From 3bc2e26e408e7bf3e3787488515272e4850a8544 Mon Sep 17 00:00:00 2001
From: MostInterestingBotInTheWorld
<98333686+MostInterestingBotInTheWorld@users.noreply.github.com>
Date: Fri, 16 Sep 2022 15:50:10 -0400
Subject: [PATCH] Dashboard Content Enhancements (#5372)
Dashboard Content Enhancements
---
cves/2008/CVE-2008-1059.yaml | 8 +-
cves/2008/CVE-2008-1061.yaml | 6 +-
cves/2014/CVE-2014-8676.yaml | 16 ++--
cves/2018/CVE-2018-16139.yaml | 85 +++++++++---------
cves/2020/CVE-2020-13258.yaml | 16 ++--
cves/2020/CVE-2020-13483.yaml | 15 ++--
cves/2021/CVE-2021-24276.yaml | 16 ++--
cves/2021/CVE-2021-24746.yaml | 14 +--
cves/2021/CVE-2021-46069.yaml | 2 +-
cves/2021/CVE-2021-46073.yaml | 2 +-
cves/2022/CVE-2022-0776.yaml | 12 ++-
cves/2022/CVE-2022-0928.yaml | 14 +--
cves/2022/CVE-2022-0954.yaml | 14 +--
cves/2022/CVE-2022-0963.yaml | 16 ++--
cves/2022/CVE-2022-1221.yaml | 15 ++--
cves/2022/CVE-2022-1439.yaml | 16 ++--
cves/2022/CVE-2022-1597.yaml | 18 ++--
cves/2022/CVE-2022-1724.yaml | 14 +--
cves/2022/CVE-2022-1904.yaml | 16 ++--
cves/2022/CVE-2022-1906.yaml | 15 ++--
cves/2022/CVE-2022-1937.yaml | 14 +--
cves/2022/CVE-2022-1946.yaml | 16 ++--
cves/2022/CVE-2022-2187.yaml | 16 ++--
cves/2022/CVE-2022-2290.yaml | 16 ++--
cves/2022/CVE-2022-2383.yaml | 15 ++--
cves/2022/CVE-2022-24181.yaml | 14 +--
cves/2022/CVE-2022-24681.yaml | 16 ++--
cves/2022/CVE-2022-24899.yaml | 15 ++--
cves/2022/CVE-2022-28363.yaml | 14 +--
cves/2022/CVE-2022-29004.yaml | 16 ++--
cves/2022/CVE-2022-29005.yaml | 14 +--
cves/2022/CVE-2022-29349.yaml | 14 +--
cves/2022/CVE-2022-29455.yaml | 16 ++--
cves/2022/CVE-2022-29548.yaml | 17 ++--
cves/2022/CVE-2022-30073.yaml | 16 ++--
cves/2022/CVE-2022-30489.yaml | 16 ++--
cves/2022/CVE-2022-30776.yaml | 16 ++--
cves/2022/CVE-2022-30777.yaml | 16 ++--
cves/2022/CVE-2022-31373.yaml | 12 +--
cves/2022/CVE-2022-31474.yaml | 13 ++-
cves/2022/CVE-2022-32195.yaml | 16 ++--
cves/2022/CVE-2022-32770.yaml | 14 +--
cves/2022/CVE-2022-32771.yaml | 14 +--
cves/2022/CVE-2022-32772.yaml | 14 +--
cves/2022/CVE-2022-33119.yaml | 8 +-
cves/2022/CVE-2022-34048.yaml | 16 ++--
cves/2022/CVE-2022-34328.yaml | 14 +--
cves/2022/CVE-2022-35151.yaml | 14 +--
cves/2022/CVE-2022-35413.yaml | 2 +
cves/2022/CVE-2022-35416.yaml | 14 +--
cves/2022/CVE-2022-35493.yaml | 14 +--
cves/2022/CVE-2022-37153.yaml | 14 +--
cves/2022/CVE-2022-38463.yaml | 12 +--
.../apache/tomcat-examples-login.yaml | 10 ++-
file/xss/dom-xss.yaml | 11 ++-
headless/window-name-domxss.yaml | 9 +-
.../aem/aem-setpreferences-xss.yaml | 11 ++-
.../aem/aem-xss-childlist-selector.yaml | 13 ++-
misconfiguration/akamai-arl-xss.yaml | 9 +-
.../apache/apache-tomcat-snoop.yaml | 12 ++-
misconfiguration/openbmcs/openbmcs-ssrf.yaml | 14 +--
misconfiguration/wildcard-postmessage.yaml | 13 ++-
misconfiguration/xss-deprecated-header.yaml | 12 ++-
vulnerabilities/concrete/concrete-xss.yaml | 12 ++-
.../dedecms/dedecms-config-xss.yaml | 12 ++-
vulnerabilities/generic/generic-j2ee-lfi.yaml | 88 +++++++++----------
66 files changed, 604 insertions(+), 420 deletions(-)
diff --git a/cves/2008/CVE-2008-1059.yaml b/cves/2008/CVE-2008-1059.yaml
index 5d90733c1f..39582ac8c8 100644
--- a/cves/2008/CVE-2008-1059.yaml
+++ b/cves/2008/CVE-2008-1059.yaml
@@ -12,10 +12,10 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2008-1059
- https://web.archive.org/web/20090615225856/http://secunia.com/advisories/29099/
classification:
- cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- cvss-score: 7.5
- cve-id: CVE-2008-1061
- cwe-id: CWE-22
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
+ cve-id: CVE-2008-1059
tags: lfi,cve,cve2008,wordpress,wp-plugin,wp,sniplets,edb,wpscan
requests:
diff --git a/cves/2008/CVE-2008-1061.yaml b/cves/2008/CVE-2008-1061.yaml
index 3e17bab6ba..78e8431fb1 100644
--- a/cves/2008/CVE-2008-1061.yaml
+++ b/cves/2008/CVE-2008-1061.yaml
@@ -3,15 +3,17 @@ id: CVE-2008-1061
info:
name: WordPress Sniplets <=1.2.2 - Cross-Site Scripting
author: dhiyaneshDK
- severity: medium
+ severity: high
description: |
WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php.
reference:
- https://www.exploit-db.com/exploits/5194
- https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881
- https://nvd.nist.gov/vuln/detail/CVE-2008-1061
- - http://secunia.com/advisories/29099
classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
cve-id: CVE-2008-1061
tags: xss,wp-plugin,wp,edb,wpscan,cve,cve2008,wordpress,sniplets
diff --git a/cves/2014/CVE-2014-8676.yaml b/cves/2014/CVE-2014-8676.yaml
index 67fadfeeb3..a12132bcd0 100644
--- a/cves/2014/CVE-2014-8676.yaml
+++ b/cves/2014/CVE-2014-8676.yaml
@@ -1,21 +1,21 @@
id: CVE-2014-8676
info:
- name: Simple Online Planning Tool 1.3.2 - Directory Traversal
+ name: Simple Online Planning Tool <1.3.2 - Local File Inclusion
author: 0x_Akoko
- severity: medium
+ severity: high
description: |
- Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.
+ SOPlanning <1.32 contain a directory traversal in the file_get_contents function via a .. (dot dot) in the fichier parameter.
reference:
- https://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html
- - https://nvd.nist.gov/vuln/detail/CVE-2014-8676
- https://www.exploit-db.com/exploits/37604/
- http://seclists.org/fulldisclosure/2015/Jul/44
+ - https://nvd.nist.gov/vuln/detail/CVE-2014-8676
classification:
- cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- cvss-score: 5.3
- cve-id: CVE-2014-8676
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.5
cwe-id: CWE-22
+ cve-id: CVE-2014-8676
tags: packetstorm,edb,seclists,cve,cve2014,soplanning,lfi
requests:
@@ -32,3 +32,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs on 2022/09/09
diff --git a/cves/2018/CVE-2018-16139.yaml b/cves/2018/CVE-2018-16139.yaml
index 99b9302756..e92b960164 100644
--- a/cves/2018/CVE-2018-16139.yaml
+++ b/cves/2018/CVE-2018-16139.yaml
@@ -1,42 +1,43 @@
-id: CVE-2018-16139
-
-info:
- name: BIBLIOsoft BIBLIOpac 2008 - Cross Site Scripting
- author: atomiczsec
- severity: medium
- description: |
- Cross-site scripting (XSS) vulnerability in BIBLIOsoft BIBLIOpac 2008 allows remote attackers to inject arbitrary web script or HTML via the db or action parameter to to bin/wxis.exe/bibliopac/.
- reference:
- - https://www.0x90.zone/web/xss/2019/02/01/XSS-Bibliosoft.html
- - https://nvd.nist.gov/vuln/detail/CVE-2018-16139
- - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16139
- classification:
- cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2018-16139
- cwe-id: CWE-79
- metadata:
- verified: true
- shodan-query: title:"Bibliopac"
- tags: cve,cve2018,xss,bibliopac,bibliosoft
-
-requests:
- - method: GET
- path:
- - '{{BaseURL}}/bibliopac/bin/wxis.exe/bibliopac/?IsisScript=bibliopac/bin/bibliopac.xic&db=">'
-
- matchers-condition: and
- matchers:
- - type: word
- part: body
- words:
- - '">.xrf'
-
- - type: word
- part: header
- words:
- - "text/html"
-
- - type: status
- status:
- - 200
+id: CVE-2018-16139
+
+info:
+ name: BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting
+ author: atomiczsec
+ severity: high
+ description: |
+ BIBLIOsoft BIBLIOpac 2008 contains a cross-site scripting vulnerability via the db or action parameter to bin/wxis.exe/bibliopac/, which allows a remote attacker to inject arbitrary web script or HTML.
+ reference:
+ - https://www.0x90.zone/web/xss/2019/02/01/XSS-Bibliosoft.html
+ - https://nvd.nist.gov/vuln/detail/CVE-2018-16139
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
+ cve-id: CVE-2018-16139
+ metadata:
+ verified: true
+ shodan-query: title:"Bibliopac"
+ tags: cve,cve2018,xss,bibliopac,bibliosoft
+
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/bibliopac/bin/wxis.exe/bibliopac/?IsisScript=bibliopac/bin/bibliopac.xic&db=">'
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - '">.xrf'
+
+ - type: word
+ part: header
+ words:
+ - "text/html"
+
+ - type: status
+ status:
+ - 200
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2020/CVE-2020-13258.yaml b/cves/2020/CVE-2020-13258.yaml
index b6a2df338a..a93d210959 100644
--- a/cves/2020/CVE-2020-13258.yaml
+++ b/cves/2020/CVE-2020-13258.yaml
@@ -1,19 +1,19 @@
id: CVE-2020-13258
info:
- name: Contentful - Cross-Site Scripting
+ name: Contentful <=2020-05-21 - Cross-Site Scripting
author: pikpikcu
- severity: medium
+ severity: high
description: |
- Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter to the-example-app.py.
+ Contentful through 2020-05-21 for Python contains a reflected cross-site scripting vulnerability via the api parameter to the-example-app.py.
reference:
- https://github.com/contentful/the-example-app.py/issues/44
- - https://nvd.nist.gov/vuln/detail/CVE-2016-1000140
+ - https://nvd.nist.gov/vuln/detail/CVE-2020-13258
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2020-13258
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2020-13258
tags: cve,cve2020,contentful,xss
requests:
@@ -38,3 +38,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2020/CVE-2020-13483.yaml b/cves/2020/CVE-2020-13483.yaml
index 9b9c930456..123e2b5e65 100644
--- a/cves/2020/CVE-2020-13483.yaml
+++ b/cves/2020/CVE-2020-13483.yaml
@@ -1,18 +1,19 @@
id: CVE-2020-13483
info:
- name: Bitrix24 through 20.0.0 allows Cross-Site Scripting
+ name: Bitrix24 <=20.0.0 - Cross-Site Scripting
author: pikpikcu,3th1c_yuk1
- severity: medium
- description: The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.
+ severity: high
+ description: The Web Application Firewall in Bitrix24 up to and including 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.
reference:
- https://gist.github.com/mariuszpoplwski/ca6258cf00c723184ebd2228ba81f558
- https://twitter.com/brutelogic/status/1483073170827628547
+ - https://nvd.nist.gov/vuln/detail/CVE-2020-13483
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2020-13483
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2020-13483
tags: cve,cve2020,xss,bitrix
requests:
@@ -40,3 +41,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs 2022/09/14
diff --git a/cves/2021/CVE-2021-24276.yaml b/cves/2021/CVE-2021-24276.yaml
index ec7218f3a6..00b613b8f0 100644
--- a/cves/2021/CVE-2021-24276.yaml
+++ b/cves/2021/CVE-2021-24276.yaml
@@ -1,19 +1,19 @@
id: CVE-2021-24276
info:
- name: Contact Form by Supsystic < 1.7.15 - Cross-Site Scripting
+ name: WordPress Supsystic Contact Form <1.7.15 - Cross-Site Scripting
author: dhiyaneshDK
- severity: medium
- description: The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
+ severity: high
+ description: WordPress Supsystic Contact Form plugin before 1.7.15 contains a cross-site scripting vulnerability. It does not sanitize the tab parameter of its options page before outputting it in an attribute.
reference:
- https://wpscan.com/vulnerability/1301123c-5e63-432a-ab90-3221ca532d9c
- - https://nvd.nist.gov/vuln/detail/CVE-2021-24276
- http://packetstormsecurity.com/files/164308/WordPress-Contact-Form-1.7.14-Cross-Site-Scripting.html
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-24276
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2021-24276
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2021-24276
tags: wordpress,cve,cve2021,wp-plugin,wpscan,packetstorm
requests:
@@ -36,3 +36,5 @@ requests:
words:
- "text/html"
part: header
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2021/CVE-2021-24746.yaml b/cves/2021/CVE-2021-24746.yaml
index 46fe96c882..dfda7fc7b5 100644
--- a/cves/2021/CVE-2021-24746.yaml
+++ b/cves/2021/CVE-2021-24746.yaml
@@ -1,18 +1,18 @@
id: CVE-2021-24746
info:
- name: WordPress Sassy Social Share Plugin - Cross-Site Scripting
+ name: WordPress Sassy Social Share Plugin <3.3.40 - Cross-Site Scripting
author: Supras
- severity: medium
- description: WP plugin Sassy Social Share < 3.3.40 - Reflected Cross-Site Scripting
+ severity: high
+ description: WordPress plugin Sassy Social Share < 3.3.40 contains a reflected cross-site scripting vulnerability.
reference:
- https://wpscan.com/vulnerability/99f4fb32-e312-4059-adaf-f4cbaa92d4fa
- https://nvd.nist.gov/vuln/detail/CVE-2021-24746
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2021-24746
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2021-24746
metadata:
google-query: inurl:"/wp-content/plugins/sassy-social-share"
tags: cve,cve2021,wordpress,wp-plugin,xss,wp,wpscan
@@ -49,3 +49,5 @@ requests:
group: 1
regex:
- '"slug":"([_a-z-A-Z0-9]+)",'
+
+# Enhanced by cs 2022/09/14
diff --git a/cves/2021/CVE-2021-46069.yaml b/cves/2021/CVE-2021-46069.yaml
index bd4e388996..b5ef7e870d 100644
--- a/cves/2021/CVE-2021-46069.yaml
+++ b/cves/2021/CVE-2021-46069.yaml
@@ -53,4 +53,4 @@ requests:
- 'contains(body_3, "| \"> | ")'
condition: and
-# Enhanced by mp 09/09/2022
+# Enhanced by mp 2022/09/09
diff --git a/cves/2021/CVE-2021-46073.yaml b/cves/2021/CVE-2021-46073.yaml
index 746a1bd440..e045b7aa12 100644
--- a/cves/2021/CVE-2021-46073.yaml
+++ b/cves/2021/CVE-2021-46073.yaml
@@ -53,4 +53,4 @@ requests:
- 'contains(body_3, " Test")'
condition: and
-# Enhanced by mp 09/09/2022
+# Enhanced by mp 2022/09/09
diff --git a/cves/2022/CVE-2022-0776.yaml b/cves/2022/CVE-2022-0776.yaml
index ccb342d206..39746c0077 100644
--- a/cves/2022/CVE-2022-0776.yaml
+++ b/cves/2022/CVE-2022-0776.yaml
@@ -1,15 +1,19 @@
id: CVE-2022-0776
info:
- name: RevealJS postMessage Cross-Site Scripting
+ name: RevealJS postMessage <4.3.0 - Cross-Site Scripting
author: LogicalHunter
- severity: medium
- description: Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0.
+ severity: high
+ description: RevealJS postMessage before 4.3.0 contains a cross-site scripting vulnerability via the document object model.
reference:
- https://hackerone.com/reports/691977
- https://github.com/hakimel/reveal.js/pull/3137
- https://huntr.dev/bounties/be2b7ee4-f487-42e1-874a-6bcc410e4001/
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-0776
classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
cve-id: CVE-2022-0776
tags: hackerone,huntr,cve,cve2022,headless,postmessage,revealjs
@@ -32,3 +36,5 @@ headless:
part: extract
words:
- "true"
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-0928.yaml b/cves/2022/CVE-2022-0928.yaml
index 2b0f7b1181..a399b831ba 100644
--- a/cves/2022/CVE-2022-0928.yaml
+++ b/cves/2022/CVE-2022-0928.yaml
@@ -1,20 +1,20 @@
id: CVE-2022-0928
info:
- name: Microweber - Cross-Site Scripting
+ name: Microweber <1.2.12 - Stored Cross-Site Scripting
author: amit-jd
- severity: medium
+ severity: high
description: |
- Cross-site Scripting (XSS) discovered in microweber prior to 1.2.12. Type parameter in the body of POST request triggered by add/edit tax in microweb are vulnerable to stored XSS.
+ Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability via the Type parameter in the body of POST request, which is triggered by Add/Edit Tax.
reference:
- https://huntr.dev/bounties/085aafdd-ba50-44c7-9650-fa573da29bcd
- https://github.com/microweber/microweber/commit/fc9137c031f7edec5f50d73b300919fb519c924a
- https://nvd.nist.gov/vuln/detail/CVE-2022-0928
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 5.4
- cve-id: CVE-2022-0928
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-0928
metadata:
verified: "true"
tags: authenticated,huntr,cve,cve2022,xss,microweber,cms
@@ -53,3 +53,5 @@ requests:
- 'contains(all_headers_3,"text/html")'
- 'status_code==200'
condition: and
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-0954.yaml b/cves/2022/CVE-2022-0954.yaml
index 22fe60f897..07d467cea3 100644
--- a/cves/2022/CVE-2022-0954.yaml
+++ b/cves/2022/CVE-2022-0954.yaml
@@ -1,21 +1,21 @@
id: CVE-2022-0954
info:
- name: Microweber - Cross-Site Scripting
+ name: Microweber <1.2.11 - Stored Cross-Site Scripting
author: amit-jd
- severity: medium
+ severity: high
description: |
- Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.
+ Microweber before 1.2.1 contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Autorespond E-mail Settings, and Payment Methods.
reference:
- https://github.com/advisories/GHSA-8c76-mxv5-w4g8
- https://huntr.dev/bounties/b99517c0-37fc-4efa-ab1a-3591da7f4d26/
- https://github.com/microweber/microweber/commit/955471c27e671c49e4b012e3b120b004082ac3f7
- https://nvd.nist.gov/vuln/detail/CVE-2022-0954
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 5.4
- cve-id: CVE-2022-0954
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-0954
metadata:
verified: "true"
tags: cve,cve2022,xss,microweber,huntr
@@ -55,3 +55,5 @@ requests:
- 'contains(all_headers_3,"text/html")'
- 'status_code_3==200'
condition: and
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-0963.yaml b/cves/2022/CVE-2022-0963.yaml
index 3397249689..9dd70b5120 100644
--- a/cves/2022/CVE-2022-0963.yaml
+++ b/cves/2022/CVE-2022-0963.yaml
@@ -1,21 +1,21 @@
id: CVE-2022-0963
info:
- name: Microweber > 1.2.12 - Cross-Site Scripting
+ name: Microweber <1.2.12 - Stored Cross-Site Scripting
author: amit-jd
- severity: medium
+ severity: high
description: |
- Microweber prior to 1.2.12 allows unrestricted upload of XML files, which malicious actors can exploit to cause a stored cross-site scripting attack.
+ Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,.
reference:
- https://huntr.dev/bounties/a89a4198-0880-4aa2-8439-a463f39f244c/
- https://github.com/advisories/GHSA-q3x2-jvp3-wj78
- - https://nvd.nist.gov/vuln/detail/CVE-2022-0963
- https://huntr.dev/bounties/a89a4198-0880-4aa2-8439-a463f39f244c
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-0963
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 5.4
- cve-id: CVE-2022-0963
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-0963
metadata:
verified: "true"
tags: xss,microweber,cms,authenticated,huntr,cve,cve2022,intrusive
@@ -67,3 +67,5 @@ requests:
- 'status_code_3==200'
- 'contains(body_2,"bytes_uploaded")'
condition: and
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-1221.yaml b/cves/2022/CVE-2022-1221.yaml
index 557595f1fe..ac9ac0a87e 100644
--- a/cves/2022/CVE-2022-1221.yaml
+++ b/cves/2022/CVE-2022-1221.yaml
@@ -1,19 +1,20 @@
id: CVE-2022-1221
info:
- name: Gwyn's Imagemap Selector <= 0.3.3 - Cross-Site Scripting
+ name: WordPress Gwyn's Imagemap Selector <=0.3.3 - Cross-Site Scripting
author: veshraj
- severity: medium
+ severity: high
description: |
- The Gwyn's Imagemap Selector Wordpresss plugin does not sanitize the id and class parameters before returning them back in attributes, leading to a Reflected Cross-Site Scripting.
+ Wordpress Gwyn's Imagemap Selector plugin 0.3.3 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize the id and class parameters before returning them back in attributes.
reference:
- https://wpscan.com/vulnerability/641be9f6-2f74-4386-b16e-4b9488f0d2a9
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1221
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-1221
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-1221
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-1221
metadata:
verified: "true"
tags: cve2022,wpscan,xss,wordpress,wp-plugin,wp,cve
@@ -40,3 +41,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2022/09/12
diff --git a/cves/2022/CVE-2022-1439.yaml b/cves/2022/CVE-2022-1439.yaml
index 3649501687..cd6117205a 100644
--- a/cves/2022/CVE-2022-1439.yaml
+++ b/cves/2022/CVE-2022-1439.yaml
@@ -1,20 +1,20 @@
id: CVE-2022-1439
info:
- name: Microweber Cross-Site Scripting
+ name: Microweber <1.2.15 - Cross-Site Scripting
author: pikpikcu
- severity: medium
- description: Reflected XSS in microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction.
+ severity: high
+ description: Microweber prior to 1.2.15 contains a reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2022-1439
- https://huntr.dev/bounties/86f6a762-0f3d-443d-a676-20f8496907e0/
- https://huntr.dev/bounties/86f6a762-0f3d-443d-a676-20f8496907e0
- https://github.com/microweber/microweber/commit/ad3928f67b2cd4443f4323d858b666d35a919ba8
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-1439
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-1439
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-1439
metadata:
shodan-query: http.favicon.hash:780351152
tags: cve,cve2022,microweber,xss,huntr
@@ -36,3 +36,5 @@ requests:
- "')
condition: and
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-1946.yaml b/cves/2022/CVE-2022-1946.yaml
index ea30e250d9..a5064a616f 100644
--- a/cves/2022/CVE-2022-1946.yaml
+++ b/cves/2022/CVE-2022-1946.yaml
@@ -1,19 +1,19 @@
id: CVE-2022-1946
info:
- name: Gallery < 2.0.0 - Cross-Site Scripting
+ name: WordPress Gallery <2.0.0 - Cross-Site Scripting
author: Akincibor
- severity: medium
- description: The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue.
+ severity: high
+ description: WordPress Gallery plugin before 2.0.0 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the response of an AJAX action, available to both unauthenticated and authenticated users.
reference:
- https://wpscan.com/vulnerability/0903920c-be2e-4515-901f-87253eb30940
- https://wordpress.org/plugins/gallery-album
- - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1946
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-1946
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-1946
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-1946
metadata:
google-query: inurl:"/wp-content/plugins/gallery-album/"
verified: "true"
@@ -39,3 +39,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-2187.yaml b/cves/2022/CVE-2022-2187.yaml
index e5a0b61f6a..926502ee65 100644
--- a/cves/2022/CVE-2022-2187.yaml
+++ b/cves/2022/CVE-2022-2187.yaml
@@ -1,20 +1,20 @@
id: CVE-2022-2187
info:
- name: Contact Form 7 Captcha < 0.1.2 - Cross-Site Scripting
+ name: WordPress Contact Form 7 Captcha <0.1.2 - Cross-Site Scripting
author: For3stCo1d
- severity: medium
+ severity: high
description: |
- The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
+ WordPress Contact Form 7 Captcha plugin before 0.1.2 contains a reflected cross-site scripting vulnerability. It does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute.
reference:
- https://wpscan.com/vulnerability/4fd2f1ef-39c6-4425-8b4d-1a332dabac8d
- https://wordpress.org/plugins/contact-form-7-simple-recaptcha
- - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2187
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-2187
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-2187
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-2187
tags: wpscan,cve,cve2022,wordpress,xss,wp-plugin,wp
requests:
@@ -39,3 +39,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-2290.yaml b/cves/2022/CVE-2022-2290.yaml
index 48553b4892..19246c0566 100644
--- a/cves/2022/CVE-2022-2290.yaml
+++ b/cves/2022/CVE-2022-2290.yaml
@@ -1,20 +1,20 @@
id: CVE-2022-2290
info:
- name: Trilium - Cross-Site Scripting
+ name: Trilium <0.52.4 - Cross-Site Scripting
author: dbrwsky
- severity: medium
- description: Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/trilium prior to 0.52.4, 0.53.1-beta.
+ severity: high
+ description: Trilium prior to 0.52.4, 0.53.1-beta contains a cross-site scripting vulnerability which can allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
reference:
- https://huntr.dev/bounties/367c5c8d-ad6f-46be-8503-06648ecf09cf/
- https://github.com/zadam/trilium
- - https://nvd.nist.gov/vuln/detail/CVE-2022-2290
- https://github.com/zadam/trilium/commit/3faae63b849a1fabc31b823bb7af3a84d32256a7
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-2290
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-2290
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-2290
metadata:
shodan-query: title:"Trilium Notes"
verified: "true"
@@ -46,3 +46,5 @@ requests:
- type: status
status:
- 404
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-2383.yaml b/cves/2022/CVE-2022-2383.yaml
index 997326cf9a..ea8c9f96f6 100644
--- a/cves/2022/CVE-2022-2383.yaml
+++ b/cves/2022/CVE-2022-2383.yaml
@@ -1,21 +1,20 @@
id: CVE-2022-2383
info:
- name: Feed Them Social < 3.0.1 - Cross-Site Scripting
+ name: WordPress Feed Them Social <3.0.1 - Cross-Site Scripting
author: akincibor
- severity: medium
+ severity: high
description: |
- The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
+ WordPress Feed Them Social plugin before 3.0.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the page.
reference:
- https://wpscan.com/vulnerability/4a3b3023-e740-411c-a77c-6477b80d7531
- https://wordpress.org/plugins/feed-them-social/
- - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2383
- https://nvd.nist.gov/vuln/detail/CVE-2022-2383
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-2383
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-2383
metadata:
verified: "true"
tags: wp,wordpress,wp-plugin,wpscan,cve,cve2022,xss
@@ -40,3 +39,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-24181.yaml b/cves/2022/CVE-2022-24181.yaml
index 74e3fe66ac..3ed2637886 100644
--- a/cves/2022/CVE-2022-24181.yaml
+++ b/cves/2022/CVE-2022-24181.yaml
@@ -1,20 +1,20 @@
id: CVE-2022-24181
info:
- name: PKP Open Journals System 3.3 - Cross-Site Scripting
+ name: PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting
author: lucasljm2001,ekrause
- severity: medium
+ severity: high
description: |
- Detects an XSS vulnerability in Open Journals System.
+ PKP Open Journal Systems 2.4.8 to 3.3 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary code via the X-Forwarded-Host Header.
reference:
- https://www.exploit-db.com/exploits/50881
- https://github.com/pkp/pkp-lib/issues/7649
- https://youtu.be/v8-9evO2oVg
- - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-24181
- https://nvd.nist.gov/vuln/detail/cve-2022-24181
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
cve-id: CVE-2022-24181
metadata:
verified: true
@@ -42,3 +42,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-24681.yaml b/cves/2022/CVE-2022-24681.yaml
index 23ac75d013..e8ab85ce9d 100644
--- a/cves/2022/CVE-2022-24681.yaml
+++ b/cves/2022/CVE-2022-24681.yaml
@@ -1,21 +1,21 @@
id: CVE-2022-24681
info:
- name: ManageEngine ADSelfService - Stored Cross-Site Scripting
+ name: ManageEngine ADSelfService Plus <6121 - Stored Cross-Site Scripting
author: Open-Sec
- severity: medium
+ severity: high
description: |
- Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.
+ ManageEngine ADSelfService Plus before 6121 contains a stored cross-site scripting vulnerability via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screens.
reference:
- https://raxis.com/blog/cve-2022-24681
- - https://nvd.nist.gov/vuln/detail/CVE-2022-24681
- https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-24681.html
- https://manageengine.com
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-24681
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-24681
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-24681
tags: cve,cve2022,manageengine,xss,authenticated
requests:
@@ -47,3 +47,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-24899.yaml b/cves/2022/CVE-2022-24899.yaml
index d3065ed150..a00150bfcc 100644
--- a/cves/2022/CVE-2022-24899.yaml
+++ b/cves/2022/CVE-2022-24899.yaml
@@ -1,20 +1,21 @@
id: CVE-2022-24899
info:
- name: Contao 4.13.2 - Cross-Site Scripting
+ name: Contao <4.13.3 - Cross-Site Scripting
author: ritikchaddha
- severity: medium
+ severity: high
description: |
- Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings.
+ Contao prior to 4.13.3 contains a cross-site scripting vulnerability. It is possible to inject arbitrary JavaScript code into the canonical tag.
reference:
- https://huntr.dev/bounties/df46e285-1b7f-403c-8f6c-8819e42deb80/
- https://github.com/contao/contao/security/advisories/GHSA-m8x6-6r63-qvj2
- https://nvd.nist.gov/vuln/detail/CVE-2022-24899
+ remediation: As a workaround, users may disable canonical tags in the root page settings.
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-24899
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-24899
metadata:
shodan-query: title:"Contao"
tags: cve,cve2022,contao,xss,huntr
@@ -37,3 +38,5 @@ requests:
part: header
words:
- text/html
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-28363.yaml b/cves/2022/CVE-2022-28363.yaml
index fc2e62196f..c2fb11084d 100644
--- a/cves/2022/CVE-2022-28363.yaml
+++ b/cves/2022/CVE-2022-28363.yaml
@@ -3,19 +3,19 @@ id: CVE-2022-28363
info:
name: Reprise License Manager 14.2 - Cross-Site Scripting
author: Akincibor
- severity: medium
+ severity: high
description: |
- Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process "username" parameter via GET. No authentication is required.
+ Reprise License Manager 14.2 contains a reflected cross-site scripting vulnerability in the /goform/login_process 'username' parameter via GET, whereby no authentication is required.
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2022-28363
- https://www.reprisesoftware.com/products/software-license-management.php
- https://github.com/advisories/GHSA-rpvc-qgrm-r54f
- http://packetstormsecurity.com/files/166647/Reprise-License-Manager-14.2-Cross-Site-Scripting-Information-Disclosure.html
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-28363
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-28363
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-28363
tags: xss,rlm,packetstorm,cve,cve2022
requests:
@@ -40,3 +40,5 @@ requests:
part: header
words:
- "text/html"
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-29004.yaml b/cves/2022/CVE-2022-29004.yaml
index 1736ffe755..b24859de31 100644
--- a/cves/2022/CVE-2022-29004.yaml
+++ b/cves/2022/CVE-2022-29004.yaml
@@ -1,21 +1,21 @@
id: CVE-2022-29004
info:
- name: Diary Management System v1.0 - Cross-Site scripting
+ name: Diary Management System 1.0 - Cross-Site Scripting
author: TenBird
- severity: medium
+ severity: high
description: |
- Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php.
+ Diary Management System 1.0 contains a cross-site scripting vulnerability via the Name parameter in search-result.php.
reference:
- https://github.com/sudoninja-noob/CVE-2022-29004/blob/main/CVE-2022-29004.txt
- https://phpgurukul.com/e-diary-management-system-using-php-and-mysql/
- - https://nvd.nist.gov/vuln/detail/CVE-2022-29004
- http://phpgurukul.com
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-29004
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-29004
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-29004
metadata:
verified: "true"
tags: cve,cve2022,xss,authenticated,edms
@@ -51,3 +51,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-29005.yaml b/cves/2022/CVE-2022-29005.yaml
index d173c2ecf7..98834541a5 100644
--- a/cves/2022/CVE-2022-29005.yaml
+++ b/cves/2022/CVE-2022-29005.yaml
@@ -1,19 +1,19 @@
id: CVE-2022-29005
info:
- name: Online Birth Certificate System V1.2 - Stored Cross-Site scripting
+ name: Online Birth Certificate System 1.2 - Stored Cross-Site Scripting
author: TenBird
- severity: medium
+ severity: high
description: |
- Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters.
+ Online Birth Certificate System 1.2 contains multiple stored cross-site scripting vulnerabilities in the component /obcs/user/profile.php, which allows an attacker to execute arbitrary web script or HTML via a crafted payload injected into the fname or lname parameters.
reference:
- https://github.com/sudoninja-noob/CVE-2022-29005/blob/main/CVE-2022-29005.txt
- https://phpgurukul.com/online-birth-certificate-system-using-php-and-mysql/
- https://nvd.nist.gov/vuln/detail/CVE-2022-29005
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-29005
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-29005
metadata:
verified: "true"
tags: cve,cve2022,xss,obcs,authenticated
@@ -48,3 +48,5 @@ requests:
- 'status_code_3 == 200'
- contains(body_3, 'admin-name\">nuclei')
condition: and
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-29349.yaml b/cves/2022/CVE-2022-29349.yaml
index 0afba26701..b360f9f51b 100644
--- a/cves/2022/CVE-2022-29349.yaml
+++ b/cves/2022/CVE-2022-29349.yaml
@@ -1,19 +1,19 @@
id: CVE-2022-29349
info:
- name: kkFileView v4.0.0 - Cross-Site Scripting
+ name: kkFileView 4.0.0 - Cross-Site Scripting
author: arafatansari
- severity: medium
+ severity: high
description: |
- kkFileView v4.0.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.
+ kkFileView 4.0.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.
reference:
- https://github.com/kekingcn/kkFileView/issues/347
- https://nvd.nist.gov/vuln/detail/CVE-2022-29349
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-29349
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-29349
metadata:
shodan-query: http.html:"kkFileView"
verified: "true"
@@ -38,3 +38,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-29455.yaml b/cves/2022/CVE-2022-29455.yaml
index 5352bde094..0881b96565 100644
--- a/cves/2022/CVE-2022-29455.yaml
+++ b/cves/2022/CVE-2022-29455.yaml
@@ -1,21 +1,21 @@
id: CVE-2022-29455
info:
- name: Wordpress Elementor <= 3.5.5 - DOM-based Cross-Site Scripting
+ name: WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting
author: rotembar,daffainfo
- severity: medium
+ severity: high
description: |
- DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions.
+ WordPress Elementor Website Builder plugin 3.5.5 and prior contains a reflected cross-site scripting vulnerability via the document object model.
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2022-29455
- https://rotem-bar.com/hacking-65-million-websites-greater-cve-2022-29455-elementor
- https://www.rotem-bar.com/elementor
- https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-5-5-unauthenticated-dom-based-reflected-cross-site-scripting-xss-vulnerability
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-29455
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-29455
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-29455
metadata:
verified: "true"
tags: cve,cve2022,xss,wordpress,elementor
@@ -52,3 +52,5 @@ requests:
group: 1
regex:
- "(?m)Stable tag: ([0-9.]+)"
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-29548.yaml b/cves/2022/CVE-2022-29548.yaml
index d77f5b79ce..7e48dc0f28 100644
--- a/cves/2022/CVE-2022-29548.yaml
+++ b/cves/2022/CVE-2022-29548.yaml
@@ -1,20 +1,19 @@
id: CVE-2022-29548
info:
- name: WSO2 Management Console - Cross-Site Scripting
+ name: WSO2 - Cross-Site Scripting
author: edoardottt
- severity: medium
+ severity: high
description: |
- A reflected XSS issue exists in the Management Console of several WSO2 products.
+ WSO2 contains a reflected cross-site scripting vulnerability in the Management Console of API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0.
reference:
- - https://nvd.nist.gov/vuln/detail/CVE-2022-29548
- - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29548
- https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1603
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-29548
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-29548
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-29548
metadata:
google-query: inurl:"carbon/admin/login"
verified: "true"
@@ -40,3 +39,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-30073.yaml b/cves/2022/CVE-2022-30073.yaml
index 9b6d4abc54..39ee727e8f 100644
--- a/cves/2022/CVE-2022-30073.yaml
+++ b/cves/2022/CVE-2022-30073.yaml
@@ -1,20 +1,20 @@
id: CVE-2022-30073
info:
- name: WBCE CMS v1.5.2 XSS Stored
+ name: WBCE CMS 1.5.2 - Cross-Site Scripting
author: arafatansari
- severity: medium
+ severity: high
description: |
- WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\user\save.php Display Name parameters.
+ WBCE CMS 1.5.2 contains a stored cross-site scripting vulnerability via \admin\user\save.php Display Name parameters.
reference:
- https://github.com/APTX-4879/CVE
- - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30073
- https://github.com/APTX-4879/CVE/blob/main/CVE-2022-30073.pdf
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-30073
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 5.4
- cve-id: CVE-2022-30073
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-30073
metadata:
verified: "true"
tags: cve,cve2022,wbcecms,xss
@@ -70,3 +70,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-30489.yaml b/cves/2022/CVE-2022-30489.yaml
index 4c5426d828..fa1d455749 100644
--- a/cves/2022/CVE-2022-30489.yaml
+++ b/cves/2022/CVE-2022-30489.yaml
@@ -1,20 +1,20 @@
id: CVE-2022-30489
info:
- name: Wavlink Wn535g3 - POST Cross-Site Scripting
+ name: Wavlink WN-535G3 - Cross-Site Scripting
author: For3stCo1d
- severity: medium
+ severity: high
description: |
- WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.
+ Wavlink WN-535G3 contains a POST cross-site scripting vulnerability via the hostname parameter at /cgi-bin/login.cgi.
reference:
- https://github.com/badboycxcc/XSS-CVE-2022-30489
- - https://nvd.nist.gov/vuln/detail/CVE-2022-30489
- https://github.com/badboycxcc/XSS
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-30489
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-30489
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-30489
metadata:
shodan-query: http.title:"Wi-Fi APP Login"
verified: "true"
@@ -45,3 +45,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-30776.yaml b/cves/2022/CVE-2022-30776.yaml
index 10403b474a..6d2ae30c3f 100644
--- a/cves/2022/CVE-2022-30776.yaml
+++ b/cves/2022/CVE-2022-30776.yaml
@@ -1,21 +1,21 @@
id: CVE-2022-30776
info:
- name: Atmail - Cross-Site Scripting
+ name: Atmail 6.5.0 - Cross-Site Scripting
author: 3th1c_yuk1
- severity: medium
+ severity: high
description: |
- atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter.
+ Atmail 6.5.0 contains a cross-site scripting vulnerability via the index.php/admin/index/ 'error' parameter.
reference:
- https://medium.com/@bhattronit96/cve-2022-30776-cd34f977c2b9
- https://www.atmail.com/
- - https://nvd.nist.gov/vuln/detail/CVE-2022-30776
- https://help.atmail.com/hc/en-us/sections/115003283988
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-30776
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-30776
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-30776
metadata:
shodan-query: http.html:"atmail"
verified: "true"
@@ -41,3 +41,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-30777.yaml b/cves/2022/CVE-2022-30777.yaml
index f1a225dbee..9fcb20d976 100644
--- a/cves/2022/CVE-2022-30777.yaml
+++ b/cves/2022/CVE-2022-30777.yaml
@@ -1,20 +1,20 @@
id: CVE-2022-30777
info:
- name: Parallels H-Sphere - Cross-Site Scripting
+ name: Parallels H-Sphere 3.6.1713 - Cross-Site Scripting
author: 3th1c_yuk1
- severity: medium
+ severity: high
description: |
- Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter.
+ Parallels H-Sphere 3.6.1713 contains a cross-site scripting vulnerability via the index_en.php 'from' parameter.
reference:
- https://medium.com/@bhattronit96/cve-2022-30777-45725763ab59
- - https://nvd.nist.gov/vuln/detail/CVE-2022-30777
- https://en.wikipedia.org/wiki/H-Sphere
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-30777
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-30777
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-30777
metadata:
shodan-query: title:"h-sphere"
verified: "true"
@@ -42,3 +42,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-31373.yaml b/cves/2022/CVE-2022-31373.yaml
index b2ad77837e..8159c48c60 100644
--- a/cves/2022/CVE-2022-31373.yaml
+++ b/cves/2022/CVE-2022-31373.yaml
@@ -3,17 +3,17 @@ id: CVE-2022-31373
info:
name: SolarView Compact 6.00 - Cross-Site Scripting
author: ritikchaddha
- severity: medium
+ severity: high
description: |
- SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php.
+ SolarView Compact 6.00 contains a cross-site scripting vulnerability via the Solar_AiConf.php component.
reference:
- https://github.com/badboycxcc/SolarView_Compact_6.0_xss
- https://nvd.nist.gov/vuln/detail/CVE-2022-31373
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-31373
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-31373
metadata:
shodan-query: http.html:"SolarView Compact"
verified: "true"
@@ -39,3 +39,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-31474.yaml b/cves/2022/CVE-2022-31474.yaml
index d86bf19216..5c476e0f02 100644
--- a/cves/2022/CVE-2022-31474.yaml
+++ b/cves/2022/CVE-2022-31474.yaml
@@ -1,16 +1,21 @@
id: CVE-2022-31474
info:
- name: BackupBuddy Arbitrary File Read
+ name: BackupBuddy - Local File Inclusion
author: aringo
severity: high
- description: BackupBuddy versions 8.5.8.0 through 8.7.4.1 are vulnerable to arbitrary file read
+ description: BackupBuddy versions 8.5.8.0 - 8.7.4.1 are vulnerable to a local file inclusion vulnerability via the 'download' and 'local-destination-id' parameters.
reference:
- https://www.wordfence.com/blog/2022/09/psa-nearly-5-million-attacks-blocked-targeting-0-day-in-backupbuddy-plugin/
- https://ithemes.com/blog/wordpress-vulnerability-report-special-edition-september-6-2022-backupbuddy
- https://ithemes.com/backupbuddy/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31474
- remediation: Developers should immediately upgrade to at least version 8.7.5 or higher
+ remediation: Upgrade to at least version 8.7.5 or higher
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.5
+ cwe-id: CWE-22
+ cve-id: CVE-2022-31474
tags: cve,cve2022,wordpress,wp-plugin,wp,lfi,backupbuddy
requests:
@@ -28,3 +33,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by cs 2022/09/14
diff --git a/cves/2022/CVE-2022-32195.yaml b/cves/2022/CVE-2022-32195.yaml
index ad8a8817c4..021ec6b9f5 100644
--- a/cves/2022/CVE-2022-32195.yaml
+++ b/cves/2022/CVE-2022-32195.yaml
@@ -1,20 +1,20 @@
id: CVE-2022-32195
info:
- name: Open edX - Cross-Site Scripting
+ name: Open edX <2022-06-06 - Cross-Site Scripting
author: arafatansari
- severity: medium
+ severity: high
description: |
- Open edX platform before 2022-06-06 allows Reflected Cross-site Scripting via the "next" parameter in the logout URL.
+ Open edX before 2022-06-06 contains a reflected cross-site scripting vulnerability via the 'next' parameter in the logout URL.
reference:
- https://discuss.openedx.org/t/security-patch-for-logout-page-xss-vulnerability/7408
- - https://nvd.nist.gov/vuln/detail/CVE-2022-32195
- https://github.com/edx
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-32195
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-32195
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-32195
metadata:
comment: Hover the cursor on the redirect link
shodan-query: http.html:"Open edX"
@@ -41,3 +41,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-32770.yaml b/cves/2022/CVE-2022-32770.yaml
index bee623eabc..527c9291d4 100644
--- a/cves/2022/CVE-2022-32770.yaml
+++ b/cves/2022/CVE-2022-32770.yaml
@@ -3,18 +3,18 @@ id: CVE-2022-32770
info:
name: WWBN AVideo 11.6 - Cross-Site Scripting
author: arafatansari
- severity: medium
+ severity: high
description: |
- A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 via "toast" parameter which is inserted into the document with insufficient sanitization.
+ WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'toast' parameter, which is inserted into the document with insufficient sanitization.
reference:
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1538
- - https://nvd.nist.gov/vuln/detail/CVE-2022-32770
- https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-32770
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-32770
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-32770
metadata:
shodan-query: http.html:"AVideo"
verified: "true"
@@ -40,3 +40,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-32771.yaml b/cves/2022/CVE-2022-32771.yaml
index fb67c95f3c..7443837281 100644
--- a/cves/2022/CVE-2022-32771.yaml
+++ b/cves/2022/CVE-2022-32771.yaml
@@ -3,18 +3,18 @@ id: CVE-2022-32771
info:
name: WWBN AVideo 11.6 - Cross-Site Scripting
author: arafatansari
- severity: medium
+ severity: high
description: |
- A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 via "success" parameter which is inserted into the document with insufficient sanitization.
+ WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'success' parameter, which is inserted into the document with insufficient sanitization.
reference:
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1538
- - https://nvd.nist.gov/vuln/detail/CVE-2022-32771
- https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-32771
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-32771
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-32771
metadata:
shodan-query: http.html:"AVideo"
verified: "true"
@@ -42,3 +42,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-32772.yaml b/cves/2022/CVE-2022-32772.yaml
index 3092cbfd6c..3fc9d5438b 100644
--- a/cves/2022/CVE-2022-32772.yaml
+++ b/cves/2022/CVE-2022-32772.yaml
@@ -3,18 +3,18 @@ id: CVE-2022-32772
info:
name: WWBN AVideo 11.6 - Cross-Site Scripting
author: arafatansari
- severity: medium
+ severity: high
description: |
- A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 via "msg" parameter which is inserted into the document with insufficient sanitization.
+ WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'msg' parameter, which is inserted into the document with insufficient sanitization.
reference:
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1538
- - https://nvd.nist.gov/vuln/detail/CVE-2022-32772
- https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-32772
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-32772
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-32772
metadata:
shodan-query: http.html:"AVideo"
verified: "true"
@@ -40,3 +40,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-33119.yaml b/cves/2022/CVE-2022-33119.yaml
index 888c56a567..b7d0a61263 100644
--- a/cves/2022/CVE-2022-33119.yaml
+++ b/cves/2022/CVE-2022-33119.yaml
@@ -1,11 +1,11 @@
id: CVE-2022-33119
info:
- name: NVRsolo v03.06.02 - Cross-Site Scripting
+ name: NUUO NVRsolo Video Recorder 03.06.02 - Cross-Site Scripting
author: arafatansari
- severity: medium
+ severity: high
description: |
- NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php.
+ NUUO NVRsolo Video Recorder 03.06.02 contains a reflected cross-site scripting vulnerability via login.php.
reference:
- https://github.com/badboycxcc/nuuo-xss/blob/main/README.md
- https://nvd.nist.gov/vuln/detail/CVE-2022-33119
@@ -36,3 +36,5 @@ requests:
- 'status_code == 200'
- contains(body,'<\"?cmd=')
condition: and
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-34048.yaml b/cves/2022/CVE-2022-34048.yaml
index 8ede023429..db10823214 100644
--- a/cves/2022/CVE-2022-34048.yaml
+++ b/cves/2022/CVE-2022-34048.yaml
@@ -1,21 +1,21 @@
id: CVE-2022-34048
info:
- name: Wavlink WN533A8 - Cross-Site Scripting
+ name: Wavlink WN-533A8 - Cross-Site Scripting
author: ritikchaddha
- severity: medium
+ severity: high
description: |
- Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page parameter.
+ Wavlink WN-533A8 M33A8.V5030.190716 contains a reflected cross-site scripting vulnerability via the login_page parameter.
reference:
- https://www.exploit-db.com/exploits/50989
- - https://nvd.nist.gov/vuln/detail/CVE-2022-34048
- https://drive.google.com/file/d/1xznFhH3w3TDN2RCdX62_ebylR4yaKmzf/view?usp=sharing
- https://drive.google.com/file/d/1NI3-k3AGIsSe2zjeigl1GVyU1VpG1SV3/view?usp=sharing
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-34048
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-34048
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-34048
metadata:
shodan-query: http.html:"Wavlink"
verified: "true"
@@ -44,3 +44,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-34328.yaml b/cves/2022/CVE-2022-34328.yaml
index 0a03575c31..f735e65e60 100644
--- a/cves/2022/CVE-2022-34328.yaml
+++ b/cves/2022/CVE-2022-34328.yaml
@@ -3,18 +3,18 @@ id: CVE-2022-34328
info:
name: PMB 7.3.10 - Cross-Site Scripting
author: edoardottt
- severity: medium
+ severity: high
description: |
- PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php.
+ PMB 7.3.10 contains a reflected cross-site scripting vulnerability via the id parameter in an lvl=author_see request to index.php.
reference:
- https://github.com/jenaye/PMB/blob/main/README.md
- - https://nvd.nist.gov/vuln/detail/CVE-2022-34328
- https://github.com/jenaye/PMB
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-34328
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-34328
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-34328
metadata:
shodan-query: http.html:"PMB Group"
verified: "true"
@@ -40,3 +40,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-35151.yaml b/cves/2022/CVE-2022-35151.yaml
index e1636ce4eb..a003f1a52c 100644
--- a/cves/2022/CVE-2022-35151.yaml
+++ b/cves/2022/CVE-2022-35151.yaml
@@ -1,19 +1,19 @@
id: CVE-2022-35151
info:
- name: kkFileView v4.1.0 - Cross-Site Scripting
+ name: kkFileView 4.1.0 - Cross-Site Scripting
author: arafatansari
- severity: medium
+ severity: high
description: |
- kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.
+ kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.
reference:
- https://github.com/kekingcn/kkFileView/issues/366
- https://nvd.nist.gov/vuln/detail/CVE-2022-35151
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-35151
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-35151
metadata:
shodan-query: http.html:"kkFileView"
verified: "true"
@@ -42,3 +42,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-35413.yaml b/cves/2022/CVE-2022-35413.yaml
index 558776031f..1fee2d4091 100644
--- a/cves/2022/CVE-2022-35413.yaml
+++ b/cves/2022/CVE-2022-35413.yaml
@@ -10,6 +10,8 @@ info:
- https://medium.com/@_sadshade/wapples-web-application-firewall-multiple-vulnerabilities-35bdee52c8fb
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35413
- https://azuremarketplace.microsoft.com/en/marketplace/apps/penta-security-systems-inc.wapples_sa_v6?tab=Overview
+ classification:
+ cve-id: CVE-2022-35413
metadata:
shodan-query: http.title:"Intelligent WAPPLES"
verified: "true"
diff --git a/cves/2022/CVE-2022-35416.yaml b/cves/2022/CVE-2022-35416.yaml
index e7524e8a37..44d3e4ae06 100644
--- a/cves/2022/CVE-2022-35416.yaml
+++ b/cves/2022/CVE-2022-35416.yaml
@@ -1,20 +1,20 @@
id: CVE-2022-35416
info:
- name: H3C SSL VPN through 2022-07-10 - Cookie Based Cross-Site Scripting
+ name: H3C SSL VPN <=2022-07-10 - Cross-Site Scripting
author: 0x240x23elu
- severity: medium
+ severity: high
description: |
- H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS.
+ H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang.
reference:
- https://github.com/advisories/GHSA-9x76-78gc-r3m9
- https://github.com/Docker-droid/H3C_SSL_VPN_XSS
- https://nvd.nist.gov/vuln/detail/CVE-2022-35416
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-35416
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-35416
metadata:
shodan-query: http.html_hash:510586239
verified: "true"
@@ -42,3 +42,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-35493.yaml b/cves/2022/CVE-2022-35493.yaml
index c4c73faba3..cdf0f15f4a 100644
--- a/cves/2022/CVE-2022-35493.yaml
+++ b/cves/2022/CVE-2022-35493.yaml
@@ -1,19 +1,19 @@
id: CVE-2022-35493
info:
- name: eShop - Cross-Site Scripting
+ name: eShop 3.0.4 - Cross-Site Scripting
author: arafatansari
- severity: medium
+ severity: high
description: |
- eShop - Multipurpose Ecommerce Store Website v3.0.4 allows Reflected Cross-site scripting vulnerability in json search parse and the json response in wrteam.in.
+ eShop 3.0.4 contains a reflected cross-site scripting vulnerability in json search parse and json response in wrteam.in.
reference:
- https://github.com/Keyvanhardani/Exploit-eShop-Multipurpose-Ecommerce-Store-Website-3.0.4-Cross-Site-Scripting-XSS/blob/main/README.md
- https://nvd.nist.gov/vuln/detail/CVE-2022-35493
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-35493
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-35493
metadata:
shodan-query: http.html:"eShop - Multipurpose Ecommerce"
verified: "true"
@@ -38,3 +38,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-37153.yaml b/cves/2022/CVE-2022-37153.yaml
index 7bde99b1eb..3ac645260f 100644
--- a/cves/2022/CVE-2022-37153.yaml
+++ b/cves/2022/CVE-2022-37153.yaml
@@ -1,19 +1,19 @@
id: CVE-2022-37153
info:
- name: Artica Proxy - Cross-Site Scripting
+ name: Artica Proxy 4.30.000000 - Cross-Site Scripting
author: arafatansari
- severity: medium
+ severity: high
description: |
- An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php.
+ Artica Proxy 4.30.000000 contains a cross-site scripting vulnerability via the password parameter in /fw.login.php.
reference:
- https://github.com/Fjowel/CVE-2022-37153
- https://nvd.nist.gov/vuln/detail/CVE-2022-37153
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-37153
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-37153
metadata:
shodan-query: http.html:"Artica"
verified: "true"
@@ -45,3 +45,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/14
diff --git a/cves/2022/CVE-2022-38463.yaml b/cves/2022/CVE-2022-38463.yaml
index bf4f73caf7..d6bfb94a02 100644
--- a/cves/2022/CVE-2022-38463.yaml
+++ b/cves/2022/CVE-2022-38463.yaml
@@ -3,17 +3,17 @@ id: CVE-2022-38463
info:
name: ServiceNow - Cross-Site Scripting
author: amanrawat
- severity: medium
+ severity: high
description: |
- There exists a reflected XSS within the logout functionality of ServiceNow. This enables an unauthenticated remote attacker to execute arbitrary JavaScript.
+ ServiceNow through San Diego Patch 4b and Patch 6 contains a cross-site scripting vulnerability in the logout functionality, which can enable an unauthenticated remote attacker to execute arbitrary JavaScript.
reference:
- https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1156793
- https://nvd.nist.gov/vuln/detail/CVE-2022-38463
classification:
- cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- cvss-score: 6.1
- cve-id: CVE-2022-38463
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
cwe-id: CWE-79
+ cve-id: CVE-2022-38463
metadata:
shodan-query: http.title:"ServiceNow"
verified: "true"
@@ -38,3 +38,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/14
diff --git a/default-logins/apache/tomcat-examples-login.yaml b/default-logins/apache/tomcat-examples-login.yaml
index 1f4b7e7c4d..7c37c750e6 100644
--- a/default-logins/apache/tomcat-examples-login.yaml
+++ b/default-logins/apache/tomcat-examples-login.yaml
@@ -1,14 +1,18 @@
id: tomcat-examples-login
info:
- name: Tomcat Examples Default Login
+ name: Apache Tomcat - Default Login Discovery
author: 0xelkomy & C0NQR0R
severity: info
- description: Default Creds and there is XSS here, /examples/jsp/security/protected/index.jsp?dataName=%22%3E%3Cimg+src%3Dd+onerror%3Dalert%28document.cookie%29%3E&dataValue= after you login you will be able to get it.
+ description: Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 default login credentials were successful.
reference:
- https://c0nqr0r.github.io/CVE-2022-34305/
metadata:
verified: true
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
+ cwe-id: CWE-200
tags: default-login,tomcat
requests:
@@ -42,3 +46,5 @@ requests:
- "You are logged in as remote user"
- "{{username}}"
condition: and
+
+# Enhanced by mp on 2022/09/14
diff --git a/file/xss/dom-xss.yaml b/file/xss/dom-xss.yaml
index bab3198027..479a02d38d 100644
--- a/file/xss/dom-xss.yaml
+++ b/file/xss/dom-xss.yaml
@@ -1,11 +1,16 @@
id: dom-xss
info:
- name: DOM XSS Sources & Sinks
+ name: DOM Invader - Cross-Site Scripting
author: geeknik
- severity: info
+ severity: high
+ description: DOM Invader contains a cross-site scripting vulnerability in Sources & Sinks functionality.
reference:
- Inspired by https://portswigger.net/blog/introducing-dom-invader
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
tags: xss,file
file:
@@ -44,3 +49,5 @@ file:
- 'location(\.href|\.hash|\.search|\.pathname)?'
- 'window\.name'
- 'document(\.URL|\.referrer|\.documentURI|\.baseURI|\.cookie)'
+
+# Enhanced by mp on 2022/09/14
diff --git a/headless/window-name-domxss.yaml b/headless/window-name-domxss.yaml
index 0e54b61520..063a0577e8 100644
--- a/headless/window-name-domxss.yaml
+++ b/headless/window-name-domxss.yaml
@@ -3,9 +3,14 @@ id: window-name-domxss
info:
name: window.name - DOM Cross-Site Scripting
author: pdteam
- severity: medium
+ severity: high
+ description: The window-name is vulnerable to DOM based cross-site scripting.
reference:
- https://public-firing-range.appspot.com/dom/index.html
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
tags: headless,xss,domxss
headless:
@@ -87,3 +92,5 @@ headless:
part: alerts
kval:
- alerts
+
+# Enhanced by mp on 2022/09/14
diff --git a/misconfiguration/aem/aem-setpreferences-xss.yaml b/misconfiguration/aem/aem-setpreferences-xss.yaml
index 98e992d853..7ea602b823 100644
--- a/misconfiguration/aem/aem-setpreferences-xss.yaml
+++ b/misconfiguration/aem/aem-setpreferences-xss.yaml
@@ -1,13 +1,18 @@
id: aem-setpreferences-xss
info:
- name: AEM setPreferences - Cross-Site Scripting
+ name: Adobe Experience Manager - Cross-Site Scripting
author: zinminphy0,dhiyaneshDK
- severity: medium
+ severity: high
+ description: Adobe Experience Manager contains a cross-site scripting vulnerability via setPreferences.
reference:
- https://www.youtube.com/watch?v=VwLSUHNhrOw&t=142s
- https://github.com/projectdiscovery/nuclei-templates/issues/3225
- https://twitter.com/zin_min_phyo/status/1465394815042916352
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
metadata:
shodan-query: http.component:"Adobe Experience Manager"
tags: aem,xss
@@ -30,3 +35,5 @@ requests:
- type: status
status:
- 400
+
+# Enhanced by mp on 2022/09/15
diff --git a/misconfiguration/aem/aem-xss-childlist-selector.yaml b/misconfiguration/aem/aem-xss-childlist-selector.yaml
index c8551970bf..82ffe9766d 100644
--- a/misconfiguration/aem/aem-xss-childlist-selector.yaml
+++ b/misconfiguration/aem/aem-xss-childlist-selector.yaml
@@ -1,17 +1,22 @@
id: aem-xss-childlist-selector
info:
- name: XSS in childlist selector
+ name: Adobe Experience Manager - Cross-Site Scripting
author: dhiyaneshDk
- severity: medium
+ severity: high
description: |
- Requests using the selector childlist can an XSS when the dispatcher does not respect the content-type responded by AEM and flips from application/json to text/html. As a consequence the reflected suffix is executed and interpreted in the browser.
+ Adobe Experience Manager contains a cross-site scripting vulnerability via requests using the selector childlist when the dispatcher does not respect the content-type responded by AEM and flips from application/json to text/html. As a consequence, the reflected suffix is executed and interpreted in the browser.
reference:
- https://github.com/thomashartm/burp-aem-scanner/blob/master/src/main/java/burp/actions/xss/FlippingTypeWithChildrenlistSelector.java
+ - https://cystack.net/en/plugins/cystack.remote.aem_childlist_selector_xss
metadata:
shodan-query:
- http.title:"AEM Sign In"
- http.component:"Adobe Experience Manager"
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
tags: xss,aem,adobe
requests:
@@ -35,3 +40,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/14
diff --git a/misconfiguration/akamai-arl-xss.yaml b/misconfiguration/akamai-arl-xss.yaml
index 6a9c5fd334..7c6270fdc9 100644
--- a/misconfiguration/akamai-arl-xss.yaml
+++ b/misconfiguration/akamai-arl-xss.yaml
@@ -3,13 +3,18 @@ id: akamai-arl-xss
info:
name: Open Akamai ARL - Cross-Site Scripting
author: pdteam
- severity: medium
+ severity: high
+ description: Open Akamai ARL contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site.
reference:
- https://github.com/war-and-code/akamai-arl-hack
- https://twitter.com/SpiderSec/status/1421176297548435459
- https://warandcode.com/post/akamai-arl-hack/
- https://github.com/cybercdh/goarl
- https://community.akamai.com/customers/s/article/WebPerformanceV1V2ARLChangeStartingFebruary282021?language=en_US
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
tags: akamai,xss
requests:
@@ -29,3 +34,5 @@ requests:
part: header
words:
- 'text/html'
+
+# Enhanced by mp on 2022/09/14
diff --git a/misconfiguration/apache/apache-tomcat-snoop.yaml b/misconfiguration/apache/apache-tomcat-snoop.yaml
index d341f28db6..5b16ca06fe 100644
--- a/misconfiguration/apache/apache-tomcat-snoop.yaml
+++ b/misconfiguration/apache/apache-tomcat-snoop.yaml
@@ -1,12 +1,16 @@
id: apache-tomcat-snoop
info:
- name: Apache Tomcat example page disclosure - snoop
+ name: Apache Tomcat 4.x-7.x - Cross-Site Scripting
author: pdteam
- severity: low
- description: The following example scripts that come with Apache Tomcat v4.x - v7.x and can be used by attackers to gain information about the system. These scripts are also known to be vulnerable to cross site scripting (XSS) injection.
+ severity: high
+ description: Apache Tomcat 4.x through 7.x contains a cross-site scripting vulnerability which can be used by an attacker to execute arbitrary script in the browser of an unsuspecting user in the context of the affected site.
reference:
- https://www.rapid7.com/db/vulnerabilities/apache-tomcat-example-leaks
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
metadata:
shodan-query: title:"Apache Tomcat"
tags: apache,misconfig,tomcat,disclosure
@@ -25,3 +29,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/15
diff --git a/misconfiguration/openbmcs/openbmcs-ssrf.yaml b/misconfiguration/openbmcs/openbmcs-ssrf.yaml
index 056c13dd63..026411ed27 100644
--- a/misconfiguration/openbmcs/openbmcs-ssrf.yaml
+++ b/misconfiguration/openbmcs/openbmcs-ssrf.yaml
@@ -1,15 +1,17 @@
id: openbmcs-ssrf
info:
- name: OpenBMCS 2.4 Unauthenticated SSRF / RFI
+ name: OpenBMCS 2.4 - Server-Side Request Forgery / Remote File Inclusion
author: dhiyaneshDK
severity: high
- description: Unauthenticated Server-Side Request Forgery (SSRF) and Remote File Include (RFI) vulnerability exists in OpenBMCS within its functionalities. The application parses user supplied data in the POST parameter
- 'ip' to query a server IP on port 81 by default. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary
- destination host. This can be used by an external attacker for example to bypass firewalls and initiate a service and network enumeration on the internal network through the affected application, allows hijacking
- the current session of the user, execute cross-site scripting code or changing the look of the page and content modification on current display
+ description: OpenBMCS 2.4 is susceptible to unauthenticated server-side request forgery and remote file inclusion vulnerabilities within its functionalities. The application parses user supplied data in the POST parameter 'ip' to query a server IP on port 81 by default. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host.
reference:
- https://www.exploit-db.com/exploits/50670
+ - https://securityforeveryone.com/tools/openbmcs-unauth-ssrf-rfi-vulnerability-scanner
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
+ cvss-score: 6.8
+ cwe-id: CWE-918
metadata:
shodan-query: http.favicon.hash:1550906681
tags: ssrf,oast,openbmcs,edb
@@ -33,3 +35,5 @@ requests:
- type: status
status:
- 302
+
+# Enhanced by mp on 2022/09/15
diff --git a/misconfiguration/wildcard-postmessage.yaml b/misconfiguration/wildcard-postmessage.yaml
index 021a4bfabb..1e4d62f9be 100644
--- a/misconfiguration/wildcard-postmessage.yaml
+++ b/misconfiguration/wildcard-postmessage.yaml
@@ -1,11 +1,18 @@
id: wildcard-postmessage
info:
- name: Wildcard postMessage detection
+ name: postMessage - Cross-Site Scripting
author: pdteam
- severity: info
+ severity: high
+ description: postMessage contains a cross-site scripting vulnerability. An attacker can execute arbitrary script and therefore steal cookie-based authentication credentials and launch other attacks.
reference:
- https://jlajara.gitlab.io/web/2020/06/12/Dom_XSS_PostMessage.html
+ - https://payatu.com/blog/anubhav.singh/postmessage-vulnerabilities
+ - https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
tags: xss,postmessage
requests:
@@ -17,3 +24,5 @@ requests:
- type: regex
regex:
- postMessage\([a-zA-Z]+,["']\*["']\)
+
+# Enhanced by mp on 2022/09/15
diff --git a/misconfiguration/xss-deprecated-header.yaml b/misconfiguration/xss-deprecated-header.yaml
index 253698237f..af6d868a8d 100644
--- a/misconfiguration/xss-deprecated-header.yaml
+++ b/misconfiguration/xss-deprecated-header.yaml
@@ -1,13 +1,17 @@
id: xss-deprecated-header-detect
info:
- name: Detect Deprecated XSS Protection Header
+ name: XSS-Protection Header - Cross-Site Scripting
author: joshlarsen
- severity: info
- description: Setting the XSS-Protection header is deprecated by most browsers. Setting the header to anything other than `0` can actually introduce an XSS vulnerability.
+ severity: high
+ description: XSS-Protection header in Explorer, Chrome, and Safari contains a cross-site scripting vulnerability if set to any value other than `0`.
reference:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
- https://owasp.org/www-project-secure-headers/#x-xss-protection
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
tags: xss,misconfig,generic
requests:
@@ -34,3 +38,5 @@ requests:
part: header
kval:
- x_xss_protection
+
+# Enhanced by mp on 2022/09/15
diff --git a/vulnerabilities/concrete/concrete-xss.yaml b/vulnerabilities/concrete/concrete-xss.yaml
index a853d9d66f..65098495f7 100644
--- a/vulnerabilities/concrete/concrete-xss.yaml
+++ b/vulnerabilities/concrete/concrete-xss.yaml
@@ -1,14 +1,18 @@
id: concrete-xss
info:
- name: Concrete - Unauthenticated Reflected XSS in preview_as_user function
+ name: Concrete CMS <8.5.2 - Cross-Site Scripting
author: shifacyclewla,hackergautam,djoevanka
- severity: medium
- description: The Concrete CMS < 8.5.2 is vulnerable to Reflected XSS using cID parameter.
+ severity: high
+ description: Concrete CMS before 8.5.2 contains a cross-site scripting vulnerability in preview_as_user function using cID parameter.
reference:
- https://hackerone.com/reports/643442
- https://github.com/concrete5/concrete5/pull/7999
- https://twitter.com/JacksonHHax/status/1389222207805661187
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
tags: hackerone,concrete,xss,cms,unauth
requests:
@@ -33,3 +37,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/15
diff --git a/vulnerabilities/dedecms/dedecms-config-xss.yaml b/vulnerabilities/dedecms/dedecms-config-xss.yaml
index 59f32da943..001cf28590 100644
--- a/vulnerabilities/dedecms/dedecms-config-xss.yaml
+++ b/vulnerabilities/dedecms/dedecms-config-xss.yaml
@@ -1,15 +1,19 @@
id: dedecms-config-xss
info:
- name: DedeCMS V5.7 config.php Cross-Site Scripting
+ name: DedeCMS 5.7 - Cross-Site Scripting
author: ritikchaddha
- severity: medium
+ severity: high
description: |
- DeDeCMS v5.7 has an XSS vulnerability in the '/include/dialog/config.php' file, and attackers can use this vulnerability to steal user cookies, hang horses, etc.
+ DeDeCMS 5.7 contains a cross-site scripting vulnerability in the '/include/dialog/config.php' file. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site.
reference:
- https://www.zilyun.com/8665.html
- https://www.60ru.com/161.html
- https://www.cnblogs.com/milantgh/p/3615853.html
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
metadata:
verified: true
shodan-query: http.html:"DedeCms"
@@ -35,3 +39,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/09/15
diff --git a/vulnerabilities/generic/generic-j2ee-lfi.yaml b/vulnerabilities/generic/generic-j2ee-lfi.yaml
index d37c840343..831d809765 100644
--- a/vulnerabilities/generic/generic-j2ee-lfi.yaml
+++ b/vulnerabilities/generic/generic-j2ee-lfi.yaml
@@ -1,45 +1,45 @@
-id: generic-j2ee-lfi
-
-info:
- name: Generic J2EE LFI scan
- author: davidfegyver
- severity: high
- description: Looks for J2EE specific LFI vulnerabilities, tries to leak the web.xml file.
- reference:
- - https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/LFIModule.java
- - https://gist.github.com/harisec/519dc6b45c6b594908c37d9ac19edbc3
- metadata:
- verified: true
- shodan-query: http.title:"J2EE"
- tags: lfi,generic,j2ee
-
-requests:
- - method: GET
- path:
- - "{{BaseURL}}/../../../../WEB-INF/web.xml"
- - "{{BaseURL}}/../../../WEB-INF/web.xml"
- - "{{BaseURL}}/../../WEB-INF/web.xml"
- - "{{BaseURL}}/%c0%ae/%c0%ae/WEB-INF/web.xml"
- - "{{BaseURL}}/%c0%ae/%c0%ae/%c0%ae/WEB-INF/web.xml"
- - "{{BaseURL}}/%c0%ae/%c0%ae/%c0%ae/%c0%ae/WEB-INF/web.xml"
- - "{{BaseURL}}/../../../WEB-INF/web.xml;x="
- - "{{BaseURL}}/../../WEB-INF/web.xml;x="
- - "{{BaseURL}}/../WEB-INF/web.xml;x="
- - "{{BaseURL}}/WEB-INF/web.xml"
- - "{{BaseURL}}/.//WEB-INF/web.xml"
- - "{{BaseURL}}/../WEB-INF/web.xml"
- - "{{BaseURL}}/%c0%ae/WEB-INF/web.xml"
-
- stop-at-first-match: true
- matchers-condition: and
- matchers:
- - type: word
- part: body
- words:
- - ""
- - ""
- condition: and
-
- - type: status
- status:
+id: generic-j2ee-lfi
+
+info:
+ name: Generic J2EE LFI scan
+ author: davidfegyver
+ severity: high
+ description: Looks for J2EE specific LFI vulnerabilities, tries to leak the web.xml file.
+ reference:
+ - https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/LFIModule.java
+ - https://gist.github.com/harisec/519dc6b45c6b594908c37d9ac19edbc3
+ metadata:
+ verified: true
+ shodan-query: http.title:"J2EE"
+ tags: lfi,generic,j2ee
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/../../../../WEB-INF/web.xml"
+ - "{{BaseURL}}/../../../WEB-INF/web.xml"
+ - "{{BaseURL}}/../../WEB-INF/web.xml"
+ - "{{BaseURL}}/%c0%ae/%c0%ae/WEB-INF/web.xml"
+ - "{{BaseURL}}/%c0%ae/%c0%ae/%c0%ae/WEB-INF/web.xml"
+ - "{{BaseURL}}/%c0%ae/%c0%ae/%c0%ae/%c0%ae/WEB-INF/web.xml"
+ - "{{BaseURL}}/../../../WEB-INF/web.xml;x="
+ - "{{BaseURL}}/../../WEB-INF/web.xml;x="
+ - "{{BaseURL}}/../WEB-INF/web.xml;x="
+ - "{{BaseURL}}/WEB-INF/web.xml"
+ - "{{BaseURL}}/.//WEB-INF/web.xml"
+ - "{{BaseURL}}/../WEB-INF/web.xml"
+ - "{{BaseURL}}/%c0%ae/WEB-INF/web.xml"
+
+ stop-at-first-match: true
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - ""
+ - ""
+ condition: and
+
+ - type: status
+ status:
- 200
\ No newline at end of file