parent
4b681e54c0
commit
3bc2e26e40
|
@ -12,10 +12,10 @@ info:
|
|||
- https://nvd.nist.gov/vuln/detail/CVE-2008-1059
|
||||
- https://web.archive.org/web/20090615225856/http://secunia.com/advisories/29099/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2008-1061
|
||||
cwe-id: CWE-22
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2008-1059
|
||||
tags: lfi,cve,cve2008,wordpress,wp-plugin,wp,sniplets,edb,wpscan
|
||||
|
||||
requests:
|
||||
|
|
|
@ -3,15 +3,17 @@ id: CVE-2008-1061
|
|||
info:
|
||||
name: WordPress Sniplets <=1.2.2 - Cross-Site Scripting
|
||||
author: dhiyaneshDK
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/5194
|
||||
- https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2008-1061
|
||||
- http://secunia.com/advisories/29099
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2008-1061
|
||||
tags: xss,wp-plugin,wp,edb,wpscan,cve,cve2008,wordpress,sniplets
|
||||
|
||||
|
|
|
@ -1,21 +1,21 @@
|
|||
id: CVE-2014-8676
|
||||
|
||||
info:
|
||||
name: Simple Online Planning Tool 1.3.2 - Directory Traversal
|
||||
name: Simple Online Planning Tool <1.3.2 - Local File Inclusion
|
||||
author: 0x_Akoko
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.
|
||||
SOPlanning <1.32 contain a directory traversal in the file_get_contents function via a .. (dot dot) in the fichier parameter.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-8676
|
||||
- https://www.exploit-db.com/exploits/37604/
|
||||
- http://seclists.org/fulldisclosure/2015/Jul/44
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-8676
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cve-id: CVE-2014-8676
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cwe-id: CWE-22
|
||||
cve-id: CVE-2014-8676
|
||||
tags: packetstorm,edb,seclists,cve,cve2014,soplanning,lfi
|
||||
|
||||
requests:
|
||||
|
@ -32,3 +32,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by cs on 2022/09/09
|
||||
|
|
|
@ -1,20 +1,19 @@
|
|||
id: CVE-2018-16139
|
||||
|
||||
info:
|
||||
name: BIBLIOsoft BIBLIOpac 2008 - Cross Site Scripting
|
||||
name: BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting
|
||||
author: atomiczsec
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
Cross-site scripting (XSS) vulnerability in BIBLIOsoft BIBLIOpac 2008 allows remote attackers to inject arbitrary web script or HTML via the db or action parameter to to bin/wxis.exe/bibliopac/.
|
||||
BIBLIOsoft BIBLIOpac 2008 contains a cross-site scripting vulnerability via the db or action parameter to bin/wxis.exe/bibliopac/, which allows a remote attacker to inject arbitrary web script or HTML.
|
||||
reference:
|
||||
- https://www.0x90.zone/web/xss/2019/02/01/XSS-Bibliosoft.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-16139
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16139
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2018-16139
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2018-16139
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Bibliopac"
|
||||
|
@ -40,3 +39,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,19 +1,19 @@
|
|||
id: CVE-2020-13258
|
||||
|
||||
info:
|
||||
name: Contentful - Cross-Site Scripting
|
||||
name: Contentful <=2020-05-21 - Cross-Site Scripting
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter to the-example-app.py.
|
||||
Contentful through 2020-05-21 for Python contains a reflected cross-site scripting vulnerability via the api parameter to the-example-app.py.
|
||||
reference:
|
||||
- https://github.com/contentful/the-example-app.py/issues/44
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000140
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-13258
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2020-13258
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2020-13258
|
||||
tags: cve,cve2020,contentful,xss
|
||||
|
||||
requests:
|
||||
|
@ -38,3 +38,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,18 +1,19 @@
|
|||
id: CVE-2020-13483
|
||||
|
||||
info:
|
||||
name: Bitrix24 through 20.0.0 allows Cross-Site Scripting
|
||||
name: Bitrix24 <=20.0.0 - Cross-Site Scripting
|
||||
author: pikpikcu,3th1c_yuk1
|
||||
severity: medium
|
||||
description: The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.
|
||||
severity: high
|
||||
description: The Web Application Firewall in Bitrix24 up to and including 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.
|
||||
reference:
|
||||
- https://gist.github.com/mariuszpoplwski/ca6258cf00c723184ebd2228ba81f558
|
||||
- https://twitter.com/brutelogic/status/1483073170827628547
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-13483
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2020-13483
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2020-13483
|
||||
tags: cve,cve2020,xss,bitrix
|
||||
|
||||
requests:
|
||||
|
@ -40,3 +41,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by cs 2022/09/14
|
||||
|
|
|
@ -1,19 +1,19 @@
|
|||
id: CVE-2021-24276
|
||||
|
||||
info:
|
||||
name: Contact Form by Supsystic < 1.7.15 - Cross-Site Scripting
|
||||
name: WordPress Supsystic Contact Form <1.7.15 - Cross-Site Scripting
|
||||
author: dhiyaneshDK
|
||||
severity: medium
|
||||
description: The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
|
||||
severity: high
|
||||
description: WordPress Supsystic Contact Form plugin before 1.7.15 contains a cross-site scripting vulnerability. It does not sanitize the tab parameter of its options page before outputting it in an attribute.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/1301123c-5e63-432a-ab90-3221ca532d9c
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24276
|
||||
- http://packetstormsecurity.com/files/164308/WordPress-Contact-Form-1.7.14-Cross-Site-Scripting.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24276
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2021-24276
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2021-24276
|
||||
tags: wordpress,cve,cve2021,wp-plugin,wpscan,packetstorm
|
||||
|
||||
requests:
|
||||
|
@ -36,3 +36,5 @@ requests:
|
|||
words:
|
||||
- "text/html"
|
||||
part: header
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,18 +1,18 @@
|
|||
id: CVE-2021-24746
|
||||
|
||||
info:
|
||||
name: WordPress Sassy Social Share Plugin - Cross-Site Scripting
|
||||
name: WordPress Sassy Social Share Plugin <3.3.40 - Cross-Site Scripting
|
||||
author: Supras
|
||||
severity: medium
|
||||
description: WP plugin Sassy Social Share < 3.3.40 - Reflected Cross-Site Scripting
|
||||
severity: high
|
||||
description: WordPress plugin Sassy Social Share < 3.3.40 contains a reflected cross-site scripting vulnerability.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/99f4fb32-e312-4059-adaf-f4cbaa92d4fa
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24746
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2021-24746
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2021-24746
|
||||
metadata:
|
||||
google-query: inurl:"/wp-content/plugins/sassy-social-share"
|
||||
tags: cve,cve2021,wordpress,wp-plugin,xss,wp,wpscan
|
||||
|
@ -49,3 +49,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- '"slug":"([_a-z-A-Z0-9]+)",'
|
||||
|
||||
# Enhanced by cs 2022/09/14
|
||||
|
|
|
@ -53,4 +53,4 @@ requests:
|
|||
- 'contains(body_3, "<td>\"><script>alert(document.domain)</script></td>")'
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp 09/09/2022
|
||||
# Enhanced by mp 2022/09/09
|
||||
|
|
|
@ -53,4 +53,4 @@ requests:
|
|||
- 'contains(body_3, "<script>alert(document.domain)</script> Test</td>")'
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp 09/09/2022
|
||||
# Enhanced by mp 2022/09/09
|
||||
|
|
|
@ -1,15 +1,19 @@
|
|||
id: CVE-2022-0776
|
||||
|
||||
info:
|
||||
name: RevealJS postMessage Cross-Site Scripting
|
||||
name: RevealJS postMessage <4.3.0 - Cross-Site Scripting
|
||||
author: LogicalHunter
|
||||
severity: medium
|
||||
description: Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0.
|
||||
severity: high
|
||||
description: RevealJS postMessage before 4.3.0 contains a cross-site scripting vulnerability via the document object model.
|
||||
reference:
|
||||
- https://hackerone.com/reports/691977
|
||||
- https://github.com/hakimel/reveal.js/pull/3137
|
||||
- https://huntr.dev/bounties/be2b7ee4-f487-42e1-874a-6bcc410e4001/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0776
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-0776
|
||||
tags: hackerone,huntr,cve,cve2022,headless,postmessage,revealjs
|
||||
|
||||
|
@ -32,3 +36,5 @@ headless:
|
|||
part: extract
|
||||
words:
|
||||
- "true"
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,20 +1,20 @@
|
|||
id: CVE-2022-0928
|
||||
|
||||
info:
|
||||
name: Microweber - Cross-Site Scripting
|
||||
name: Microweber <1.2.12 - Stored Cross-Site Scripting
|
||||
author: amit-jd
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
Cross-site Scripting (XSS) discovered in microweber prior to 1.2.12. Type parameter in the body of POST request triggered by add/edit tax in microweb are vulnerable to stored XSS.
|
||||
Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability via the Type parameter in the body of POST request, which is triggered by Add/Edit Tax.
|
||||
reference:
|
||||
- https://huntr.dev/bounties/085aafdd-ba50-44c7-9650-fa573da29bcd
|
||||
- https://github.com/microweber/microweber/commit/fc9137c031f7edec5f50d73b300919fb519c924a
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0928
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cve-id: CVE-2022-0928
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-0928
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: authenticated,huntr,cve,cve2022,xss,microweber,cms
|
||||
|
@ -53,3 +53,5 @@ requests:
|
|||
- 'contains(all_headers_3,"text/html")'
|
||||
- 'status_code==200'
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,21 +1,21 @@
|
|||
id: CVE-2022-0954
|
||||
|
||||
info:
|
||||
name: Microweber - Cross-Site Scripting
|
||||
name: Microweber <1.2.11 - Stored Cross-Site Scripting
|
||||
author: amit-jd
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.
|
||||
Microweber before 1.2.1 contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Autorespond E-mail Settings, and Payment Methods.
|
||||
reference:
|
||||
- https://github.com/advisories/GHSA-8c76-mxv5-w4g8
|
||||
- https://huntr.dev/bounties/b99517c0-37fc-4efa-ab1a-3591da7f4d26/
|
||||
- https://github.com/microweber/microweber/commit/955471c27e671c49e4b012e3b120b004082ac3f7
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0954
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cve-id: CVE-2022-0954
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-0954
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2022,xss,microweber,huntr
|
||||
|
@ -55,3 +55,5 @@ requests:
|
|||
- 'contains(all_headers_3,"text/html")'
|
||||
- 'status_code_3==200'
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,21 +1,21 @@
|
|||
id: CVE-2022-0963
|
||||
|
||||
info:
|
||||
name: Microweber > 1.2.12 - Cross-Site Scripting
|
||||
name: Microweber <1.2.12 - Stored Cross-Site Scripting
|
||||
author: amit-jd
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
Microweber prior to 1.2.12 allows unrestricted upload of XML files, which malicious actors can exploit to cause a stored cross-site scripting attack.
|
||||
Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,.
|
||||
reference:
|
||||
- https://huntr.dev/bounties/a89a4198-0880-4aa2-8439-a463f39f244c/
|
||||
- https://github.com/advisories/GHSA-q3x2-jvp3-wj78
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0963
|
||||
- https://huntr.dev/bounties/a89a4198-0880-4aa2-8439-a463f39f244c
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0963
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cve-id: CVE-2022-0963
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-0963
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: xss,microweber,cms,authenticated,huntr,cve,cve2022,intrusive
|
||||
|
@ -67,3 +67,5 @@ requests:
|
|||
- 'status_code_3==200'
|
||||
- 'contains(body_2,"bytes_uploaded")'
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,19 +1,20 @@
|
|||
id: CVE-2022-1221
|
||||
|
||||
info:
|
||||
name: Gwyn's Imagemap Selector <= 0.3.3 - Cross-Site Scripting
|
||||
name: WordPress Gwyn's Imagemap Selector <=0.3.3 - Cross-Site Scripting
|
||||
author: veshraj
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
The Gwyn's Imagemap Selector Wordpresss plugin does not sanitize the id and class parameters before returning them back in attributes, leading to a Reflected Cross-Site Scripting.
|
||||
Wordpress Gwyn's Imagemap Selector plugin 0.3.3 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize the id and class parameters before returning them back in attributes.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/641be9f6-2f74-4386-b16e-4b9488f0d2a9
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1221
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-1221
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-1221
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-1221
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve2022,wpscan,xss,wordpress,wp-plugin,wp,cve
|
||||
|
@ -40,3 +41,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/09/12
|
||||
|
|
|
@ -1,20 +1,20 @@
|
|||
id: CVE-2022-1439
|
||||
|
||||
info:
|
||||
name: Microweber Cross-Site Scripting
|
||||
name: Microweber <1.2.15 - Cross-Site Scripting
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: Reflected XSS in microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction.
|
||||
severity: high
|
||||
description: Microweber prior to 1.2.15 contains a reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-1439
|
||||
- https://huntr.dev/bounties/86f6a762-0f3d-443d-a676-20f8496907e0/
|
||||
- https://huntr.dev/bounties/86f6a762-0f3d-443d-a676-20f8496907e0
|
||||
- https://github.com/microweber/microweber/commit/ad3928f67b2cd4443f4323d858b666d35a919ba8
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-1439
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-1439
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-1439
|
||||
metadata:
|
||||
shodan-query: http.favicon.hash:780351152
|
||||
tags: cve,cve2022,microweber,xss,huntr
|
||||
|
@ -36,3 +36,5 @@ requests:
|
|||
- "<div class='x module module-'onmouseover=alert(document.domain) '"
|
||||
- "parent-module-id"
|
||||
condition: and
|
||||
|
||||
# Enhanced by md on 2022/09/12
|
||||
|
|
|
@ -1,21 +1,19 @@
|
|||
id: CVE-2022-1597
|
||||
|
||||
info:
|
||||
name: WPQA < 5.4 - Cross-Site Scripting
|
||||
name: WordPress WPQA <5.4 - Cross-Site Scripting
|
||||
author: veshraj
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
The plugin, used as a companion for the Discy and Himer themes,
|
||||
does not sanitise and escape a parameter on its reset password
|
||||
form which makes it possible to perform reflected XSS.
|
||||
WordPress WPQA plugin prior to 5.4 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter on its reset password form.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/faff9484-9fc7-4300-bdad-9cd8a30a9a4e
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1597
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-1597
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-1597
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-1597
|
||||
metadata:
|
||||
google-query: inurl:/wp-content/plugins/wpqa
|
||||
verified: "true"
|
||||
|
@ -61,3 +59,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,18 +1,18 @@
|
|||
id: CVE-2022-1724
|
||||
|
||||
info:
|
||||
name: Simple Membership < 4.1.1 - Cross-Site Scripting
|
||||
name: WordPress Simple Membership <4.1.1 - Cross-Site Scripting
|
||||
author: Akincibor
|
||||
severity: medium
|
||||
description: The plugin does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting.
|
||||
severity: high
|
||||
description: WordPress Simple Membership plugin before 4.1.1 contains a reflected cross-site scripting vulnerability. It does not properly sanitize and escape parameters before outputting them back in AJAX actions.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/96a0a667-9c4b-4ea6-b78a-0681e9a9bbae
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-1724
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-1724
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-1724
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: xss,wp,wordpress,wpscan,cve,cve2022,wp-plugin
|
||||
|
@ -37,3 +37,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,19 +1,19 @@
|
|||
id: CVE-2022-1904
|
||||
|
||||
info:
|
||||
name: Easy Pricing Tables < 3.2.1 - Cross-Site-Scripting
|
||||
name: WordPress Easy Pricing Tables <3.2.1 - Cross-Site Scripting
|
||||
author: Akincibor
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
The plugin does not sanitize and escape parameter before reflecting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a reflected cross-site scripting.
|
||||
WordPress Easy Pricing Tables plugin before 3.2.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before reflecting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/92215d07-d129-49b4-a838-0de1a944c06b
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1904
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-1904
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-1904
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-1904
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: wp,wordpress,wpscan,cve,cve2022,wp-plugin,xss
|
||||
|
@ -38,3 +38,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,20 +1,19 @@
|
|||
id: CVE-2022-1906
|
||||
|
||||
info:
|
||||
name: Copyright Proof <= 4.16 - Cross-Site-Scripting
|
||||
name: WordPress Copyright Proof <=4.16 - Cross-Site-Scripting
|
||||
author: random-robbie
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
The plugin does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting when a specific setting is enabled.
|
||||
WordPress Copyright Proof plugin 4.16 and prior contains a cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users when a specific setting is enabled.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/af4f459e-e60b-4384-aad9-0dc18aa3b338
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-1906
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1906
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-1906
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-1906
|
||||
metadata:
|
||||
google-query: inurl:/wp-content/plugins/digiproveblog
|
||||
verified: "true"
|
||||
|
@ -42,3 +41,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,19 +1,19 @@
|
|||
id: CVE-2022-1937
|
||||
|
||||
info:
|
||||
name: Awin Data Feed <= 1.6 - Cross-Site Scripting
|
||||
name: WordPress Awin Data Feed <=1.6 - Cross-Site Scripting
|
||||
author: Akincibor,DhiyaneshDK
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
The plugin does not sanitise and escape a parameter before outputting it back via an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting.
|
||||
WordPress Awin Data Feed plugin 1.6 and prior contains a cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back via an AJAX action, available to both unauthenticated and authenticated users.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/eb40ea5d-a463-4947-9a40-d55911ff50e9
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-1937
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-1937
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-1937
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2022,xss,awin,wpscan,wp-plugin,wp,wordpress,authenticated
|
||||
|
@ -40,3 +40,5 @@ requests:
|
|||
- 'status_code_2 == 200'
|
||||
- contains(body_2, 'colspan=\"2\"><script>alert(document.domain)</script></th>')
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,19 +1,19 @@
|
|||
id: CVE-2022-1946
|
||||
|
||||
info:
|
||||
name: Gallery < 2.0.0 - Cross-Site Scripting
|
||||
name: WordPress Gallery <2.0.0 - Cross-Site Scripting
|
||||
author: Akincibor
|
||||
severity: medium
|
||||
description: The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue.
|
||||
severity: high
|
||||
description: WordPress Gallery plugin before 2.0.0 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the response of an AJAX action, available to both unauthenticated and authenticated users.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/0903920c-be2e-4515-901f-87253eb30940
|
||||
- https://wordpress.org/plugins/gallery-album
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1946
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-1946
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-1946
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-1946
|
||||
metadata:
|
||||
google-query: inurl:"/wp-content/plugins/gallery-album/"
|
||||
verified: "true"
|
||||
|
@ -39,3 +39,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,20 +1,20 @@
|
|||
id: CVE-2022-2187
|
||||
|
||||
info:
|
||||
name: Contact Form 7 Captcha < 0.1.2 - Cross-Site Scripting
|
||||
name: WordPress Contact Form 7 Captcha <0.1.2 - Cross-Site Scripting
|
||||
author: For3stCo1d
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
|
||||
WordPress Contact Form 7 Captcha plugin before 0.1.2 contains a reflected cross-site scripting vulnerability. It does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/4fd2f1ef-39c6-4425-8b4d-1a332dabac8d
|
||||
- https://wordpress.org/plugins/contact-form-7-simple-recaptcha
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2187
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-2187
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-2187
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-2187
|
||||
tags: wpscan,cve,cve2022,wordpress,xss,wp-plugin,wp
|
||||
|
||||
requests:
|
||||
|
@ -39,3 +39,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,20 +1,20 @@
|
|||
id: CVE-2022-2290
|
||||
|
||||
info:
|
||||
name: Trilium - Cross-Site Scripting
|
||||
name: Trilium <0.52.4 - Cross-Site Scripting
|
||||
author: dbrwsky
|
||||
severity: medium
|
||||
description: Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/trilium prior to 0.52.4, 0.53.1-beta.
|
||||
severity: high
|
||||
description: Trilium prior to 0.52.4, 0.53.1-beta contains a cross-site scripting vulnerability which can allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
|
||||
reference:
|
||||
- https://huntr.dev/bounties/367c5c8d-ad6f-46be-8503-06648ecf09cf/
|
||||
- https://github.com/zadam/trilium
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-2290
|
||||
- https://github.com/zadam/trilium/commit/3faae63b849a1fabc31b823bb7af3a84d32256a7
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-2290
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-2290
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-2290
|
||||
metadata:
|
||||
shodan-query: title:"Trilium Notes"
|
||||
verified: "true"
|
||||
|
@ -46,3 +46,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 404
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,21 +1,20 @@
|
|||
id: CVE-2022-2383
|
||||
|
||||
info:
|
||||
name: Feed Them Social < 3.0.1 - Cross-Site Scripting
|
||||
name: WordPress Feed Them Social <3.0.1 - Cross-Site Scripting
|
||||
author: akincibor
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
|
||||
WordPress Feed Them Social plugin before 3.0.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the page.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/4a3b3023-e740-411c-a77c-6477b80d7531
|
||||
- https://wordpress.org/plugins/feed-them-social/
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2383
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-2383
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-2383
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-2383
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: wp,wordpress,wp-plugin,wpscan,cve,cve2022,xss
|
||||
|
@ -40,3 +39,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,20 +1,20 @@
|
|||
id: CVE-2022-24181
|
||||
|
||||
info:
|
||||
name: PKP Open Journals System 3.3 - Cross-Site Scripting
|
||||
name: PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting
|
||||
author: lucasljm2001,ekrause
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
Detects an XSS vulnerability in Open Journals System.
|
||||
PKP Open Journal Systems 2.4.8 to 3.3 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary code via the X-Forwarded-Host Header.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/50881
|
||||
- https://github.com/pkp/pkp-lib/issues/7649
|
||||
- https://youtu.be/v8-9evO2oVg
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-24181
|
||||
- https://nvd.nist.gov/vuln/detail/cve-2022-24181
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-24181
|
||||
metadata:
|
||||
verified: true
|
||||
|
@ -42,3 +42,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,21 +1,21 @@
|
|||
id: CVE-2022-24681
|
||||
|
||||
info:
|
||||
name: ManageEngine ADSelfService - Stored Cross-Site Scripting
|
||||
name: ManageEngine ADSelfService Plus <6121 - Stored Cross-Site Scripting
|
||||
author: Open-Sec
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.
|
||||
ManageEngine ADSelfService Plus before 6121 contains a stored cross-site scripting vulnerability via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screens.
|
||||
reference:
|
||||
- https://raxis.com/blog/cve-2022-24681
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-24681
|
||||
- https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-24681.html
|
||||
- https://manageengine.com
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-24681
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-24681
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-24681
|
||||
tags: cve,cve2022,manageengine,xss,authenticated
|
||||
|
||||
requests:
|
||||
|
@ -47,3 +47,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,20 +1,21 @@
|
|||
id: CVE-2022-24899
|
||||
|
||||
info:
|
||||
name: Contao 4.13.2 - Cross-Site Scripting
|
||||
name: Contao <4.13.3 - Cross-Site Scripting
|
||||
author: ritikchaddha
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings.
|
||||
Contao prior to 4.13.3 contains a cross-site scripting vulnerability. It is possible to inject arbitrary JavaScript code into the canonical tag.
|
||||
reference:
|
||||
- https://huntr.dev/bounties/df46e285-1b7f-403c-8f6c-8819e42deb80/
|
||||
- https://github.com/contao/contao/security/advisories/GHSA-m8x6-6r63-qvj2
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-24899
|
||||
remediation: As a workaround, users may disable canonical tags in the root page settings.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-24899
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-24899
|
||||
metadata:
|
||||
shodan-query: title:"Contao"
|
||||
tags: cve,cve2022,contao,xss,huntr
|
||||
|
@ -37,3 +38,5 @@ requests:
|
|||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -3,19 +3,19 @@ id: CVE-2022-28363
|
|||
info:
|
||||
name: Reprise License Manager 14.2 - Cross-Site Scripting
|
||||
author: Akincibor
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process "username" parameter via GET. No authentication is required.
|
||||
Reprise License Manager 14.2 contains a reflected cross-site scripting vulnerability in the /goform/login_process 'username' parameter via GET, whereby no authentication is required.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-28363
|
||||
- https://www.reprisesoftware.com/products/software-license-management.php
|
||||
- https://github.com/advisories/GHSA-rpvc-qgrm-r54f
|
||||
- http://packetstormsecurity.com/files/166647/Reprise-License-Manager-14.2-Cross-Site-Scripting-Information-Disclosure.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-28363
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-28363
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-28363
|
||||
tags: xss,rlm,packetstorm,cve,cve2022
|
||||
|
||||
requests:
|
||||
|
@ -40,3 +40,5 @@ requests:
|
|||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,21 +1,21 @@
|
|||
id: CVE-2022-29004
|
||||
|
||||
info:
|
||||
name: Diary Management System v1.0 - Cross-Site scripting
|
||||
name: Diary Management System 1.0 - Cross-Site Scripting
|
||||
author: TenBird
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php.
|
||||
Diary Management System 1.0 contains a cross-site scripting vulnerability via the Name parameter in search-result.php.
|
||||
reference:
|
||||
- https://github.com/sudoninja-noob/CVE-2022-29004/blob/main/CVE-2022-29004.txt
|
||||
- https://phpgurukul.com/e-diary-management-system-using-php-and-mysql/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-29004
|
||||
- http://phpgurukul.com
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-29004
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-29004
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-29004
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2022,xss,authenticated,edms
|
||||
|
@ -51,3 +51,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,19 +1,19 @@
|
|||
id: CVE-2022-29005
|
||||
info:
|
||||
name: Online Birth Certificate System V1.2 - Stored Cross-Site scripting
|
||||
name: Online Birth Certificate System 1.2 - Stored Cross-Site Scripting
|
||||
author: TenBird
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters.
|
||||
Online Birth Certificate System 1.2 contains multiple stored cross-site scripting vulnerabilities in the component /obcs/user/profile.php, which allows an attacker to execute arbitrary web script or HTML via a crafted payload injected into the fname or lname parameters.
|
||||
reference:
|
||||
- https://github.com/sudoninja-noob/CVE-2022-29005/blob/main/CVE-2022-29005.txt
|
||||
- https://phpgurukul.com/online-birth-certificate-system-using-php-and-mysql/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-29005
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-29005
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-29005
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2022,xss,obcs,authenticated
|
||||
|
@ -48,3 +48,5 @@ requests:
|
|||
- 'status_code_3 == 200'
|
||||
- contains(body_3, 'admin-name\">nuclei<script>alert(document.domain);</script>')
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,19 +1,19 @@
|
|||
id: CVE-2022-29349
|
||||
|
||||
info:
|
||||
name: kkFileView v4.0.0 - Cross-Site Scripting
|
||||
name: kkFileView 4.0.0 - Cross-Site Scripting
|
||||
author: arafatansari
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
kkFileView v4.0.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.
|
||||
kkFileView 4.0.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.
|
||||
reference:
|
||||
- https://github.com/kekingcn/kkFileView/issues/347
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-29349
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-29349
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-29349
|
||||
metadata:
|
||||
shodan-query: http.html:"kkFileView"
|
||||
verified: "true"
|
||||
|
@ -38,3 +38,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,21 +1,21 @@
|
|||
id: CVE-2022-29455
|
||||
|
||||
info:
|
||||
name: Wordpress Elementor <= 3.5.5 - DOM-based Cross-Site Scripting
|
||||
name: WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting
|
||||
author: rotembar,daffainfo
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions.
|
||||
WordPress Elementor Website Builder plugin 3.5.5 and prior contains a reflected cross-site scripting vulnerability via the document object model.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-29455
|
||||
- https://rotem-bar.com/hacking-65-million-websites-greater-cve-2022-29455-elementor
|
||||
- https://www.rotem-bar.com/elementor
|
||||
- https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-5-5-unauthenticated-dom-based-reflected-cross-site-scripting-xss-vulnerability
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-29455
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-29455
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-29455
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2022,xss,wordpress,elementor
|
||||
|
@ -52,3 +52,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- "(?m)Stable tag: ([0-9.]+)"
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,20 +1,19 @@
|
|||
id: CVE-2022-29548
|
||||
|
||||
info:
|
||||
name: WSO2 Management Console - Cross-Site Scripting
|
||||
name: WSO2 - Cross-Site Scripting
|
||||
author: edoardottt
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
A reflected XSS issue exists in the Management Console of several WSO2 products.
|
||||
WSO2 contains a reflected cross-site scripting vulnerability in the Management Console of API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-29548
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29548
|
||||
- https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1603
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-29548
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-29548
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-29548
|
||||
metadata:
|
||||
google-query: inurl:"carbon/admin/login"
|
||||
verified: "true"
|
||||
|
@ -40,3 +39,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,20 +1,20 @@
|
|||
id: CVE-2022-30073
|
||||
|
||||
info:
|
||||
name: WBCE CMS v1.5.2 XSS Stored
|
||||
name: WBCE CMS 1.5.2 - Cross-Site Scripting
|
||||
author: arafatansari
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\user\save.php Display Name parameters.
|
||||
WBCE CMS 1.5.2 contains a stored cross-site scripting vulnerability via \admin\user\save.php Display Name parameters.
|
||||
reference:
|
||||
- https://github.com/APTX-4879/CVE
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30073
|
||||
- https://github.com/APTX-4879/CVE/blob/main/CVE-2022-30073.pdf
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-30073
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cve-id: CVE-2022-30073
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-30073
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2022,wbcecms,xss
|
||||
|
@ -70,3 +70,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,20 +1,20 @@
|
|||
id: CVE-2022-30489
|
||||
|
||||
info:
|
||||
name: Wavlink Wn535g3 - POST Cross-Site Scripting
|
||||
name: Wavlink WN-535G3 - Cross-Site Scripting
|
||||
author: For3stCo1d
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.
|
||||
Wavlink WN-535G3 contains a POST cross-site scripting vulnerability via the hostname parameter at /cgi-bin/login.cgi.
|
||||
reference:
|
||||
- https://github.com/badboycxcc/XSS-CVE-2022-30489
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-30489
|
||||
- https://github.com/badboycxcc/XSS
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-30489
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-30489
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-30489
|
||||
metadata:
|
||||
shodan-query: http.title:"Wi-Fi APP Login"
|
||||
verified: "true"
|
||||
|
@ -45,3 +45,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,21 +1,21 @@
|
|||
id: CVE-2022-30776
|
||||
|
||||
info:
|
||||
name: Atmail - Cross-Site Scripting
|
||||
name: Atmail 6.5.0 - Cross-Site Scripting
|
||||
author: 3th1c_yuk1
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter.
|
||||
Atmail 6.5.0 contains a cross-site scripting vulnerability via the index.php/admin/index/ 'error' parameter.
|
||||
reference:
|
||||
- https://medium.com/@bhattronit96/cve-2022-30776-cd34f977c2b9
|
||||
- https://www.atmail.com/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-30776
|
||||
- https://help.atmail.com/hc/en-us/sections/115003283988
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-30776
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-30776
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-30776
|
||||
metadata:
|
||||
shodan-query: http.html:"atmail"
|
||||
verified: "true"
|
||||
|
@ -41,3 +41,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,20 +1,20 @@
|
|||
id: CVE-2022-30777
|
||||
|
||||
info:
|
||||
name: Parallels H-Sphere - Cross-Site Scripting
|
||||
name: Parallels H-Sphere 3.6.1713 - Cross-Site Scripting
|
||||
author: 3th1c_yuk1
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter.
|
||||
Parallels H-Sphere 3.6.1713 contains a cross-site scripting vulnerability via the index_en.php 'from' parameter.
|
||||
reference:
|
||||
- https://medium.com/@bhattronit96/cve-2022-30777-45725763ab59
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-30777
|
||||
- https://en.wikipedia.org/wiki/H-Sphere
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-30777
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-30777
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-30777
|
||||
metadata:
|
||||
shodan-query: title:"h-sphere"
|
||||
verified: "true"
|
||||
|
@ -42,3 +42,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -3,17 +3,17 @@ id: CVE-2022-31373
|
|||
info:
|
||||
name: SolarView Compact 6.00 - Cross-Site Scripting
|
||||
author: ritikchaddha
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php.
|
||||
SolarView Compact 6.00 contains a cross-site scripting vulnerability via the Solar_AiConf.php component.
|
||||
reference:
|
||||
- https://github.com/badboycxcc/SolarView_Compact_6.0_xss
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-31373
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-31373
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-31373
|
||||
metadata:
|
||||
shodan-query: http.html:"SolarView Compact"
|
||||
verified: "true"
|
||||
|
@ -39,3 +39,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,16 +1,21 @@
|
|||
id: CVE-2022-31474
|
||||
|
||||
info:
|
||||
name: BackupBuddy Arbitrary File Read
|
||||
name: BackupBuddy - Local File Inclusion
|
||||
author: aringo
|
||||
severity: high
|
||||
description: BackupBuddy versions 8.5.8.0 through 8.7.4.1 are vulnerable to arbitrary file read
|
||||
description: BackupBuddy versions 8.5.8.0 - 8.7.4.1 are vulnerable to a local file inclusion vulnerability via the 'download' and 'local-destination-id' parameters.
|
||||
reference:
|
||||
- https://www.wordfence.com/blog/2022/09/psa-nearly-5-million-attacks-blocked-targeting-0-day-in-backupbuddy-plugin/
|
||||
- https://ithemes.com/blog/wordpress-vulnerability-report-special-edition-september-6-2022-backupbuddy
|
||||
- https://ithemes.com/backupbuddy/
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31474
|
||||
remediation: Developers should immediately upgrade to at least version 8.7.5 or higher
|
||||
remediation: Upgrade to at least version 8.7.5 or higher
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cwe-id: CWE-22
|
||||
cve-id: CVE-2022-31474
|
||||
tags: cve,cve2022,wordpress,wp-plugin,wp,lfi,backupbuddy
|
||||
|
||||
requests:
|
||||
|
@ -28,3 +33,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by cs 2022/09/14
|
||||
|
|
|
@ -1,20 +1,20 @@
|
|||
id: CVE-2022-32195
|
||||
|
||||
info:
|
||||
name: Open edX - Cross-Site Scripting
|
||||
name: Open edX <2022-06-06 - Cross-Site Scripting
|
||||
author: arafatansari
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
Open edX platform before 2022-06-06 allows Reflected Cross-site Scripting via the "next" parameter in the logout URL.
|
||||
Open edX before 2022-06-06 contains a reflected cross-site scripting vulnerability via the 'next' parameter in the logout URL.
|
||||
reference:
|
||||
- https://discuss.openedx.org/t/security-patch-for-logout-page-xss-vulnerability/7408
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-32195
|
||||
- https://github.com/edx
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-32195
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-32195
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-32195
|
||||
metadata:
|
||||
comment: Hover the cursor on the redirect link
|
||||
shodan-query: http.html:"Open edX"
|
||||
|
@ -41,3 +41,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -3,18 +3,18 @@ id: CVE-2022-32770
|
|||
info:
|
||||
name: WWBN AVideo 11.6 - Cross-Site Scripting
|
||||
author: arafatansari
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 via "toast" parameter which is inserted into the document with insufficient sanitization.
|
||||
WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'toast' parameter, which is inserted into the document with insufficient sanitization.
|
||||
reference:
|
||||
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1538
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-32770
|
||||
- https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-32770
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-32770
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-32770
|
||||
metadata:
|
||||
shodan-query: http.html:"AVideo"
|
||||
verified: "true"
|
||||
|
@ -40,3 +40,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -3,18 +3,18 @@ id: CVE-2022-32771
|
|||
info:
|
||||
name: WWBN AVideo 11.6 - Cross-Site Scripting
|
||||
author: arafatansari
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 via "success" parameter which is inserted into the document with insufficient sanitization.
|
||||
WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'success' parameter, which is inserted into the document with insufficient sanitization.
|
||||
reference:
|
||||
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1538
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-32771
|
||||
- https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-32771
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-32771
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-32771
|
||||
metadata:
|
||||
shodan-query: http.html:"AVideo"
|
||||
verified: "true"
|
||||
|
@ -42,3 +42,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -3,18 +3,18 @@ id: CVE-2022-32772
|
|||
info:
|
||||
name: WWBN AVideo 11.6 - Cross-Site Scripting
|
||||
author: arafatansari
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 via "msg" parameter which is inserted into the document with insufficient sanitization.
|
||||
WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'msg' parameter, which is inserted into the document with insufficient sanitization.
|
||||
reference:
|
||||
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1538
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-32772
|
||||
- https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-32772
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-32772
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-32772
|
||||
metadata:
|
||||
shodan-query: http.html:"AVideo"
|
||||
verified: "true"
|
||||
|
@ -40,3 +40,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
id: CVE-2022-33119
|
||||
|
||||
info:
|
||||
name: NVRsolo v03.06.02 - Cross-Site Scripting
|
||||
name: NUUO NVRsolo Video Recorder 03.06.02 - Cross-Site Scripting
|
||||
author: arafatansari
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php.
|
||||
NUUO NVRsolo Video Recorder 03.06.02 contains a reflected cross-site scripting vulnerability via login.php.
|
||||
reference:
|
||||
- https://github.com/badboycxcc/nuuo-xss/blob/main/README.md
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-33119
|
||||
|
@ -36,3 +36,5 @@ requests:
|
|||
- 'status_code == 200'
|
||||
- contains(body,'<script>alert(document.domain)</script><\"?cmd=')
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,21 +1,21 @@
|
|||
id: CVE-2022-34048
|
||||
|
||||
info:
|
||||
name: Wavlink WN533A8 - Cross-Site Scripting
|
||||
name: Wavlink WN-533A8 - Cross-Site Scripting
|
||||
author: ritikchaddha
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page parameter.
|
||||
Wavlink WN-533A8 M33A8.V5030.190716 contains a reflected cross-site scripting vulnerability via the login_page parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/50989
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-34048
|
||||
- https://drive.google.com/file/d/1xznFhH3w3TDN2RCdX62_ebylR4yaKmzf/view?usp=sharing
|
||||
- https://drive.google.com/file/d/1NI3-k3AGIsSe2zjeigl1GVyU1VpG1SV3/view?usp=sharing
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-34048
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-34048
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-34048
|
||||
metadata:
|
||||
shodan-query: http.html:"Wavlink"
|
||||
verified: "true"
|
||||
|
@ -44,3 +44,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -3,18 +3,18 @@ id: CVE-2022-34328
|
|||
info:
|
||||
name: PMB 7.3.10 - Cross-Site Scripting
|
||||
author: edoardottt
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php.
|
||||
PMB 7.3.10 contains a reflected cross-site scripting vulnerability via the id parameter in an lvl=author_see request to index.php.
|
||||
reference:
|
||||
- https://github.com/jenaye/PMB/blob/main/README.md
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-34328
|
||||
- https://github.com/jenaye/PMB
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-34328
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-34328
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-34328
|
||||
metadata:
|
||||
shodan-query: http.html:"PMB Group"
|
||||
verified: "true"
|
||||
|
@ -40,3 +40,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,19 +1,19 @@
|
|||
id: CVE-2022-35151
|
||||
|
||||
info:
|
||||
name: kkFileView v4.1.0 - Cross-Site Scripting
|
||||
name: kkFileView 4.1.0 - Cross-Site Scripting
|
||||
author: arafatansari
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.
|
||||
kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.
|
||||
reference:
|
||||
- https://github.com/kekingcn/kkFileView/issues/366
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-35151
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-35151
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-35151
|
||||
metadata:
|
||||
shodan-query: http.html:"kkFileView"
|
||||
verified: "true"
|
||||
|
@ -42,3 +42,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -10,6 +10,8 @@ info:
|
|||
- https://medium.com/@_sadshade/wapples-web-application-firewall-multiple-vulnerabilities-35bdee52c8fb
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35413
|
||||
- https://azuremarketplace.microsoft.com/en/marketplace/apps/penta-security-systems-inc.wapples_sa_v6?tab=Overview
|
||||
classification:
|
||||
cve-id: CVE-2022-35413
|
||||
metadata:
|
||||
shodan-query: http.title:"Intelligent WAPPLES"
|
||||
verified: "true"
|
||||
|
|
|
@ -1,20 +1,20 @@
|
|||
id: CVE-2022-35416
|
||||
|
||||
info:
|
||||
name: H3C SSL VPN through 2022-07-10 - Cookie Based Cross-Site Scripting
|
||||
name: H3C SSL VPN <=2022-07-10 - Cross-Site Scripting
|
||||
author: 0x240x23elu
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS.
|
||||
H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang.
|
||||
reference:
|
||||
- https://github.com/advisories/GHSA-9x76-78gc-r3m9
|
||||
- https://github.com/Docker-droid/H3C_SSL_VPN_XSS
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-35416
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-35416
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-35416
|
||||
metadata:
|
||||
shodan-query: http.html_hash:510586239
|
||||
verified: "true"
|
||||
|
@ -42,3 +42,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,19 +1,19 @@
|
|||
id: CVE-2022-35493
|
||||
|
||||
info:
|
||||
name: eShop - Cross-Site Scripting
|
||||
name: eShop 3.0.4 - Cross-Site Scripting
|
||||
author: arafatansari
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
eShop - Multipurpose Ecommerce Store Website v3.0.4 allows Reflected Cross-site scripting vulnerability in json search parse and the json response in wrteam.in.
|
||||
eShop 3.0.4 contains a reflected cross-site scripting vulnerability in json search parse and json response in wrteam.in.
|
||||
reference:
|
||||
- https://github.com/Keyvanhardani/Exploit-eShop-Multipurpose-Ecommerce-Store-Website-3.0.4-Cross-Site-Scripting-XSS/blob/main/README.md
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-35493
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-35493
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-35493
|
||||
metadata:
|
||||
shodan-query: http.html:"eShop - Multipurpose Ecommerce"
|
||||
verified: "true"
|
||||
|
@ -38,3 +38,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,19 +1,19 @@
|
|||
id: CVE-2022-37153
|
||||
|
||||
info:
|
||||
name: Artica Proxy - Cross-Site Scripting
|
||||
name: Artica Proxy 4.30.000000 - Cross-Site Scripting
|
||||
author: arafatansari
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php.
|
||||
Artica Proxy 4.30.000000 contains a cross-site scripting vulnerability via the password parameter in /fw.login.php.
|
||||
reference:
|
||||
- https://github.com/Fjowel/CVE-2022-37153
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-37153
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-37153
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-37153
|
||||
metadata:
|
||||
shodan-query: http.html:"Artica"
|
||||
verified: "true"
|
||||
|
@ -45,3 +45,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -3,17 +3,17 @@ id: CVE-2022-38463
|
|||
info:
|
||||
name: ServiceNow - Cross-Site Scripting
|
||||
author: amanrawat
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
There exists a reflected XSS within the logout functionality of ServiceNow. This enables an unauthenticated remote attacker to execute arbitrary JavaScript.
|
||||
ServiceNow through San Diego Patch 4b and Patch 6 contains a cross-site scripting vulnerability in the logout functionality, which can enable an unauthenticated remote attacker to execute arbitrary JavaScript.
|
||||
reference:
|
||||
- https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1156793
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-38463
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-38463
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
cve-id: CVE-2022-38463
|
||||
metadata:
|
||||
shodan-query: http.title:"ServiceNow"
|
||||
verified: "true"
|
||||
|
@ -38,3 +38,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
id: tomcat-examples-login
|
||||
|
||||
info:
|
||||
name: Tomcat Examples Default Login
|
||||
name: Apache Tomcat - Default Login Discovery
|
||||
author: 0xelkomy & C0NQR0R
|
||||
severity: info
|
||||
description: Default Creds and there is XSS here, /examples/jsp/security/protected/index.jsp?dataName=%22%3E%3Cimg+src%3Dd+onerror%3Dalert%28document.cookie%29%3E&dataValue= after you login you will be able to get it.
|
||||
description: Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 default login credentials were successful.
|
||||
reference:
|
||||
- https://c0nqr0r.github.io/CVE-2022-34305/
|
||||
metadata:
|
||||
verified: true
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: default-login,tomcat
|
||||
|
||||
requests:
|
||||
|
@ -42,3 +46,5 @@ requests:
|
|||
- "You are logged in as remote user"
|
||||
- "{{username}}"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
id: dom-xss
|
||||
|
||||
info:
|
||||
name: DOM XSS Sources & Sinks
|
||||
name: DOM Invader - Cross-Site Scripting
|
||||
author: geeknik
|
||||
severity: info
|
||||
severity: high
|
||||
description: DOM Invader contains a cross-site scripting vulnerability in Sources & Sinks functionality.
|
||||
reference:
|
||||
- Inspired by https://portswigger.net/blog/introducing-dom-invader
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: xss,file
|
||||
|
||||
file:
|
||||
|
@ -44,3 +49,5 @@ file:
|
|||
- 'location(\.href|\.hash|\.search|\.pathname)?'
|
||||
- 'window\.name'
|
||||
- 'document(\.URL|\.referrer|\.documentURI|\.baseURI|\.cookie)'
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -3,9 +3,14 @@ id: window-name-domxss
|
|||
info:
|
||||
name: window.name - DOM Cross-Site Scripting
|
||||
author: pdteam
|
||||
severity: medium
|
||||
severity: high
|
||||
description: The window-name is vulnerable to DOM based cross-site scripting.
|
||||
reference:
|
||||
- https://public-firing-range.appspot.com/dom/index.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: headless,xss,domxss
|
||||
|
||||
headless:
|
||||
|
@ -87,3 +92,5 @@ headless:
|
|||
part: alerts
|
||||
kval:
|
||||
- alerts
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,13 +1,18 @@
|
|||
id: aem-setpreferences-xss
|
||||
|
||||
info:
|
||||
name: AEM setPreferences - Cross-Site Scripting
|
||||
name: Adobe Experience Manager - Cross-Site Scripting
|
||||
author: zinminphy0,dhiyaneshDK
|
||||
severity: medium
|
||||
severity: high
|
||||
description: Adobe Experience Manager contains a cross-site scripting vulnerability via setPreferences.
|
||||
reference:
|
||||
- https://www.youtube.com/watch?v=VwLSUHNhrOw&t=142s
|
||||
- https://github.com/projectdiscovery/nuclei-templates/issues/3225
|
||||
- https://twitter.com/zin_min_phyo/status/1465394815042916352
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
shodan-query: http.component:"Adobe Experience Manager"
|
||||
tags: aem,xss
|
||||
|
@ -30,3 +35,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 400
|
||||
|
||||
# Enhanced by mp on 2022/09/15
|
||||
|
|
|
@ -1,17 +1,22 @@
|
|||
id: aem-xss-childlist-selector
|
||||
|
||||
info:
|
||||
name: XSS in childlist selector
|
||||
name: Adobe Experience Manager - Cross-Site Scripting
|
||||
author: dhiyaneshDk
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
Requests using the selector childlist can an XSS when the dispatcher does not respect the content-type responded by AEM and flips from application/json to text/html. As a consequence the reflected suffix is executed and interpreted in the browser.
|
||||
Adobe Experience Manager contains a cross-site scripting vulnerability via requests using the selector childlist when the dispatcher does not respect the content-type responded by AEM and flips from application/json to text/html. As a consequence, the reflected suffix is executed and interpreted in the browser.
|
||||
reference:
|
||||
- https://github.com/thomashartm/burp-aem-scanner/blob/master/src/main/java/burp/actions/xss/FlippingTypeWithChildrenlistSelector.java
|
||||
- https://cystack.net/en/plugins/cystack.remote.aem_childlist_selector_xss
|
||||
metadata:
|
||||
shodan-query:
|
||||
- http.title:"AEM Sign In"
|
||||
- http.component:"Adobe Experience Manager"
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: xss,aem,adobe
|
||||
|
||||
requests:
|
||||
|
@ -35,3 +40,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -3,13 +3,18 @@ id: akamai-arl-xss
|
|||
info:
|
||||
name: Open Akamai ARL - Cross-Site Scripting
|
||||
author: pdteam
|
||||
severity: medium
|
||||
severity: high
|
||||
description: Open Akamai ARL contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site.
