Enhancement: cves/2021/CVE-2021-45380.yaml by mp

2022-02-28 16:47:40 -05:00 · 2022-02-28 16:47:40 -05:00 · 390fe3b65f
parent 9e84dd3d67
commit 390fe3b65f
8 changed files with 6 additions and 11 deletions
--- a/cves/2004/CVE-2004-0519.yaml
+++ b/cves/2004/CVE-2004-0519.yaml
@ -35,5 +35,3 @@ requests:
          - "text/html"

 # Enhanced by mp on 2022/01/27
-
-# Enhanced by mp on 2022/01/27
--- a/cves/2021/CVE-2021-1497.yaml
+++ b/cves/2021/CVE-2021-1497.yaml
@ -43,6 +43,5 @@ requests:
        part: interactsh_protocol  # Confirms the HTTP Interaction
        words:
          - "http"
-# Enhanced by cs on 2022/02/14

 # Enhanced by cs on 2022/02/16
--- a/cves/2021/CVE-2021-42237.yaml
+++ b/cves/2021/CVE-2021-42237.yaml
@ -119,5 +119,3 @@ requests:
          - "System.ArgumentNullException"

 # Enhanced by mp on 2022/02/08
-
-# Enhanced by mp on 2022/02/27
--- a/cves/2021/CVE-2021-45380.yaml
+++ b/cves/2021/CVE-2021-45380.yaml
@ -1,10 +1,10 @@
 id: CVE-2021-45380

 info:
-  name: AppCMS - Reflected Cross-Site Scripting 
+  name: AppCMS - Reflected Cross-Site Scripting
  author: pikpikcu
  severity: medium
-  description: AppCMS 2.0.101 has a cross-site scripting vulnerability in \templates\m\inc_head.php
+  description: AppCMS 2.0.101 has a cross-site scripting vulnerability in \templates\m\inc_head.php.
  reference:
    - https://github.com/source-trace/appcms/issues/8
    - https://nvd.nist.gov/vuln/detail/CVE-2021-45380
--- a/cves/2022/CVE-2022-0149.yaml
+++ b/cves/2022/CVE-2022-0149.yaml
@ -5,7 +5,7 @@ info:
  author: dhiyaneshDk
  severity: medium
  description: The plugin was affected by a reflected cross-site scripting vulnerability in the woo_ce admin page.
-  reference: 
+  reference:
    - https://wpscan.com/vulnerability/e47c288a-2ea3-4926-93cc-113867cbc77c
    - https://nvd.nist.gov/vuln/detail/CVE-2022-0149
  classification:
--- a/cves/2022/CVE-2022-0378.yaml
+++ b/cves/2022/CVE-2022-0378.yaml
@ -1,7 +1,7 @@
 id: CVE-2022-0378

 info:
-  name: Microweber Reflected Cross-Site Scripting 
+  name: Microweber Reflected Cross-Site Scripting
  author: pikpikcu
  severity: medium
  description: Microweber contains a reflected cross-site scripting in Packagist microweber/microweber prior to 1.2.11.
--- a/cves/2022/CVE-2022-0432.yaml
+++ b/cves/2022/CVE-2022-0432.yaml
@ -4,7 +4,7 @@ info:
  name: Mastodon Prototype Pollution Vulnerability
  author: pikpikcu
  severity: medium
-  description: The GitHub repository mastodon/mastodon prior to 3.5.0 contains a Prototype Pollution vulnerability. 
+  description: The GitHub repository mastodon/mastodon prior to 3.5.0 contains a Prototype Pollution vulnerability.
  reference:
    - https://github.com/mastodon/mastodon/commit/4d6d4b43c6186a13e67b92eaf70fe1b70ea24a09
    - https://drive.google.com/file/d/1vpZ0CcmFhTEUasLTPUBf8o-4l7G6ojtG/view
--- a/cves/2022/CVE-2022-0653.yaml
+++ b/cves/2022/CVE-2022-0653.yaml
@ -9,7 +9,7 @@ info:
    - https://www.wordfence.com/blog/2022/02/reflected-cross-site-scripting-vulnerability-patched-in-wordpress-profile-builder-plugin/
  tags: cve,cve2022,wordpress,xss,wp-plugin
  description: "The Profile Builder User Profile & User Registration Forms WordPress plugin is vulnerable to cross-site scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1.\n\n."
-  remediation: Upgrade to version 3.6.5 or later. 
+  remediation: Upgrade to version 3.6.5 or later.
  classification:
    cve-id: CVE-2022-0653