From b32eac85b177d49cbe7c7a2c6b8e00b99610c720 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Tue, 25 May 2021 14:35:41 +0300 Subject: [PATCH 1/2] Give description --- vulnerabilities/other/kafdrop-xss.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/kafdrop-xss.yaml b/vulnerabilities/other/kafdrop-xss.yaml index 4f1d87554f..e7061938bd 100644 --- a/vulnerabilities/other/kafdrop-xss.yaml +++ b/vulnerabilities/other/kafdrop-xss.yaml @@ -5,6 +5,7 @@ info: author: dhiyaneshDk severity: medium tags: kafdrop,xss + description: A vulnerability in KafDrop allows remote unauthenticated attackers to inject arbitrary HTML and/or Javascript into the response returned by the server. reference: https://github.com/HomeAdvisor/Kafdrop/issues/12 requests: From e3f42066bfd16ec5d708dedad601340b8cd21d37 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Wed, 2 Jun 2021 09:39:35 +0300 Subject: [PATCH 2/2] Spelling --- cves/2020/CVE-2020-36112.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2020/CVE-2020-36112.yaml b/cves/2020/CVE-2020-36112.yaml index 4969235916..142c4a081a 100644 --- a/cves/2020/CVE-2020-36112.yaml +++ b/cves/2020/CVE-2020-36112.yaml @@ -3,7 +3,7 @@ id: CVE-2020-36112 info: name: CSE Bookstore 1.0 SQL Injection author: geeknik - description: CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php. A successfull exploitation of this vulnerability will lead to an attacker dumping the entire database. + description: CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database. reference: | - https://www.exploit-db.com/exploits/49314 - https://www.tenable.com/cve/CVE-2020-36112