|
||||
reference:
|
||||
- https://github.com/war-and-code/akamai-arl-hack
|
||||
- https://twitter.com/SpiderSec/status/1421176297548435459
|
||||
- https://warandcode.com/post/akamai-arl-hack/
|
||||
- https://github.com/cybercdh/goarl
|
||||
- https://community.akamai.com/customers/s/article/WebPerformanceV1V2ARLChangeStartingFebruary282021?language=en_US
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: akamai,xss
|
||||
|
||||
requests:
|
||||
|
@ -29,3 +34,5 @@ requests:
|
|||
part: header
|
||||
words:
|
||||
- 'text/html'
|
||||
|
||||
# Enhanced by mp on 2022/09/14
|
||||
|
|
|
@ -1,12 +1,16 @@
|
|||
id: apache-tomcat-snoop
|
||||
|
||||
info:
|
||||
name: Apache Tomcat example page disclosure - snoop
|
||||
name: Apache Tomcat 4.x-7.x - Cross-Site Scripting
|
||||
author: pdteam
|
||||
severity: low
|
||||
description: The following example scripts that come with Apache Tomcat v4.x - v7.x and can be used by attackers to gain information about the system. These scripts are also known to be vulnerable to cross site scripting (XSS) injection.
|
||||
severity: high
|
||||
description: Apache Tomcat 4.x through 7.x contains a cross-site scripting vulnerability which can be used by an attacker to execute arbitrary script in the browser of an unsuspecting user in the context of the affected site.
|
||||
reference:
|
||||
- https://www.rapid7.com/db/vulnerabilities/apache-tomcat-example-leaks
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
shodan-query: title:"Apache Tomcat"
|
||||
tags: apache,misconfig,tomcat,disclosure
|
||||
|
@ -25,3 +29,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/15
|
||||
|
|
|
@ -1,15 +1,17 @@
|
|||
id: openbmcs-ssrf
|
||||
|
||||
info:
|
||||
name: OpenBMCS 2.4 Unauthenticated SSRF / RFI
|
||||
name: OpenBMCS 2.4 - Server-Side Request Forgery / Remote File Inclusion
|
||||
author: dhiyaneshDK
|
||||
severity: high
|
||||
description: Unauthenticated Server-Side Request Forgery (SSRF) and Remote File Include (RFI) vulnerability exists in OpenBMCS within its functionalities. The application parses user supplied data in the POST parameter
|
||||
'ip' to query a server IP on port 81 by default. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary
|
||||
destination host. This can be used by an external attacker for example to bypass firewalls and initiate a service and network enumeration on the internal network through the affected application, allows hijacking
|
||||
the current session of the user, execute cross-site scripting code or changing the look of the page and content modification on current display
|
||||
description: OpenBMCS 2.4 is susceptible to unauthenticated server-side request forgery and remote file inclusion vulnerabilities within its functionalities. The application parses user supplied data in the POST parameter 'ip' to query a server IP on port 81 by default. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/50670
|
||||
- https://securityforeveryone.com/tools/openbmcs-unauth-ssrf-rfi-vulnerability-scanner
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 6.8
|
||||
cwe-id: CWE-918
|
||||
metadata:
|
||||
shodan-query: http.favicon.hash:1550906681
|
||||
tags: ssrf,oast,openbmcs,edb
|
||||
|
@ -33,3 +35,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 302
|
||||
|
||||
# Enhanced by mp on 2022/09/15
|
||||
|
|
|
@ -1,11 +1,18 @@
|
|||
id: wildcard-postmessage
|
||||
|
||||
info:
|
||||
name: Wildcard postMessage detection
|
||||
name: postMessage - Cross-Site Scripting
|
||||
author: pdteam
|
||||
severity: info
|
||||
severity: high
|
||||
description: postMessage contains a cross-site scripting vulnerability. An attacker can execute arbitrary script and therefore steal cookie-based authentication credentials and launch other attacks.
|
||||
reference:
|
||||
- https://jlajara.gitlab.io/web/2020/06/12/Dom_XSS_PostMessage.html
|
||||
- https://payatu.com/blog/anubhav.singh/postmessage-vulnerabilities
|
||||
- https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: xss,postmessage
|
||||
|
||||
requests:
|
||||
|
@ -17,3 +24,5 @@ requests:
|
|||
- type: regex
|
||||
regex:
|
||||
- postMessage\([a-zA-Z]+,["']\*["']\)
|
||||
|
||||
# Enhanced by mp on 2022/09/15
|
||||
|
|
|
@ -1,13 +1,17 @@
|
|||
id: xss-deprecated-header-detect
|
||||
|
||||
info:
|
||||
name: Detect Deprecated XSS Protection Header
|
||||
name: XSS-Protection Header - Cross-Site Scripting
|
||||
author: joshlarsen
|
||||
severity: info
|
||||
description: Setting the XSS-Protection header is deprecated by most browsers. Setting the header to anything other than `0` can actually introduce an XSS vulnerability.
|
||||
severity: high
|
||||
description: XSS-Protection header in Explorer, Chrome, and Safari contains a cross-site scripting vulnerability if set to any value other than `0`.
|
||||
reference:
|
||||
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
|
||||
- https://owasp.org/www-project-secure-headers/#x-xss-protection
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: xss,misconfig,generic
|
||||
|
||||
requests:
|
||||
|
@ -34,3 +38,5 @@ requests:
|
|||
part: header
|
||||
kval:
|
||||
- x_xss_protection
|
||||
|
||||
# Enhanced by mp on 2022/09/15
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
id: concrete-xss
|
||||
|
||||
info:
|
||||
name: Concrete - Unauthenticated Reflected XSS in preview_as_user function
|
||||
name: Concrete CMS <8.5.2 - Cross-Site Scripting
|
||||
author: shifacyclewla,hackergautam,djoevanka
|
||||
severity: medium
|
||||
description: The Concrete CMS < 8.5.2 is vulnerable to Reflected XSS using cID parameter.
|
||||
severity: high
|
||||
description: Concrete CMS before 8.5.2 contains a cross-site scripting vulnerability in preview_as_user function using cID parameter.
|
||||
reference:
|
||||
- https://hackerone.com/reports/643442
|
||||
- https://github.com/concrete5/concrete5/pull/7999
|
||||
- https://twitter.com/JacksonHHax/status/1389222207805661187
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: hackerone,concrete,xss,cms,unauth
|
||||
|
||||
requests:
|
||||
|
@ -33,3 +37,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/15
|
||||
|
|
|
@ -1,15 +1,19 @@
|
|||
id: dedecms-config-xss
|
||||
|
||||
info:
|
||||
name: DedeCMS V5.7 config.php Cross-Site Scripting
|
||||
name: DedeCMS 5.7 - Cross-Site Scripting
|
||||
author: ritikchaddha
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
DeDeCMS v5.7 has an XSS vulnerability in the '/include/dialog/config.php' file, and attackers can use this vulnerability to steal user cookies, hang horses, etc.
|
||||
DeDeCMS 5.7 contains a cross-site scripting vulnerability in the '/include/dialog/config.php' file. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site.
|
||||
reference:
|
||||
- https://www.zilyun.com/8665.html
|
||||
- https://www.60ru.com/161.html
|
||||
- https://www.cnblogs.com/milantgh/p/3615853.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"DedeCms"
|
||||
|
@ -35,3 +39,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/15
|
||||
|
|
Loading…
Reference in New Issue