diff --git a/cnvd/2020/CNVD-2020-23735.yaml b/cnvd/2020/CNVD-2020-23735.yaml index 85600bc9d1..9e16be213b 100644 --- a/cnvd/2020/CNVD-2020-23735.yaml +++ b/cnvd/2020/CNVD-2020-23735.yaml @@ -3,7 +3,7 @@ id: CNVD-2020-23735 info: name: Xxunchi CMS - Local File Inclusion author: princechaddha - severity: medium + severity: high description: Xunyou CMS is vulnerable to local file inclusion. Attackers can use vulnerabilities to obtain sensitive information. reference: - https://www.cnvd.org.cn/flaw/show/2025171 diff --git a/cnvd/2021/CNVD-2021-30167.yaml b/cnvd/2021/CNVD-2021-30167.yaml index 54c8b5fe38..393622560e 100644 --- a/cnvd/2021/CNVD-2021-30167.yaml +++ b/cnvd/2021/CNVD-2021-30167.yaml @@ -3,7 +3,7 @@ id: CNVD-2021-30167 info: name: UFIDA NC BeanShell Remote Command Execution author: pikpikcu - severity: high + severity: critical description: UFIDA NC BeanShell contains a remote command execution vulnerability in the bsh.servlet.BshServlet program. reference: - https://mp.weixin.qq.com/s/FvqC1I_G14AEQNztU0zn8A diff --git a/cves/2014/CVE-2014-8682.yaml b/cves/2014/CVE-2014-8682.yaml index 7625f0fcd2..eecb69f728 100644 --- a/cves/2014/CVE-2014-8682.yaml +++ b/cves/2014/CVE-2014-8682.yaml @@ -3,7 +3,7 @@ id: CVE-2014-8682 info: name: Gogs (Go Git Service) - SQL Injection author: dhiyaneshDK,daffainfo - severity: high + severity: critical description: Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go. reference: - https://nvd.nist.gov/vuln/detail/CVE-2014-8682 diff --git a/cves/2021/CVE-2021-25075.yaml b/cves/2021/CVE-2021-25075.yaml index 60e56e87c7..8df4002a3e 100644 --- a/cves/2021/CVE-2021-25075.yaml +++ b/cves/2021/CVE-2021-25075.yaml @@ -3,7 +3,7 @@ id: CVE-2021-25075 info: name: WordPress Duplicate Page or Post <1.5.1 - Cross-Site Scripting author: DhiyaneshDK - severity: low + severity: high description: | WordPress Duplicate Page or Post plugin before 1.5.1 contains a stored cross-site scripting vulnerability. The plugin does not have any authorization and has a flawed cross-site request forgery check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing unauthenticated users to call it and change the plugin's settings, or perform such attack via cross-site request forgery. remediation: Fixed in version 1.5.1. @@ -12,10 +12,9 @@ info: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25075 - https://nvd.nist.gov/vuln/detail/CVE-2021-25075 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N - cvss-score: 3.50 - cve-id: CVE-2021-25075 - cwe-id: CWE-862 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N + cvss-score: 7.2 + cwe-id: CWE-79 tags: wpscan,cve,cve2021,wordpress,xss,wp-plugin,authenticated requests: diff --git a/default-logins/minio/minio-default-login.yaml b/default-logins/minio/minio-default-login.yaml index 9dce961de7..62b74d889d 100644 --- a/default-logins/minio/minio-default-login.yaml +++ b/default-logins/minio/minio-default-login.yaml @@ -3,7 +3,7 @@ id: minio-default-login info: name: Minio Default Login author: pikpikcu - severity: medium + severity: high description: Minio default admin credentials were discovered. reference: - https://docs.min.io/docs/minio-quickstart-guide.html# diff --git a/default-logins/ofbiz/ofbiz-default-login.yaml b/default-logins/ofbiz/ofbiz-default-login.yaml index 11a9d6b80f..ee563306b5 100644 --- a/default-logins/ofbiz/ofbiz-default-login.yaml +++ b/default-logins/ofbiz/ofbiz-default-login.yaml @@ -3,7 +3,7 @@ id: ofbiz-default-login info: name: Apache OfBiz Default Login author: pdteam - severity: medium + severity: high description: Apache OfBiz default admin credentials were discovered. reference: - https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Technical+Production+Setup+Guide diff --git a/exposed-panels/airflow-panel.yaml b/exposed-panels/airflow-panel.yaml index 1df0b6c38b..b26647d5a5 100644 --- a/exposed-panels/airflow-panel.yaml +++ b/exposed-panels/airflow-panel.yaml @@ -8,9 +8,8 @@ info: reference: - https://airflow.apache.org/docs/apache-airflow/stable/security/webserver.html classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L - cvss-score: 8.3 - cwe-id: CWE-522 + cvss-score: 0.0 + cwe-id: CWE-668 metadata: shodan-query: title:"Sign In - Airflow" tags: panel,apache,airflow,admin diff --git a/exposed-panels/ambari-exposure.yaml b/exposed-panels/ambari-exposure.yaml index a420d84dba..98dfcf442c 100644 --- a/exposed-panels/ambari-exposure.yaml +++ b/exposed-panels/ambari-exposure.yaml @@ -3,12 +3,11 @@ id: ambari-exposure info: name: Apache Ambari Exposure Admin Login Panel author: pdteam - severity: medium + severity: info description: An Apache Ambari panel was discovered. classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 - cwe-id: CWE-200 + cvss-score: 0.0 + cwe-id: CWE-668 tags: panel,apache,ambari,exposure requests: diff --git a/exposed-panels/avantfax-panel.yaml b/exposed-panels/avantfax-panel.yaml index 7694287813..7a968e7b6a 100644 --- a/exposed-panels/avantfax-panel.yaml +++ b/exposed-panels/avantfax-panel.yaml @@ -8,9 +8,8 @@ info: reference: - http://www.avantfax.com/ classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 - cwe-id: CWE-200 + cvss-score: 0.0 + cwe-id: CWE-668 metadata: shodan-query: http.title:"AvantFAX - Login" tags: panel,avantfax,login diff --git a/exposed-panels/codemeter-webadmin-panel.yaml b/exposed-panels/codemeter-webadmin-panel.yaml index 6bee96ae0f..3b8b0e48a5 100644 --- a/exposed-panels/codemeter-webadmin-panel.yaml +++ b/exposed-panels/codemeter-webadmin-panel.yaml @@ -3,12 +3,11 @@ id: codemeter-webadmin-panel info: name: CodeMeter - WebAdmin Panel Access author: Techryptic (@Tech) - severity: high + severity: info description: CodeMeter WebAdmin panel was accessed. classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 - cwe-id: CWE-200 + cvss-score: 0.0 + cwe-id: CWE-668 tags: codemeter,webadmin,panel requests: diff --git a/exposed-panels/epson-access-detect.yaml b/exposed-panels/epson-access-detect.yaml index 2306c2dc1d..b7192cffca 100644 --- a/exposed-panels/epson-access-detect.yaml +++ b/exposed-panels/epson-access-detect.yaml @@ -3,16 +3,14 @@ id: epson-access-detect info: name: Epson Device Unauthorized Access Detect author: pussycat0x - severity: medium + severity: info description: A publicly available Epson device panel (printer, scanner, etc.) was detected. reference: - https://www.exploit-db.com/ghdb/6922 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N - cvss-score: 5.8 - cwe-id: CWE-522 + cvss-score: 0.0 + cwe-id: CWE-668 tags: iot,printer,panel,unauth,epson,edb - requests: - method: GET path: diff --git a/exposed-panels/open-virtualization-manager-panel.yaml b/exposed-panels/open-virtualization-manager-panel.yaml index cc81a65f2c..3860db4d63 100644 --- a/exposed-panels/open-virtualization-manager-panel.yaml +++ b/exposed-panels/open-virtualization-manager-panel.yaml @@ -4,15 +4,13 @@ info: name: Open Virtualization Userportal & Webadmin Panel Detection author: idealphase severity: info - description: Open Virtualization Userportal & Webadmin panels were detected. Open Virtualization Manager is an open-source distributed virtualization solution designed to manage enterprise infrastructure. oVirt - uses the trusted KVM hypervisor and is built upon several other community projects, including libvirt, Gluster, PatternFly, and Ansible. + description: Open Virtualization Userportal & Webadmin panels were detected. Open Virtualization Manager is an open-source distributed virtualization solution designed to manage enterprise infrastructure. oVirt uses the trusted KVM hypervisor and is built upon several other community projects, including libvirt, Gluster, PatternFly, and Ansible. reference: - https://www.ovirt.org/ - https://www.ovirt.org/dropped/admin-guide/virt/console-client-resources.html classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 - cwe-id: CWE-200 + cvss-score: 0.0 + cwe-id: CWE-668 metadata: shodan-query: title:"Ovirt-Engine" google-query: intitle:"Ovirt-Engine" diff --git a/exposed-panels/qnap/qnap-qts-panel.yaml b/exposed-panels/qnap/qnap-qts-panel.yaml index 908a557c53..e528828dff 100644 --- a/exposed-panels/qnap/qnap-qts-panel.yaml +++ b/exposed-panels/qnap/qnap-qts-panel.yaml @@ -12,7 +12,6 @@ info: verified: true shodan-query: product:"QNAP" classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0.0 cwe-id: CWE-200 tags: panel,qnap,qts diff --git a/exposed-panels/sicom-panel.yaml b/exposed-panels/sicom-panel.yaml index d433150558..c9f5943613 100644 --- a/exposed-panels/sicom-panel.yaml +++ b/exposed-panels/sicom-panel.yaml @@ -3,12 +3,11 @@ id: sicom-mgrng-login info: name: Sicom MGRNG - Administrative Login Found author: sullo - severity: low + severity: info description: | Sicom MGRNG administrative login page found. classification: - cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 3.7 + cvss-score: 0.0 cwe-id: CWE-668 tags: sicom,mgrng,panel diff --git a/exposed-panels/tenda-11n-wireless-router-login.yaml b/exposed-panels/tenda-11n-wireless-router-login.yaml index eb996dfe7f..b6bf46490b 100644 --- a/exposed-panels/tenda-11n-wireless-router-login.yaml +++ b/exposed-panels/tenda-11n-wireless-router-login.yaml @@ -12,9 +12,8 @@ info: shodan-query: http.title:"Tenda 11N Wireless Router Login Screen" google-query: intitle:"Tenda 11N Wireless Router Login Screen" classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0.0 - cwe-id: CWE-419 + cwe-id: CWE-668 tags: panel,tenda requests: diff --git a/misconfiguration/teamcity/teamcity-guest-login-enabled.yaml b/misconfiguration/teamcity/teamcity-guest-login-enabled.yaml index c0847935b8..00b2622df5 100644 --- a/misconfiguration/teamcity/teamcity-guest-login-enabled.yaml +++ b/misconfiguration/teamcity/teamcity-guest-login-enabled.yaml @@ -3,7 +3,7 @@ id: teamcity-guest-login-enabled info: name: JetBrains TeamCity - Guest User Access Enabled author: Ph33r - severity: info + severity: high description: | TeamCity provides the ability to turn on the guest login allowing anonymous access to the TeamCity UI. reference: diff --git a/technologies/elfinder-detect.yaml b/technologies/elfinder-detect.yaml index fba367aa81..f17f947c6f 100644 --- a/technologies/elfinder-detect.yaml +++ b/technologies/elfinder-detect.yaml @@ -6,7 +6,6 @@ info: description: An elFinder implementation was discovered. severity: info classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0.0 cwe-id: CWE-200 tags: tech,elfinder diff --git a/vulnerabilities/ibm/ibm-infoprint-lfi.yaml b/vulnerabilities/ibm/ibm-infoprint-lfi.yaml index dcaec35523..eea7046472 100644 --- a/vulnerabilities/ibm/ibm-infoprint-lfi.yaml +++ b/vulnerabilities/ibm/ibm-infoprint-lfi.yaml @@ -3,7 +3,7 @@ id: ibm-infoprint-lfi info: name: IBM InfoPrint 4247-Z03 Impact Matrix Printer - Local File Inclusion author: harshbothra_ - severity: medium + severity: high description: IBM InfoPrint 4247-Z03 Impact Matrix Printer is subject to local file inclusion. reference: - https://www.exploit-db.com/exploits/47835 diff --git a/vulnerabilities/other/carel-bacnet-gateway-traversal.yaml b/vulnerabilities/other/carel-bacnet-gateway-traversal.yaml index 8c81ff641e..f7b252cac6 100644 --- a/vulnerabilities/other/carel-bacnet-gateway-traversal.yaml +++ b/vulnerabilities/other/carel-bacnet-gateway-traversal.yaml @@ -3,7 +3,7 @@ id: carel-bacnet-gateway-traversal info: name: Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Local File Inclusion author: gy741 - severity: medium + severity: high description: Carel pCOWeb HVAC BACnet Gateway 2.1.0 is vulnerable to local file inclusion because of input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks. reference: - https://www.zeroscience.mk/codes/carelpco_dir.txt diff --git a/vulnerabilities/other/finereport-path-traversal.yaml b/vulnerabilities/other/finereport-path-traversal.yaml index 771a0814bb..57bf30e643 100644 --- a/vulnerabilities/other/finereport-path-traversal.yaml +++ b/vulnerabilities/other/finereport-path-traversal.yaml @@ -3,7 +3,7 @@ id: finereport-path-traversal info: name: FineReport 8.0 - Local File Inclusion author: pikpikcu - severity: medium + severity: high description: FIneReport 8.0 is vulnerable to local file inclusion. reference: - http://foreversong.cn/archives/1378 diff --git a/vulnerabilities/other/geovision-geowebserver-xss.yaml b/vulnerabilities/other/geovision-geowebserver-xss.yaml index bf990d4e54..4e1c478d4d 100644 --- a/vulnerabilities/other/geovision-geowebserver-xss.yaml +++ b/vulnerabilities/other/geovision-geowebserver-xss.yaml @@ -3,7 +3,7 @@ id: geowebserver-xss info: name: GeoVision Geowebserver 5.3.3 - Cross-Site Scripting author: madrobot - severity: medium + severity: high description: GeoVision Geowebserver 5.3.3 and prior versions are vulnerable to several cross-site scripting / HTML injection / local file inclusion / XML injection / code execution vectors because the application fails to properly sanitize user requests. reference: - https://packetstormsecurity.com/files/163860/geovisiongws533-lfixssxsrfexec.txt diff --git a/vulnerabilities/other/hjtcloud-rest-arbitrary-file-read.yaml b/vulnerabilities/other/hjtcloud-rest-arbitrary-file-read.yaml index 28bfe9a282..8d4ac191b0 100644 --- a/vulnerabilities/other/hjtcloud-rest-arbitrary-file-read.yaml +++ b/vulnerabilities/other/hjtcloud-rest-arbitrary-file-read.yaml @@ -3,7 +3,7 @@ id: hjtcloud-rest-arbitrary-file-read info: name: HJTcloud - Local File Inclusion author: pikpikcu - severity: low + severity: high description: HJTcloud is vulnerable to local file inclusion. reference: - https://mp.weixin.qq.com/s/w2pkj5ADN7b5uxe-wmfGbw diff --git a/vulnerabilities/other/kingdee-eas-directory-traversal.yaml b/vulnerabilities/other/kingdee-eas-directory-traversal.yaml index 8709cf27e9..9ccdb3d2ec 100644 --- a/vulnerabilities/other/kingdee-eas-directory-traversal.yaml +++ b/vulnerabilities/other/kingdee-eas-directory-traversal.yaml @@ -3,7 +3,7 @@ id: kingdee-eas-directory-traversal info: name: Kingdee EAS - Local File Inclusion author: ritikchaddha - severity: medium + severity: high description: Kingdee EAS OA server_file is vulnerable to local file inclusion and can allow attackers to obtain sensitive server information. reference: - https://github.com/nu0l/poc-wiki/blob/main/%E9%87%91%E8%9D%B6OA%20server_file%20%E7%9B%AE%E5%BD%95%E9%81%8D%E5%8E%86%E6%BC%8F%E6%B4%9E.md diff --git a/vulnerabilities/other/magicflow-lfi.yaml b/vulnerabilities/other/magicflow-lfi.yaml index 967a0ce414..2c736182ae 100644 --- a/vulnerabilities/other/magicflow-lfi.yaml +++ b/vulnerabilities/other/magicflow-lfi.yaml @@ -3,7 +3,7 @@ id: magicflow-lfi info: name: MagicFlow - Local File Inclusion author: gy741 - severity: critical + severity: high description: | MagicFlow is susceptible to local file inclusion vulnerabilities because it allows remote unauthenticated users to access locally stored files on the server and return their content via the '/msa/main.xp' endpoint and the 'Fun' parameter. reference: diff --git a/vulnerabilities/other/nginx-merge-slashes-path-traversal.yaml b/vulnerabilities/other/nginx-merge-slashes-path-traversal.yaml index 9e21a3e279..221fba80c2 100644 --- a/vulnerabilities/other/nginx-merge-slashes-path-traversal.yaml +++ b/vulnerabilities/other/nginx-merge-slashes-path-traversal.yaml @@ -3,7 +3,7 @@ id: nginx-merge-slashes-path-traversal info: name: Nginx Server - Local File Inclusion author: dhiyaneshDk - severity: medium + severity: high description: Nginx server is vulnerable to local file inclusion. reference: - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/nginx-merge-slashes-path-traversal.json diff --git a/vulnerabilities/other/pmb-directory-traversal.yaml b/vulnerabilities/other/pmb-directory-traversal.yaml index 44806eb192..ef410b4187 100644 --- a/vulnerabilities/other/pmb-directory-traversal.yaml +++ b/vulnerabilities/other/pmb-directory-traversal.yaml @@ -3,7 +3,7 @@ id: pmb-directory-traversal info: name: PMB 5.6 - Local File Inclusion author: geeknik - severity: medium + severity: high description: PMB 5.6 is vulnerable to local file inclusion because the PMB Gif Image is not sanitizing the content of the 'chemin' parameter. reference: - https://packetstormsecurity.com/files/160072/PMB-5.6-Local-File-Disclosure-Directory-Traversal.html diff --git a/vulnerabilities/other/symantec-messaging-gateway.yaml b/vulnerabilities/other/symantec-messaging-gateway.yaml index 7907c60241..5e32b82103 100644 --- a/vulnerabilities/other/symantec-messaging-gateway.yaml +++ b/vulnerabilities/other/symantec-messaging-gateway.yaml @@ -3,7 +3,7 @@ id: symantec-messaging-gateway info: name: Symantec Messaging Gateway <=10.6.1 - Local File Inclusion author: Random_Robbie - severity: medium + severity: high description: Symantec Messaging Gateway 10.6.1 and prior are vulnerable to local file inclusion. classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N diff --git a/vulnerabilities/other/unauth-spark-api.yaml b/vulnerabilities/other/unauth-spark-api.yaml index 504318c39a..75db17c1cf 100644 --- a/vulnerabilities/other/unauth-spark-api.yaml +++ b/vulnerabilities/other/unauth-spark-api.yaml @@ -3,7 +3,7 @@ id: unauth-spark-api info: name: Unauthenticated Spark REST API author: princechaddha - severity: medium + severity: critical description: The Spark product's REST API interface allows access to unauthenticated users. reference: - https://xz.aliyun.com/t/2490 diff --git a/vulnerabilities/simplecrm/simple-crm-sql-injection.yaml b/vulnerabilities/simplecrm/simple-crm-sql-injection.yaml index e77186f32d..4d25d0af0d 100644 --- a/vulnerabilities/simplecrm/simple-crm-sql-injection.yaml +++ b/vulnerabilities/simplecrm/simple-crm-sql-injection.yaml @@ -3,7 +3,7 @@ id: simple-crm-sql-injection info: name: Simple CRM 3.0 SQL Injection and Authentication Bypass author: geeknik - severity: high + severity: critical description: Simple CRM 3.0 is susceptible to SQL injection and authentication bypass vulnerabilities. reference: - https://packetstormsecurity.com/files/163254/simplecrm30-sql.txt diff --git a/vulnerabilities/weaver/ecology/ecology-filedownload-directory-traversal.yaml b/vulnerabilities/weaver/ecology/ecology-filedownload-directory-traversal.yaml index 7bd4b239c2..68a90fbf88 100644 --- a/vulnerabilities/weaver/ecology/ecology-filedownload-directory-traversal.yaml +++ b/vulnerabilities/weaver/ecology/ecology-filedownload-directory-traversal.yaml @@ -3,7 +3,7 @@ id: ecology-filedownload-directory-traversal info: name: Ecology - Local File Inclusion author: princechaddha - severity: medium + severity: high description: Ecology is vulnerable to local file inclusion. metadata: fofa-query: app="泛微-协同办公OA" diff --git a/vulnerabilities/weaver/ecology/ecology-springframework-directory-traversal.yaml b/vulnerabilities/weaver/ecology/ecology-springframework-directory-traversal.yaml index a61d6e876e..a40b3eee7c 100644 --- a/vulnerabilities/weaver/ecology/ecology-springframework-directory-traversal.yaml +++ b/vulnerabilities/weaver/ecology/ecology-springframework-directory-traversal.yaml @@ -3,7 +3,7 @@ id: ecology-springframework-directory-traversal info: name: Ecology Springframework - Local File Inclusion author: princechaddha - severity: medium + severity: high description: Ecology Springframework is vulnerable to local file inclusion. classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N diff --git a/vulnerabilities/wordpress/my-chatbot-xss.yaml b/vulnerabilities/wordpress/my-chatbot-xss.yaml index 1640b233d8..07494846d3 100644 --- a/vulnerabilities/wordpress/my-chatbot-xss.yaml +++ b/vulnerabilities/wordpress/my-chatbot-xss.yaml @@ -3,7 +3,7 @@ id: my-chatbot-xss info: name: WordPress My Chatbot <= 1.1 - Reflected Cross-Site Scripting author: dhiyaneshDk - severity: medium + severity: high description: WordPress My Chatbot <= 1.1 is susceptible to cross-site scripting. The plugin does not sanitize or escape its tab parameter in the Settings page before outputting it back in an attribute. reference: - https://wpscan.com/vulnerability/c0b6f63b-95d1-4782-9554-975d6d7bbd3d diff --git a/vulnerabilities/wordpress/wp-socialfit-xss.yaml b/vulnerabilities/wordpress/wp-socialfit-xss.yaml index 3b6b2ad8b8..0ee001dd39 100644 --- a/vulnerabilities/wordpress/wp-socialfit-xss.yaml +++ b/vulnerabilities/wordpress/wp-socialfit-xss.yaml @@ -3,7 +3,7 @@ id: wp-socialfit-xss info: name: WordPress SocialFit - Cross-Site Scripting author: daffainfo - severity: medium + severity: high description: | WordPress SocialFit is vulnerable to a cross-site scripting vulnerability via the 'msg' parameter because it fails to properly sanitize user-supplied input. reference: