulnerabilities/wordpress/wordpress-zebra-form-xss.yaml
@ -10,9 +10,9 @@ info:
    - https://blog.wpscan.com/2021/02/15/zebra-form-xss-wordpress-vulnerability-affects-multiple-plugins.html
    - https://wpscan.com/vulnerability/e4b796fa-3215-43ff-a6aa-71f6e1db25e5
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  tags: wordpress,xss,wp,wpscan
 requests:
--- a/vulnerabilities/wordpress/wp-all-export-xss.yaml
+++ b/vulnerabilities/wordpress/wp-all-export-xss.yaml
@ -10,9 +10,9 @@ info:
  reference:
    - https://wpscan.com/vulnerability/de330a59-d64d-40be-86df-98997949e5e4
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  tags: wp-plugin,xss,wp,wordpress,authenticated,wpscan
 requests:
--- a/vulnerabilities/wordpress/wp-ambience-xss.yaml
+++ b/vulnerabilities/wordpress/wp-ambience-xss.yaml
@ -10,9 +10,9 @@ info:
    - https://www.exploit-db.com/expl oits/38568
    - https://wpscan.com/vulnerability/c465e5c1-fe43-40e9-894a-97b8ac462381
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  tags: wp-plugin,wp,edb,wpscan,wordpress,xss
 requests:
--- a/vulnerabilities/wordpress/wp-code-snippets-xss.yaml
+++ b/vulnerabilities/wordpress/wp-code-snippets-xss.yaml
@ -8,9 +8,9 @@ info:
  reference:
    - https://www.securify.nl/en/advisory/cross-site-scripting-in-code-snippets-wordpress-plugin/
  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
+    cvss-score: 5.4
-    cwe-id: CWE-79
+    cwe-id: CWE-80
  tags: wordpress,xss,wp-plugin,authenticated
 requests: