daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Dashboard Content Enhancements (#5372) 

Dashboard Content Enhancements
patch-1
MostInterestingBotInTheWorld 2022-09-16 15:50:10 -04:00 committed by GitHub
parent 4b681e54c0
commit 3bc2e26e40
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
66 changed files with 604 additions and 420 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cves/2008/CVE-2008-1059.yaml
View File

@ -12,10 +12,10 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2008-1059
- https://web.archive.org/web/20090615225856/http://secunia.com/advisories/29099/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2008-1061
cwe-id: CWE-22
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2008-1059
tags: lfi,cve,cve2008,wordpress,wp-plugin,wp,sniplets,edb,wpscan
requests:

6
cves/2008/CVE-2008-1061.yaml
View File

@ -3,15 +3,17 @@ id: CVE-2008-1061
info:
name: WordPress Sniplets <=1.2.2 - Cross-Site Scripting
author: dhiyaneshDK
severity: medium
severity: high
description: |
WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php.
reference:
- https://www.exploit-db.com/exploits/5194
- https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881
- https://nvd.nist.gov/vuln/detail/CVE-2008-1061
- http://secunia.com/advisories/29099
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2008-1061
tags: xss,wp-plugin,wp,edb,wpscan,cve,cve2008,wordpress,sniplets

16
cves/2014/CVE-2014-8676.yaml
View File

@ -1,21 +1,21 @@
id: CVE-2014-8676
info:
name: Simple Online Planning Tool 1.3.2 - Directory Traversal
name: Simple Online Planning Tool <1.3.2 - Local File Inclusion
author: 0x_Akoko
severity: medium
severity: high
description: |
Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.
SOPlanning <1.32 contain a directory traversal in the file_get_contents function via a .. (dot dot) in the fichier parameter.
reference:
- https://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html
- https://nvd.nist.gov/vuln/detail/CVE-2014-8676
- https://www.exploit-db.com/exploits/37604/
- http://seclists.org/fulldisclosure/2015/Jul/44
- https://nvd.nist.gov/vuln/detail/CVE-2014-8676
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2014-8676
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
cve-id: CVE-2014-8676
tags: packetstorm,edb,seclists,cve,cve2014,soplanning,lfi
requests:
@ -32,3 +32,5 @@ requests:
- type: status
status:
- 200
# Enhanced by cs on 2022/09/09

85
cves/2018/CVE-2018-16139.yaml
View File

@ -1,42 +1,43 @@
id: CVE-2018-16139
info:
name: BIBLIOsoft BIBLIOpac 2008 - Cross Site Scripting
author: atomiczsec
severity: medium
description: |
Cross-site scripting (XSS) vulnerability in BIBLIOsoft BIBLIOpac 2008 allows remote attackers to inject arbitrary web script or HTML via the db or action parameter to to bin/wxis.exe/bibliopac/.
reference:
- https://www.0x90.zone/web/xss/2019/02/01/XSS-Bibliosoft.html
- https://nvd.nist.gov/vuln/detail/CVE-2018-16139
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16139
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2018-16139
cwe-id: CWE-79
metadata:
verified: true
shodan-query: title:"Bibliopac"
tags: cve,cve2018,xss,bibliopac,bibliosoft
requests:
- method: GET
path:
- '{{BaseURL}}/bibliopac/bin/wxis.exe/bibliopac/?IsisScript=bibliopac/bin/bibliopac.xic&db="><script>prompt(document.domain)</script>'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"><script>prompt(document.domain)</script>.xrf'
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
id: CVE-2018-16139
info:
name: BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting
author: atomiczsec
severity: high
description: |
BIBLIOsoft BIBLIOpac 2008 contains a cross-site scripting vulnerability via the db or action parameter to bin/wxis.exe/bibliopac/, which allows a remote attacker to inject arbitrary web script or HTML.
reference:
- https://www.0x90.zone/web/xss/2019/02/01/XSS-Bibliosoft.html
- https://nvd.nist.gov/vuln/detail/CVE-2018-16139
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2018-16139
metadata:
verified: true
shodan-query: title:"Bibliopac"
tags: cve,cve2018,xss,bibliopac,bibliosoft
requests:
- method: GET
path:
- '{{BaseURL}}/bibliopac/bin/wxis.exe/bibliopac/?IsisScript=bibliopac/bin/bibliopac.xic&db="><script>prompt(document.domain)</script>'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"><script>prompt(document.domain)</script>.xrf'
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

16
cves/2020/CVE-2020-13258.yaml
View File

@ -1,19 +1,19 @@
id: CVE-2020-13258
info:
name: Contentful - Cross-Site Scripting
name: Contentful <=2020-05-21 - Cross-Site Scripting
author: pikpikcu
severity: medium
severity: high
description: |
Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter to the-example-app.py.
Contentful through 2020-05-21 for Python contains a reflected cross-site scripting vulnerability via the api parameter to the-example-app.py.
reference:
- https://github.com/contentful/the-example-app.py/issues/44
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000140
- https://nvd.nist.gov/vuln/detail/CVE-2020-13258
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2020-13258
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2020-13258
tags: cve,cve2020,contentful,xss
requests:
@ -38,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

15
cves/2020/CVE-2020-13483.yaml
View File

@ -1,18 +1,19 @@
id: CVE-2020-13483
info:
name: Bitrix24 through 20.0.0 allows Cross-Site Scripting
name: Bitrix24 <=20.0.0 - Cross-Site Scripting
author: pikpikcu,3th1c_yuk1
severity: medium
description: The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.
severity: high
description: The Web Application Firewall in Bitrix24 up to and including 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.
reference:
- https://gist.github.com/mariuszpoplwski/ca6258cf00c723184ebd2228ba81f558
- https://twitter.com/brutelogic/status/1483073170827628547
- https://nvd.nist.gov/vuln/detail/CVE-2020-13483
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2020-13483
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2020-13483
tags: cve,cve2020,xss,bitrix
requests:
@ -40,3 +41,5 @@ requests:
- type: status
status:
- 200
# Enhanced by cs 2022/09/14

16
cves/2021/CVE-2021-24276.yaml
View File

@ -1,19 +1,19 @@
id: CVE-2021-24276
info:
name: Contact Form by Supsystic < 1.7.15 - Cross-Site Scripting
name: WordPress Supsystic Contact Form <1.7.15 - Cross-Site Scripting
author: dhiyaneshDK
severity: medium
description: The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
severity: high
description: WordPress Supsystic Contact Form plugin before 1.7.15 contains a cross-site scripting vulnerability. It does not sanitize the tab parameter of its options page before outputting it in an attribute.
reference:
- https://wpscan.com/vulnerability/1301123c-5e63-432a-ab90-3221ca532d9c
- https://nvd.nist.gov/vuln/detail/CVE-2021-24276
- http://packetstormsecurity.com/files/164308/WordPress-Contact-Form-1.7.14-Cross-Site-Scripting.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-24276
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-24276
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2021-24276
tags: wordpress,cve,cve2021,wp-plugin,wpscan,packetstorm
requests:
@ -36,3 +36,5 @@ requests:
words:
- "text/html"
part: header
# Enhanced by mp on 2022/09/14

14
cves/2021/CVE-2021-24746.yaml
View File

@ -1,18 +1,18 @@
id: CVE-2021-24746
info:
name: WordPress Sassy Social Share Plugin - Cross-Site Scripting
name: WordPress Sassy Social Share Plugin <3.3.40 - Cross-Site Scripting
author: Supras
severity: medium
description: WP plugin Sassy Social Share < 3.3.40 - Reflected Cross-Site Scripting
severity: high
description: WordPress plugin Sassy Social Share < 3.3.40 contains a reflected cross-site scripting vulnerability.
reference:
- https://wpscan.com/vulnerability/99f4fb32-e312-4059-adaf-f4cbaa92d4fa
- https://nvd.nist.gov/vuln/detail/CVE-2021-24746
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-24746
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2021-24746
metadata:
google-query: inurl:"/wp-content/plugins/sassy-social-share"
tags: cve,cve2021,wordpress,wp-plugin,xss,wp,wpscan
@ -49,3 +49,5 @@ requests:
group: 1
regex:
- '"slug":"([_a-z-A-Z0-9]+)",'
# Enhanced by cs 2022/09/14

2
cves/2021/CVE-2021-46069.yaml
View File

@ -53,4 +53,4 @@ requests:
- 'contains(body_3, "<td>\"><script>alert(document.domain)</script></td>")'
condition: and
# Enhanced by mp 09/09/2022
# Enhanced by mp 2022/09/09

2
cves/2021/CVE-2021-46073.yaml
View File

@ -53,4 +53,4 @@ requests:
- 'contains(body_3, "<script>alert(document.domain)</script> Test</td>")'
condition: and
# Enhanced by mp 09/09/2022
# Enhanced by mp 2022/09/09

12
cves/2022/CVE-2022-0776.yaml
View File

@ -1,15 +1,19 @@
id: CVE-2022-0776
info:
name: RevealJS postMessage Cross-Site Scripting
name: RevealJS postMessage <4.3.0 - Cross-Site Scripting
author: LogicalHunter
severity: medium
description: Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0.
severity: high
description: RevealJS postMessage before 4.3.0 contains a cross-site scripting vulnerability via the document object model.
reference:
- https://hackerone.com/reports/691977
- https://github.com/hakimel/reveal.js/pull/3137
- https://huntr.dev/bounties/be2b7ee4-f487-42e1-874a-6bcc410e4001/
- https://nvd.nist.gov/vuln/detail/CVE-2022-0776
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-0776
tags: hackerone,huntr,cve,cve2022,headless,postmessage,revealjs
@ -32,3 +36,5 @@ headless:
part: extract
words:
- "true"
# Enhanced by mp on 2022/09/14

14
cves/2022/CVE-2022-0928.yaml
View File

@ -1,20 +1,20 @@
id: CVE-2022-0928
info:
name: Microweber - Cross-Site Scripting
name: Microweber <1.2.12 - Stored Cross-Site Scripting
author: amit-jd
severity: medium
severity: high
description: |
Cross-site Scripting (XSS) discovered in microweber prior to 1.2.12. Type parameter in the body of POST request triggered by add/edit tax in microweb are vulnerable to stored XSS.
Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability via the Type parameter in the body of POST request, which is triggered by Add/Edit Tax.
reference:
- https://huntr.dev/bounties/085aafdd-ba50-44c7-9650-fa573da29bcd
- https://github.com/microweber/microweber/commit/fc9137c031f7edec5f50d73b300919fb519c924a
- https://nvd.nist.gov/vuln/detail/CVE-2022-0928
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cve-id: CVE-2022-0928
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-0928
metadata:
verified: "true"
tags: authenticated,huntr,cve,cve2022,xss,microweber,cms
@ -53,3 +53,5 @@ requests:
- 'contains(all_headers_3,"text/html")'
- 'status_code==200'
condition: and
# Enhanced by mp on 2022/09/14

14
cves/2022/CVE-2022-0954.yaml
View File

@ -1,21 +1,21 @@
id: CVE-2022-0954
info:
name: Microweber - Cross-Site Scripting
name: Microweber <1.2.11 - Stored Cross-Site Scripting
author: amit-jd
severity: medium
severity: high
description: |
Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.
Microweber before 1.2.1 contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Autorespond E-mail Settings, and Payment Methods.
reference:
- https://github.com/advisories/GHSA-8c76-mxv5-w4g8
- https://huntr.dev/bounties/b99517c0-37fc-4efa-ab1a-3591da7f4d26/
- https://github.com/microweber/microweber/commit/955471c27e671c49e4b012e3b120b004082ac3f7
- https://nvd.nist.gov/vuln/detail/CVE-2022-0954
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cve-id: CVE-2022-0954
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-0954
metadata:
verified: "true"
tags: cve,cve2022,xss,microweber,huntr
@ -55,3 +55,5 @@ requests:
- 'contains(all_headers_3,"text/html")'
- 'status_code_3==200'
condition: and
# Enhanced by mp on 2022/09/14

16
cves/2022/CVE-2022-0963.yaml
View File

@ -1,21 +1,21 @@
id: CVE-2022-0963
info:
name: Microweber > 1.2.12 - Cross-Site Scripting
name: Microweber <1.2.12 - Stored Cross-Site Scripting
author: amit-jd
severity: medium
severity: high
description: |
Microweber prior to 1.2.12 allows unrestricted upload of XML files, which malicious actors can exploit to cause a stored cross-site scripting attack.
Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,.
reference:
- https://huntr.dev/bounties/a89a4198-0880-4aa2-8439-a463f39f244c/
- https://github.com/advisories/GHSA-q3x2-jvp3-wj78
- https://nvd.nist.gov/vuln/detail/CVE-2022-0963
- https://huntr.dev/bounties/a89a4198-0880-4aa2-8439-a463f39f244c
- https://nvd.nist.gov/vuln/detail/CVE-2022-0963
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cve-id: CVE-2022-0963
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-0963
metadata:
verified: "true"
tags: xss,microweber,cms,authenticated,huntr,cve,cve2022,intrusive
@ -67,3 +67,5 @@ requests:
- 'status_code_3==200'
- 'contains(body_2,"bytes_uploaded")'
condition: and
# Enhanced by mp on 2022/09/14

15
cves/2022/CVE-2022-1221.yaml
View File

@ -1,19 +1,20 @@
id: CVE-2022-1221
info:
name: Gwyn's Imagemap Selector <= 0.3.3 - Cross-Site Scripting
name: WordPress Gwyn's Imagemap Selector <=0.3.3 - Cross-Site Scripting
author: veshraj
severity: medium
severity: high
description: |
The Gwyn's Imagemap Selector Wordpresss plugin does not sanitize the id and class parameters before returning them back in attributes, leading to a Reflected Cross-Site Scripting.
Wordpress Gwyn's Imagemap Selector plugin 0.3.3 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize the id and class parameters before returning them back in attributes.
reference:
- https://wpscan.com/vulnerability/641be9f6-2f74-4386-b16e-4b9488f0d2a9
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1221
- https://nvd.nist.gov/vuln/detail/CVE-2022-1221
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-1221
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-1221
metadata:
verified: "true"
tags: cve2022,wpscan,xss,wordpress,wp-plugin,wp,cve
@ -40,3 +41,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/09/12

16
cves/2022/CVE-2022-1439.yaml
View File

@ -1,20 +1,20 @@
id: CVE-2022-1439
info:
name: Microweber Cross-Site Scripting
name: Microweber <1.2.15 - Cross-Site Scripting
author: pikpikcu
severity: medium
description: Reflected XSS in microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction.
severity: high
description: Microweber prior to 1.2.15 contains a reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2022-1439
- https://huntr.dev/bounties/86f6a762-0f3d-443d-a676-20f8496907e0/
- https://huntr.dev/bounties/86f6a762-0f3d-443d-a676-20f8496907e0
- https://github.com/microweber/microweber/commit/ad3928f67b2cd4443f4323d858b666d35a919ba8
- https://nvd.nist.gov/vuln/detail/CVE-2022-1439
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-1439
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-1439
metadata:
shodan-query: http.favicon.hash:780351152
tags: cve,cve2022,microweber,xss,huntr
@ -36,3 +36,5 @@ requests:
- "<div class='x module module-'onmouseover=alert(document.domain) '"
- "parent-module-id"
condition: and
# Enhanced by md on 2022/09/12

18
cves/2022/CVE-2022-1597.yaml
View File

@ -1,21 +1,19 @@
id: CVE-2022-1597
info:
name: WPQA < 5.4 - Cross-Site Scripting
name: WordPress WPQA <5.4 - Cross-Site Scripting
author: veshraj
severity: medium
severity: high
description: |
The plugin, used as a companion for the Discy and Himer themes,
does not sanitise and escape a parameter on its reset password
form which makes it possible to perform reflected XSS.
WordPress WPQA plugin prior to 5.4 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter on its reset password form.
reference:
- https://wpscan.com/vulnerability/faff9484-9fc7-4300-bdad-9cd8a30a9a4e
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1597
- https://nvd.nist.gov/vuln/detail/CVE-2022-1597
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-1597
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-1597
metadata:
google-query: inurl:/wp-content/plugins/wpqa
verified: "true"
@ -61,3 +59,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

14
cves/2022/CVE-2022-1724.yaml
View File

@ -1,18 +1,18 @@
id: CVE-2022-1724
info:
name: Simple Membership < 4.1.1 - Cross-Site Scripting
name: WordPress Simple Membership <4.1.1 - Cross-Site Scripting
author: Akincibor
severity: medium
description: The plugin does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting.
severity: high
description: WordPress Simple Membership plugin before 4.1.1 contains a reflected cross-site scripting vulnerability. It does not properly sanitize and escape parameters before outputting them back in AJAX actions.
reference:
- https://wpscan.com/vulnerability/96a0a667-9c4b-4ea6-b78a-0681e9a9bbae
- https://nvd.nist.gov/vuln/detail/CVE-2022-1724
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-1724
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-1724
metadata:
verified: "true"
tags: xss,wp,wordpress,wpscan,cve,cve2022,wp-plugin
@ -37,3 +37,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

16
cves/2022/CVE-2022-1904.yaml
View File

@ -1,19 +1,19 @@
id: CVE-2022-1904
info:
name: Easy Pricing Tables < 3.2.1 - Cross-Site-Scripting
name: WordPress Easy Pricing Tables <3.2.1 - Cross-Site Scripting
author: Akincibor
severity: medium
severity: high
description: |
The plugin does not sanitize and escape parameter before reflecting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a reflected cross-site scripting.
WordPress Easy Pricing Tables plugin before 3.2.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before reflecting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled.
reference:
- https://wpscan.com/vulnerability/92215d07-d129-49b4-a838-0de1a944c06b
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1904
- https://nvd.nist.gov/vuln/detail/CVE-2022-1904
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-1904
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-1904
metadata:
verified: "true"
tags: wp,wordpress,wpscan,cve,cve2022,wp-plugin,xss
@ -38,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

15
cves/2022/CVE-2022-1906.yaml
View File

@ -1,20 +1,19 @@
id: CVE-2022-1906
info:
name: Copyright Proof <= 4.16 - Cross-Site-Scripting
name: WordPress Copyright Proof <=4.16 - Cross-Site-Scripting
author: random-robbie
severity: medium
severity: high
description: |
The plugin does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting when a specific setting is enabled.
WordPress Copyright Proof plugin 4.16 and prior contains a cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users when a specific setting is enabled.
reference:
- https://wpscan.com/vulnerability/af4f459e-e60b-4384-aad9-0dc18aa3b338
- https://nvd.nist.gov/vuln/detail/CVE-2022-1906
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1906
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-1906
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-1906
metadata:
google-query: inurl:/wp-content/plugins/digiproveblog
verified: "true"
@ -42,3 +41,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

14
cves/2022/CVE-2022-1937.yaml
View File

@ -1,19 +1,19 @@
id: CVE-2022-1937
info:
name: Awin Data Feed <= 1.6 - Cross-Site Scripting
name: WordPress Awin Data Feed <=1.6 - Cross-Site Scripting
author: Akincibor,DhiyaneshDK
severity: medium
severity: high
description: |
The plugin does not sanitise and escape a parameter before outputting it back via an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting.
WordPress Awin Data Feed plugin 1.6 and prior contains a cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back via an AJAX action, available to both unauthenticated and authenticated users.
reference:
- https://wpscan.com/vulnerability/eb40ea5d-a463-4947-9a40-d55911ff50e9
- https://nvd.nist.gov/vuln/detail/CVE-2022-1937
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-1937
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-1937
metadata:
verified: "true"
tags: cve,cve2022,xss,awin,wpscan,wp-plugin,wp,wordpress,authenticated
@ -40,3 +40,5 @@ requests:
- 'status_code_2 == 200'
- contains(body_2, 'colspan=\"2\"><script>alert(document.domain)</script></th>')
condition: and
# Enhanced by mp on 2022/09/14

16
cves/2022/CVE-2022-1946.yaml
View File

@ -1,19 +1,19 @@
id: CVE-2022-1946
info:
name: Gallery < 2.0.0 - Cross-Site Scripting
name: WordPress Gallery <2.0.0 - Cross-Site Scripting
author: Akincibor
severity: medium
description: The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue.
severity: high
description: WordPress Gallery plugin before 2.0.0 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the response of an AJAX action, available to both unauthenticated and authenticated users.
reference:
- https://wpscan.com/vulnerability/0903920c-be2e-4515-901f-87253eb30940
- https://wordpress.org/plugins/gallery-album
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1946
- https://nvd.nist.gov/vuln/detail/CVE-2022-1946
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-1946
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-1946
metadata:
google-query: inurl:"/wp-content/plugins/gallery-album/"
verified: "true"
@ -39,3 +39,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

16
cves/2022/CVE-2022-2187.yaml
View File

@ -1,20 +1,20 @@
id: CVE-2022-2187
info:
name: Contact Form 7 Captcha < 0.1.2 - Cross-Site Scripting
name: WordPress Contact Form 7 Captcha <0.1.2 - Cross-Site Scripting
author: For3stCo1d
severity: medium
severity: high
description: |
The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
WordPress Contact Form 7 Captcha plugin before 0.1.2 contains a reflected cross-site scripting vulnerability. It does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute.
reference:
- https://wpscan.com/vulnerability/4fd2f1ef-39c6-4425-8b4d-1a332dabac8d
- https://wordpress.org/plugins/contact-form-7-simple-recaptcha
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2187
- https://nvd.nist.gov/vuln/detail/CVE-2022-2187
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-2187
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-2187
tags: wpscan,cve,cve2022,wordpress,xss,wp-plugin,wp
requests:
@ -39,3 +39,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

16
cves/2022/CVE-2022-2290.yaml
View File

@ -1,20 +1,20 @@
id: CVE-2022-2290
info:
name: Trilium - Cross-Site Scripting
name: Trilium <0.52.4 - Cross-Site Scripting
author: dbrwsky
severity: medium
description: Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/trilium prior to 0.52.4, 0.53.1-beta.
severity: high
description: Trilium prior to 0.52.4, 0.53.1-beta contains a cross-site scripting vulnerability which can allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
reference:
- https://huntr.dev/bounties/367c5c8d-ad6f-46be-8503-06648ecf09cf/
- https://github.com/zadam/trilium
- https://nvd.nist.gov/vuln/detail/CVE-2022-2290
- https://github.com/zadam/trilium/commit/3faae63b849a1fabc31b823bb7af3a84d32256a7
- https://nvd.nist.gov/vuln/detail/CVE-2022-2290
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-2290
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-2290
metadata:
shodan-query: title:"Trilium Notes"
verified: "true"
@ -46,3 +46,5 @@ requests:
- type: status
status:
- 404
# Enhanced by mp on 2022/09/14

15
cves/2022/CVE-2022-2383.yaml
View File

@ -1,21 +1,20 @@
id: CVE-2022-2383
info:
name: Feed Them Social < 3.0.1 - Cross-Site Scripting
name: WordPress Feed Them Social <3.0.1 - Cross-Site Scripting
author: akincibor
severity: medium
severity: high
description: |
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
WordPress Feed Them Social plugin before 3.0.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the page.
reference:
- https://wpscan.com/vulnerability/4a3b3023-e740-411c-a77c-6477b80d7531
- https://wordpress.org/plugins/feed-them-social/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2383
- https://nvd.nist.gov/vuln/detail/CVE-2022-2383
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-2383
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-2383
metadata:
verified: "true"
tags: wp,wordpress,wp-plugin,wpscan,cve,cve2022,xss
@ -40,3 +39,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

14
cves/2022/CVE-2022-24181.yaml
View File

@ -1,20 +1,20 @@
id: CVE-2022-24181
info:
name: PKP Open Journals System 3.3 - Cross-Site Scripting
name: PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting
author: lucasljm2001,ekrause
severity: medium
severity: high
description: |
Detects an XSS vulnerability in Open Journals System.
PKP Open Journal Systems 2.4.8 to 3.3 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary code via the X-Forwarded-Host Header.
reference:
- https://www.exploit-db.com/exploits/50881
- https://github.com/pkp/pkp-lib/issues/7649
- https://youtu.be/v8-9evO2oVg
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-24181
- https://nvd.nist.gov/vuln/detail/cve-2022-24181
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-24181
metadata:
verified: true
@ -42,3 +42,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

16
cves/2022/CVE-2022-24681.yaml
View File

@ -1,21 +1,21 @@
id: CVE-2022-24681
info:
name: ManageEngine ADSelfService - Stored Cross-Site Scripting
name: ManageEngine ADSelfService Plus <6121 - Stored Cross-Site Scripting
author: Open-Sec
severity: medium
severity: high
description: |
Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.
ManageEngine ADSelfService Plus before 6121 contains a stored cross-site scripting vulnerability via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screens.
reference:
- https://raxis.com/blog/cve-2022-24681
- https://nvd.nist.gov/vuln/detail/CVE-2022-24681
- https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-24681.html
- https://manageengine.com
- https://nvd.nist.gov/vuln/detail/CVE-2022-24681
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-24681
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-24681
tags: cve,cve2022,manageengine,xss,authenticated
requests:
@ -47,3 +47,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

15
cves/2022/CVE-2022-24899.yaml
View File

@ -1,20 +1,21 @@
id: CVE-2022-24899
info:
name: Contao 4.13.2 - Cross-Site Scripting
name: Contao <4.13.3 - Cross-Site Scripting
author: ritikchaddha
severity: medium
severity: high
description: |
Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings.
Contao prior to 4.13.3 contains a cross-site scripting vulnerability. It is possible to inject arbitrary JavaScript code into the canonical tag.
reference:
- https://huntr.dev/bounties/df46e285-1b7f-403c-8f6c-8819e42deb80/
- https://github.com/contao/contao/security/advisories/GHSA-m8x6-6r63-qvj2
- https://nvd.nist.gov/vuln/detail/CVE-2022-24899
remediation: As a workaround, users may disable canonical tags in the root page settings.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-24899
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-24899
metadata:
shodan-query: title:"Contao"
tags: cve,cve2022,contao,xss,huntr
@ -37,3 +38,5 @@ requests:
part: header
words:
- text/html
# Enhanced by mp on 2022/09/14

14
cves/2022/CVE-2022-28363.yaml
View File

@ -3,19 +3,19 @@ id: CVE-2022-28363
info:
name: Reprise License Manager 14.2 - Cross-Site Scripting
author: Akincibor
severity: medium
severity: high
description: |
Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process "username" parameter via GET. No authentication is required.
Reprise License Manager 14.2 contains a reflected cross-site scripting vulnerability in the /goform/login_process 'username' parameter via GET, whereby no authentication is required.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2022-28363
- https://www.reprisesoftware.com/products/software-license-management.php
- https://github.com/advisories/GHSA-rpvc-qgrm-r54f
- http://packetstormsecurity.com/files/166647/Reprise-License-Manager-14.2-Cross-Site-Scripting-Information-Disclosure.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-28363
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-28363
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-28363
tags: xss,rlm,packetstorm,cve,cve2022
requests:
@ -40,3 +40,5 @@ requests:
part: header
words:
- "text/html"
# Enhanced by mp on 2022/09/14

16
cves/2022/CVE-2022-29004.yaml
View File

@ -1,21 +1,21 @@
id: CVE-2022-29004
info:
name: Diary Management System v1.0 - Cross-Site scripting
name: Diary Management System 1.0 - Cross-Site Scripting
author: TenBird
severity: medium
severity: high
description: |
Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php.
Diary Management System 1.0 contains a cross-site scripting vulnerability via the Name parameter in search-result.php.
reference:
- https://github.com/sudoninja-noob/CVE-2022-29004/blob/main/CVE-2022-29004.txt
- https://phpgurukul.com/e-diary-management-system-using-php-and-mysql/
- https://nvd.nist.gov/vuln/detail/CVE-2022-29004
- http://phpgurukul.com
- https://nvd.nist.gov/vuln/detail/CVE-2022-29004
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-29004
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-29004
metadata:
verified: "true"
tags: cve,cve2022,xss,authenticated,edms
@ -51,3 +51,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

14
cves/2022/CVE-2022-29005.yaml
View File

@ -1,19 +1,19 @@
id: CVE-2022-29005
info:
name: Online Birth Certificate System V1.2 - Stored Cross-Site scripting
name: Online Birth Certificate System 1.2 - Stored Cross-Site Scripting
author: TenBird
severity: medium
severity: high
description: |
Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters.
Online Birth Certificate System 1.2 contains multiple stored cross-site scripting vulnerabilities in the component /obcs/user/profile.php, which allows an attacker to execute arbitrary web script or HTML via a crafted payload injected into the fname or lname parameters.
reference:
- https://github.com/sudoninja-noob/CVE-2022-29005/blob/main/CVE-2022-29005.txt
- https://phpgurukul.com/online-birth-certificate-system-using-php-and-mysql/
- https://nvd.nist.gov/vuln/detail/CVE-2022-29005
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-29005
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-29005
metadata:
verified: "true"
tags: cve,cve2022,xss,obcs,authenticated
@ -48,3 +48,5 @@ requests:
- 'status_code_3 == 200'
- contains(body_3, 'admin-name\">nuclei<script>alert(document.domain);</script>')
condition: and
# Enhanced by mp on 2022/09/14

14
cves/2022/CVE-2022-29349.yaml
View File

@ -1,19 +1,19 @@
id: CVE-2022-29349
info:
name: kkFileView v4.0.0 - Cross-Site Scripting
name: kkFileView 4.0.0 - Cross-Site Scripting
author: arafatansari
severity: medium
severity: high
description: |
kkFileView v4.0.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.
kkFileView 4.0.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.
reference:
- https://github.com/kekingcn/kkFileView/issues/347
- https://nvd.nist.gov/vuln/detail/CVE-2022-29349
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-29349
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-29349
metadata:
shodan-query: http.html:"kkFileView"
verified: "true"
@ -38,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

16
cves/2022/CVE-2022-29455.yaml
View File

@ -1,21 +1,21 @@
id: CVE-2022-29455
info:
name: Wordpress Elementor <= 3.5.5 - DOM-based Cross-Site Scripting
name: WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting
author: rotembar,daffainfo
severity: medium
severity: high
description: |
DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions.
WordPress Elementor Website Builder plugin 3.5.5 and prior contains a reflected cross-site scripting vulnerability via the document object model.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2022-29455
- https://rotem-bar.com/hacking-65-million-websites-greater-cve-2022-29455-elementor
- https://www.rotem-bar.com/elementor
- https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-5-5-unauthenticated-dom-based-reflected-cross-site-scripting-xss-vulnerability
- https://nvd.nist.gov/vuln/detail/CVE-2022-29455
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-29455
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-29455
metadata:
verified: "true"
tags: cve,cve2022,xss,wordpress,elementor
@ -52,3 +52,5 @@ requests:
group: 1
regex:
- "(?m)Stable tag: ([0-9.]+)"
# Enhanced by mp on 2022/09/14

17
cves/2022/CVE-2022-29548.yaml
View File

@ -1,20 +1,19 @@
id: CVE-2022-29548
info:
name: WSO2 Management Console - Cross-Site Scripting
name: WSO2 - Cross-Site Scripting
author: edoardottt
severity: medium
severity: high
description: |
A reflected XSS issue exists in the Management Console of several WSO2 products.
WSO2 contains a reflected cross-site scripting vulnerability in the Management Console of API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2022-29548
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29548
- https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1603
- https://nvd.nist.gov/vuln/detail/CVE-2022-29548
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-29548
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-29548
metadata:
google-query: inurl:"carbon/admin/login"
verified: "true"
@ -40,3 +39,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

16
cves/2022/CVE-2022-30073.yaml
View File

@ -1,20 +1,20 @@
id: CVE-2022-30073
info:
name: WBCE CMS v1.5.2 XSS Stored
name: WBCE CMS 1.5.2 - Cross-Site Scripting
author: arafatansari
severity: medium
severity: high
description: |
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\user\save.php Display Name parameters.
WBCE CMS 1.5.2 contains a stored cross-site scripting vulnerability via \admin\user\save.php Display Name parameters.
reference:
- https://github.com/APTX-4879/CVE
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30073
- https://github.com/APTX-4879/CVE/blob/main/CVE-2022-30073.pdf
- https://nvd.nist.gov/vuln/detail/CVE-2022-30073
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cve-id: CVE-2022-30073
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-30073
metadata:
verified: "true"
tags: cve,cve2022,wbcecms,xss
@ -70,3 +70,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

16
cves/2022/CVE-2022-30489.yaml
View File

@ -1,20 +1,20 @@
id: CVE-2022-30489
info:
name: Wavlink Wn535g3 - POST Cross-Site Scripting
name: Wavlink WN-535G3 - Cross-Site Scripting
author: For3stCo1d
severity: medium
severity: high
description: |
WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.
Wavlink WN-535G3 contains a POST cross-site scripting vulnerability via the hostname parameter at /cgi-bin/login.cgi.
reference:
- https://github.com/badboycxcc/XSS-CVE-2022-30489
- https://nvd.nist.gov/vuln/detail/CVE-2022-30489
- https://github.com/badboycxcc/XSS
- https://nvd.nist.gov/vuln/detail/CVE-2022-30489
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-30489
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-30489
metadata:
shodan-query: http.title:"Wi-Fi APP Login"
verified: "true"
@ -45,3 +45,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

16
cves/2022/CVE-2022-30776.yaml
View File

@ -1,21 +1,21 @@
id: CVE-2022-30776
info:
name: Atmail - Cross-Site Scripting
name: Atmail 6.5.0 - Cross-Site Scripting
author: 3th1c_yuk1
severity: medium
severity: high
description: |
atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter.
Atmail 6.5.0 contains a cross-site scripting vulnerability via the index.php/admin/index/ 'error' parameter.
reference:
- https://medium.com/@bhattronit96/cve-2022-30776-cd34f977c2b9
- https://www.atmail.com/
- https://nvd.nist.gov/vuln/detail/CVE-2022-30776
- https://help.atmail.com/hc/en-us/sections/115003283988
- https://nvd.nist.gov/vuln/detail/CVE-2022-30776
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-30776
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-30776
metadata:
shodan-query: http.html:"atmail"
verified: "true"
@ -41,3 +41,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

16
cves/2022/CVE-2022-30777.yaml
View File

@ -1,20 +1,20 @@
id: CVE-2022-30777
info:
name: Parallels H-Sphere - Cross-Site Scripting
name: Parallels H-Sphere 3.6.1713 - Cross-Site Scripting
author: 3th1c_yuk1
severity: medium
severity: high
description: |
Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter.
Parallels H-Sphere 3.6.1713 contains a cross-site scripting vulnerability via the index_en.php 'from' parameter.
reference:
- https://medium.com/@bhattronit96/cve-2022-30777-45725763ab59
- https://nvd.nist.gov/vuln/detail/CVE-2022-30777
- https://en.wikipedia.org/wiki/H-Sphere
- https://nvd.nist.gov/vuln/detail/CVE-2022-30777
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-30777
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-30777
metadata:
shodan-query: title:"h-sphere"
verified: "true"
@ -42,3 +42,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

12
cves/2022/CVE-2022-31373.yaml
View File

@ -3,17 +3,17 @@ id: CVE-2022-31373
info:
name: SolarView Compact 6.00 - Cross-Site Scripting
author: ritikchaddha
severity: medium
severity: high
description: |
SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php.
SolarView Compact 6.00 contains a cross-site scripting vulnerability via the Solar_AiConf.php component.
reference:
- https://github.com/badboycxcc/SolarView_Compact_6.0_xss
- https://nvd.nist.gov/vuln/detail/CVE-2022-31373
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-31373
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-31373
metadata:
shodan-query: http.html:"SolarView Compact"
verified: "true"
@ -39,3 +39,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

13
cves/2022/CVE-2022-31474.yaml
View File

@ -1,16 +1,21 @@
id: CVE-2022-31474
info:
name: BackupBuddy Arbitrary File Read
name: BackupBuddy - Local File Inclusion
author: aringo
severity: high
description: BackupBuddy versions 8.5.8.0 through 8.7.4.1 are vulnerable to arbitrary file read
description: BackupBuddy versions 8.5.8.0 - 8.7.4.1 are vulnerable to a local file inclusion vulnerability via the 'download' and 'local-destination-id' parameters.
reference:
- https://www.wordfence.com/blog/2022/09/psa-nearly-5-million-attacks-blocked-targeting-0-day-in-backupbuddy-plugin/
- https://ithemes.com/blog/wordpress-vulnerability-report-special-edition-september-6-2022-backupbuddy
- https://ithemes.com/backupbuddy/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31474
remediation: Developers should immediately upgrade to at least version 8.7.5 or higher
remediation: Upgrade to at least version 8.7.5 or higher
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
cve-id: CVE-2022-31474
tags: cve,cve2022,wordpress,wp-plugin,wp,lfi,backupbuddy
requests:
@ -28,3 +33,5 @@ requests:
- type: status
status:
- 200
# Enhanced by cs 2022/09/14

16
cves/2022/CVE-2022-32195.yaml
View File

@ -1,20 +1,20 @@
id: CVE-2022-32195
info:
name: Open edX - Cross-Site Scripting
name: Open edX <2022-06-06 - Cross-Site Scripting
author: arafatansari
severity: medium
severity: high
description: |
Open edX platform before 2022-06-06 allows Reflected Cross-site Scripting via the "next" parameter in the logout URL.
Open edX before 2022-06-06 contains a reflected cross-site scripting vulnerability via the 'next' parameter in the logout URL.
reference:
- https://discuss.openedx.org/t/security-patch-for-logout-page-xss-vulnerability/7408
- https://nvd.nist.gov/vuln/detail/CVE-2022-32195
- https://github.com/edx
- https://nvd.nist.gov/vuln/detail/CVE-2022-32195
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-32195
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-32195
metadata:
comment: Hover the cursor on the redirect link
shodan-query: http.html:"Open edX"
@ -41,3 +41,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

14
cves/2022/CVE-2022-32770.yaml
View File

@ -3,18 +3,18 @@ id: CVE-2022-32770
info:
name: WWBN AVideo 11.6 - Cross-Site Scripting
author: arafatansari
severity: medium
severity: high
description: |
A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 via "toast" parameter which is inserted into the document with insufficient sanitization.
WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'toast' parameter, which is inserted into the document with insufficient sanitization.
reference:
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1538
- https://nvd.nist.gov/vuln/detail/CVE-2022-32770
- https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql
- https://nvd.nist.gov/vuln/detail/CVE-2022-32770
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-32770
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-32770
metadata:
shodan-query: http.html:"AVideo"
verified: "true"
@ -40,3 +40,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

14
cves/2022/CVE-2022-32771.yaml
View File

@ -3,18 +3,18 @@ id: CVE-2022-32771
info:
name: WWBN AVideo 11.6 - Cross-Site Scripting
author: arafatansari
severity: medium
severity: high
description: |
A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 via "success" parameter which is inserted into the document with insufficient sanitization.
WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'success' parameter, which is inserted into the document with insufficient sanitization.
reference:
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1538
- https://nvd.nist.gov/vuln/detail/CVE-2022-32771
- https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql
- https://nvd.nist.gov/vuln/detail/CVE-2022-32771
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-32771
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-32771
metadata:
shodan-query: http.html:"AVideo"
verified: "true"
@ -42,3 +42,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

14
cves/2022/CVE-2022-32772.yaml
View File

@ -3,18 +3,18 @@ id: CVE-2022-32772
info:
name: WWBN AVideo 11.6 - Cross-Site Scripting
author: arafatansari
severity: medium
severity: high
description: |
A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 via "msg" parameter which is inserted into the document with insufficient sanitization.
WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'msg' parameter, which is inserted into the document with insufficient sanitization.
reference:
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1538
- https://nvd.nist.gov/vuln/detail/CVE-2022-32772
- https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql
- https://nvd.nist.gov/vuln/detail/CVE-2022-32772
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-32772
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-32772
metadata:
shodan-query: http.html:"AVideo"
verified: "true"
@ -40,3 +40,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

8
cves/2022/CVE-2022-33119.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2022-33119
info:
name: NVRsolo v03.06.02 - Cross-Site Scripting
name: NUUO NVRsolo Video Recorder 03.06.02 - Cross-Site Scripting
author: arafatansari
severity: medium
severity: high
description: |
NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php.
NUUO NVRsolo Video Recorder 03.06.02 contains a reflected cross-site scripting vulnerability via login.php.
reference:
- https://github.com/badboycxcc/nuuo-xss/blob/main/README.md
- https://nvd.nist.gov/vuln/detail/CVE-2022-33119
@ -36,3 +36,5 @@ requests:
- 'status_code == 200'
- contains(body,'<script>alert(document.domain)</script><\"?cmd=')
condition: and
# Enhanced by mp on 2022/09/14

16
cves/2022/CVE-2022-34048.yaml
View File

@ -1,21 +1,21 @@
id: CVE-2022-34048
info:
name: Wavlink WN533A8 - Cross-Site Scripting
name: Wavlink WN-533A8 - Cross-Site Scripting
author: ritikchaddha
severity: medium
severity: high
description: |
Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page parameter.
Wavlink WN-533A8 M33A8.V5030.190716 contains a reflected cross-site scripting vulnerability via the login_page parameter.
reference:
- https://www.exploit-db.com/exploits/50989
- https://nvd.nist.gov/vuln/detail/CVE-2022-34048
- https://drive.google.com/file/d/1xznFhH3w3TDN2RCdX62_ebylR4yaKmzf/view?usp=sharing
- https://drive.google.com/file/d/1NI3-k3AGIsSe2zjeigl1GVyU1VpG1SV3/view?usp=sharing
- https://nvd.nist.gov/vuln/detail/CVE-2022-34048
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-34048
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-34048
metadata:
shodan-query: http.html:"Wavlink"
verified: "true"
@ -44,3 +44,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

14
cves/2022/CVE-2022-34328.yaml
View File

@ -3,18 +3,18 @@ id: CVE-2022-34328
info:
name: PMB 7.3.10 - Cross-Site Scripting
author: edoardottt
severity: medium
severity: high
description: |
PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php.
PMB 7.3.10 contains a reflected cross-site scripting vulnerability via the id parameter in an lvl=author_see request to index.php.
reference:
- https://github.com/jenaye/PMB/blob/main/README.md
- https://nvd.nist.gov/vuln/detail/CVE-2022-34328
- https://github.com/jenaye/PMB
- https://nvd.nist.gov/vuln/detail/CVE-2022-34328
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-34328
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-34328
metadata:
shodan-query: http.html:"PMB Group"
verified: "true"
@ -40,3 +40,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

14
cves/2022/CVE-2022-35151.yaml
View File

@ -1,19 +1,19 @@
id: CVE-2022-35151
info:
name: kkFileView v4.1.0 - Cross-Site Scripting
name: kkFileView 4.1.0 - Cross-Site Scripting
author: arafatansari
severity: medium
severity: high
description: |
kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.
kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.
reference:
- https://github.com/kekingcn/kkFileView/issues/366
- https://nvd.nist.gov/vuln/detail/CVE-2022-35151
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-35151
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-35151
metadata:
shodan-query: http.html:"kkFileView"
verified: "true"
@ -42,3 +42,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

2
cves/2022/CVE-2022-35413.yaml
View File

@ -10,6 +10,8 @@ info:
- https://medium.com/@_sadshade/wapples-web-application-firewall-multiple-vulnerabilities-35bdee52c8fb
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35413
- https://azuremarketplace.microsoft.com/en/marketplace/apps/penta-security-systems-inc.wapples_sa_v6?tab=Overview
classification:
cve-id: CVE-2022-35413
metadata:
shodan-query: http.title:"Intelligent WAPPLES"
verified: "true"

14
cves/2022/CVE-2022-35416.yaml
View File

@ -1,20 +1,20 @@
id: CVE-2022-35416
info:
name: H3C SSL VPN through 2022-07-10 - Cookie Based Cross-Site Scripting
name: H3C SSL VPN <=2022-07-10 - Cross-Site Scripting
author: 0x240x23elu
severity: medium
severity: high
description: |
H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS.
H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang.
reference:
- https://github.com/advisories/GHSA-9x76-78gc-r3m9
- https://github.com/Docker-droid/H3C_SSL_VPN_XSS
- https://nvd.nist.gov/vuln/detail/CVE-2022-35416
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-35416
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-35416
metadata:
shodan-query: http.html_hash:510586239
verified: "true"
@ -42,3 +42,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

14
cves/2022/CVE-2022-35493.yaml
View File

@ -1,19 +1,19 @@
id: CVE-2022-35493
info:
name: eShop - Cross-Site Scripting
name: eShop 3.0.4 - Cross-Site Scripting
author: arafatansari
severity: medium
severity: high
description: |
eShop - Multipurpose Ecommerce Store Website v3.0.4 allows Reflected Cross-site scripting vulnerability in json search parse and the json response in wrteam.in.
eShop 3.0.4 contains a reflected cross-site scripting vulnerability in json search parse and json response in wrteam.in.
reference:
- https://github.com/Keyvanhardani/Exploit-eShop-Multipurpose-Ecommerce-Store-Website-3.0.4-Cross-Site-Scripting-XSS/blob/main/README.md
- https://nvd.nist.gov/vuln/detail/CVE-2022-35493
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-35493
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-35493
metadata:
shodan-query: http.html:"eShop - Multipurpose Ecommerce"
verified: "true"
@ -38,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

14
cves/2022/CVE-2022-37153.yaml
View File

@ -1,19 +1,19 @@
id: CVE-2022-37153
info:
name: Artica Proxy - Cross-Site Scripting
name: Artica Proxy 4.30.000000 - Cross-Site Scripting
author: arafatansari
severity: medium
severity: high
description: |
An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php.
Artica Proxy 4.30.000000 contains a cross-site scripting vulnerability via the password parameter in /fw.login.php.
reference:
- https://github.com/Fjowel/CVE-2022-37153
- https://nvd.nist.gov/vuln/detail/CVE-2022-37153
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-37153
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-37153
metadata:
shodan-query: http.html:"Artica"
verified: "true"
@ -45,3 +45,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

12
cves/2022/CVE-2022-38463.yaml
View File

@ -3,17 +3,17 @@ id: CVE-2022-38463
info:
name: ServiceNow - Cross-Site Scripting
author: amanrawat
severity: medium
severity: high
description: |
There exists a reflected XSS within the logout functionality of ServiceNow. This enables an unauthenticated remote attacker to execute arbitrary JavaScript.
ServiceNow through San Diego Patch 4b and Patch 6 contains a cross-site scripting vulnerability in the logout functionality, which can enable an unauthenticated remote attacker to execute arbitrary JavaScript.
reference:
- https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1156793
- https://nvd.nist.gov/vuln/detail/CVE-2022-38463
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-38463
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
cve-id: CVE-2022-38463
metadata:
shodan-query: http.title:"ServiceNow"
verified: "true"
@ -38,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

10
default-logins/apache/tomcat-examples-login.yaml
View File

@ -1,14 +1,18 @@
id: tomcat-examples-login
info:
name: Tomcat Examples Default Login
name: Apache Tomcat - Default Login Discovery
author: 0xelkomy & C0NQR0R
severity: info
description: Default Creds and there is XSS here, /examples/jsp/security/protected/index.jsp?dataName=%22%3E%3Cimg+src%3Dd+onerror%3Dalert%28document.cookie%29%3E&dataValue= after you login you will be able to get it.
description: Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 default login credentials were successful.
reference:
- https://c0nqr0r.github.io/CVE-2022-34305/
metadata:
verified: true
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: default-login,tomcat
requests:
@ -42,3 +46,5 @@ requests:
- "You are logged in as remote user"
- "{{username}}"
condition: and
# Enhanced by mp on 2022/09/14

11
file/xss/dom-xss.yaml
View File

@ -1,11 +1,16 @@
id: dom-xss
info:
name: DOM XSS Sources & Sinks
name: DOM Invader - Cross-Site Scripting
author: geeknik
severity: info
severity: high
description: DOM Invader contains a cross-site scripting vulnerability in Sources & Sinks functionality.
reference:
- Inspired by https://portswigger.net/blog/introducing-dom-invader
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: xss,file
file:
@ -44,3 +49,5 @@ file:
- 'location(\.href|\.hash|\.search|\.pathname)?'
- 'window\.name'
- 'document(\.URL|\.referrer|\.documentURI|\.baseURI|\.cookie)'
# Enhanced by mp on 2022/09/14

9
headless/window-name-domxss.yaml
View File

@ -3,9 +3,14 @@ id: window-name-domxss
info:
name: window.name - DOM Cross-Site Scripting
author: pdteam
severity: medium
severity: high
description: The window-name is vulnerable to DOM based cross-site scripting.
reference:
- https://public-firing-range.appspot.com/dom/index.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: headless,xss,domxss
headless:
@ -87,3 +92,5 @@ headless:
part: alerts
kval:
- alerts
# Enhanced by mp on 2022/09/14

11
misconfiguration/aem/aem-setpreferences-xss.yaml
View File

@ -1,13 +1,18 @@
id: aem-setpreferences-xss
info:
name: AEM setPreferences - Cross-Site Scripting
name: Adobe Experience Manager - Cross-Site Scripting
author: zinminphy0,dhiyaneshDK
severity: medium
severity: high
description: Adobe Experience Manager contains a cross-site scripting vulnerability via setPreferences.
reference:
- https://www.youtube.com/watch?v=VwLSUHNhrOw&t=142s
- https://github.com/projectdiscovery/nuclei-templates/issues/3225
- https://twitter.com/zin_min_phyo/status/1465394815042916352
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
metadata:
shodan-query: http.component:"Adobe Experience Manager"
tags: aem,xss
@ -30,3 +35,5 @@ requests:
- type: status
status:
- 400
# Enhanced by mp on 2022/09/15

13
misconfiguration/aem/aem-xss-childlist-selector.yaml
View File

@ -1,17 +1,22 @@
id: aem-xss-childlist-selector
info:
name: XSS in childlist selector
name: Adobe Experience Manager - Cross-Site Scripting
author: dhiyaneshDk
severity: medium
severity: high
description: |
Requests using the selector childlist can an XSS when the dispatcher does not respect the content-type responded by AEM and flips from application/json to text/html. As a consequence the reflected suffix is executed and interpreted in the browser.
Adobe Experience Manager contains a cross-site scripting vulnerability via requests using the selector childlist when the dispatcher does not respect the content-type responded by AEM and flips from application/json to text/html. As a consequence, the reflected suffix is executed and interpreted in the browser.
reference:
- https://github.com/thomashartm/burp-aem-scanner/blob/master/src/main/java/burp/actions/xss/FlippingTypeWithChildrenlistSelector.java
- https://cystack.net/en/plugins/cystack.remote.aem_childlist_selector_xss
metadata:
shodan-query:
- http.title:"AEM Sign In"
- http.component:"Adobe Experience Manager"
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: xss,aem,adobe
requests:
@ -35,3 +40,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14

9
misconfiguration/akamai-arl-xss.yaml
View File

@ -3,13 +3,18 @@ id: akamai-arl-xss
info:
name: Open Akamai ARL - Cross-Site Scripting
author: pdteam
severity: medium
severity: high
description: Open Akamai ARL contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site.
reference:
- https://github.com/war-and-code/akamai-arl-hack
- https://twitter.com/SpiderSec/status/1421176297548435459
- https://warandcode.com/post/akamai-arl-hack/
- https://github.com/cybercdh/goarl
- https://community.akamai.com/customers/s/article/WebPerformanceV1V2ARLChangeStartingFebruary282021?language=en_US
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: akamai,xss
requests:
@ -29,3 +34,5 @@ requests:
part: header
words:
- 'text/html'
# Enhanced by mp on 2022/09/14

12
misconfiguration/apache/apache-tomcat-snoop.yaml
View File

@ -1,12 +1,16 @@
id: apache-tomcat-snoop
info:
name: Apache Tomcat example page disclosure - snoop
name: Apache Tomcat 4.x-7.x - Cross-Site Scripting
author: pdteam
severity: low
description: The following example scripts that come with Apache Tomcat v4.x - v7.x and can be used by attackers to gain information about the system. These scripts are also known to be vulnerable to cross site scripting (XSS) injection.
severity: high
description: Apache Tomcat 4.x through 7.x contains a cross-site scripting vulnerability which can be used by an attacker to execute arbitrary script in the browser of an unsuspecting user in the context of the affected site.
reference:
- https://www.rapid7.com/db/vulnerabilities/apache-tomcat-example-leaks
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
metadata:
shodan-query: title:"Apache Tomcat"
tags: apache,misconfig,tomcat,disclosure
@ -25,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/15

14
misconfiguration/openbmcs/openbmcs-ssrf.yaml
View File

@ -1,15 +1,17 @@
id: openbmcs-ssrf
info:
name: OpenBMCS 2.4 Unauthenticated SSRF / RFI
name: OpenBMCS 2.4 - Server-Side Request Forgery / Remote File Inclusion
author: dhiyaneshDK
severity: high
description: Unauthenticated Server-Side Request Forgery (SSRF) and Remote File Include (RFI) vulnerability exists in OpenBMCS within its functionalities. The application parses user supplied data in the POST parameter
'ip' to query a server IP on port 81 by default. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary
destination host. This can be used by an external attacker for example to bypass firewalls and initiate a service and network enumeration on the internal network through the affected application, allows hijacking
the current session of the user, execute cross-site scripting code or changing the look of the page and content modification on current display
description: OpenBMCS 2.4 is susceptible to unauthenticated server-side request forgery and remote file inclusion vulnerabilities within its functionalities. The application parses user supplied data in the POST parameter 'ip' to query a server IP on port 81 by default. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host.
reference:
- https://www.exploit-db.com/exploits/50670
- https://securityforeveryone.com/tools/openbmcs-unauth-ssrf-rfi-vulnerability-scanner
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 6.8
cwe-id: CWE-918
metadata:
shodan-query: http.favicon.hash:1550906681
tags: ssrf,oast,openbmcs,edb
@ -33,3 +35,5 @@ requests:
- type: status
status:
- 302
# Enhanced by mp on 2022/09/15

13
misconfiguration/wildcard-postmessage.yaml
View File

@ -1,11 +1,18 @@
id: wildcard-postmessage
info:
name: Wildcard postMessage detection
name: postMessage - Cross-Site Scripting
author: pdteam
severity: info
severity: high
description: postMessage contains a cross-site scripting vulnerability. An attacker can execute arbitrary script and therefore steal cookie-based authentication credentials and launch other attacks.
reference:
- https://jlajara.gitlab.io/web/2020/06/12/Dom_XSS_PostMessage.html
- https://payatu.com/blog/anubhav.singh/postmessage-vulnerabilities
- https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: xss,postmessage
requests:
@ -17,3 +24,5 @@ requests:
- type: regex
regex:
- postMessage\([a-zA-Z]+,["']\*["']\)
# Enhanced by mp on 2022/09/15

12
misconfiguration/xss-deprecated-header.yaml
View File

@ -1,13 +1,17 @@
id: xss-deprecated-header-detect
info:
name: Detect Deprecated XSS Protection Header
name: XSS-Protection Header - Cross-Site Scripting
author: joshlarsen
severity: info
description: Setting the XSS-Protection header is deprecated by most browsers. Setting the header to anything other than `0` can actually introduce an XSS vulnerability.
severity: high
description: XSS-Protection header in Explorer, Chrome, and Safari contains a cross-site scripting vulnerability if set to any value other than `0`.
reference:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
- https://owasp.org/www-project-secure-headers/#x-xss-protection
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: xss,misconfig,generic
requests:
@ -34,3 +38,5 @@ requests:
part: header
kval:
- x_xss_protection
# Enhanced by mp on 2022/09/15

12
vulnerabilities/concrete/concrete-xss.yaml
View File

@ -1,14 +1,18 @@
id: concrete-xss
info:
name: Concrete - Unauthenticated Reflected XSS in preview_as_user function
name: Concrete CMS <8.5.2 - Cross-Site Scripting
author: shifacyclewla,hackergautam,djoevanka
severity: medium
description: The Concrete CMS < 8.5.2 is vulnerable to Reflected XSS using cID parameter.
severity: high
description: Concrete CMS before 8.5.2 contains a cross-site scripting vulnerability in preview_as_user function using cID parameter.
reference:
- https://hackerone.com/reports/643442
- https://github.com/concrete5/concrete5/pull/7999
- https://twitter.com/JacksonHHax/status/1389222207805661187
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: hackerone,concrete,xss,cms,unauth
requests:
@ -33,3 +37,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/15

12
vulnerabilities/dedecms/dedecms-config-xss.yaml
View File

@ -1,15 +1,19 @@
id: dedecms-config-xss
info:
name: DedeCMS V5.7 config.php Cross-Site Scripting
name: DedeCMS 5.7 - Cross-Site Scripting
author: ritikchaddha
severity: medium
severity: high
description: |
DeDeCMS v5.7 has an XSS vulnerability in the '/include/dialog/config.php' file, and attackers can use this vulnerability to steal user cookies, hang horses, etc.
DeDeCMS 5.7 contains a cross-site scripting vulnerability in the '/include/dialog/config.php' file. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site.
reference:
- https://www.zilyun.com/8665.html
- https://www.60ru.com/161.html
- https://www.cnblogs.com/milantgh/p/3615853.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
metadata:
verified: true
shodan-query: http.html:"DedeCms"
@ -35,3 +39,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/15

88
vulnerabilities/generic/generic-j2ee-lfi.yaml
View File

@ -1,45 +1,45 @@
id: generic-j2ee-lfi
info:
name: Generic J2EE LFI scan
author: davidfegyver
severity: high
description: Looks for J2EE specific LFI vulnerabilities, tries to leak the web.xml file.
reference:
- https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/LFIModule.java
- https://gist.github.com/harisec/519dc6b45c6b594908c37d9ac19edbc3
metadata:
verified: true
shodan-query: http.title:"J2EE"
tags: lfi,generic,j2ee
requests:
- method: GET
path:
- "{{BaseURL}}/../../../../WEB-INF/web.xml"
- "{{BaseURL}}/../../../WEB-INF/web.xml"
- "{{BaseURL}}/../../WEB-INF/web.xml"
- "{{BaseURL}}/%c0%ae/%c0%ae/WEB-INF/web.xml"
- "{{BaseURL}}/%c0%ae/%c0%ae/%c0%ae/WEB-INF/web.xml"
- "{{BaseURL}}/%c0%ae/%c0%ae/%c0%ae/%c0%ae/WEB-INF/web.xml"
- "{{BaseURL}}/../../../WEB-INF/web.xml;x="
- "{{BaseURL}}/../../WEB-INF/web.xml;x="
- "{{BaseURL}}/../WEB-INF/web.xml;x="
- "{{BaseURL}}/WEB-INF/web.xml"
- "{{BaseURL}}/.//WEB-INF/web.xml"
- "{{BaseURL}}/../WEB-INF/web.xml"
- "{{BaseURL}}/%c0%ae/WEB-INF/web.xml"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<servlet-name>"
- "</web-app>"
condition: and
- type: status
status:
id: generic-j2ee-lfi
info:
name: Generic J2EE LFI scan
author: davidfegyver
severity: high
description: Looks for J2EE specific LFI vulnerabilities, tries to leak the web.xml file.
reference:
- https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/LFIModule.java
- https://gist.github.com/harisec/519dc6b45c6b594908c37d9ac19edbc3
metadata:
verified: true
shodan-query: http.title:"J2EE"
tags: lfi,generic,j2ee
requests:
- method: GET
path:
- "{{BaseURL}}/../../../../WEB-INF/web.xml"
- "{{BaseURL}}/../../../WEB-INF/web.xml"
- "{{BaseURL}}/../../WEB-INF/web.xml"
- "{{BaseURL}}/%c0%ae/%c0%ae/WEB-INF/web.xml"
- "{{BaseURL}}/%c0%ae/%c0%ae/%c0%ae/WEB-INF/web.xml"
- "{{BaseURL}}/%c0%ae/%c0%ae/%c0%ae/%c0%ae/WEB-INF/web.xml"
- "{{BaseURL}}/../../../WEB-INF/web.xml;x="
- "{{BaseURL}}/../../WEB-INF/web.xml;x="
- "{{BaseURL}}/../WEB-INF/web.xml;x="
- "{{BaseURL}}/WEB-INF/web.xml"
- "{{BaseURL}}/.//WEB-INF/web.xml"
- "{{BaseURL}}/../WEB-INF/web.xml"
- "{{BaseURL}}/%c0%ae/WEB-INF/web.xml"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<servlet-name>"
- "</web-app>"
condition: and
- type: status
status:
- 200