Merge pull request #2626 from projectdiscovery/cve-annotations

Added cve annotations + severity adjustments

cves/2011/CVE-2011-4336.yaml

@@ -10,6 +10,11 @@ info:
     - https://www.securityfocus.com/bid/48806/info
     - https://seclists.org/bugtraq/2011/Nov/140
   tags: cve,cve2011,xss,tikiwiki
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2011-4336
+    cwe-id: CWE-79
 
 requests:
   - method: GET

cves/2012/CVE-2012-4242.yaml

@@ -6,6 +6,7 @@ info:
   severity: medium
   reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4242
   tags: cve,cve2012,wordpress,xss,wp-plugin
+  description: "Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page."
 
 requests:
   - method: GET

cves/2013/CVE-2013-2287.yaml

@@ -6,6 +6,7 @@ info:
   severity: medium
   reference: https://nvd.nist.gov/vuln/detail/CVE-2013-2287
   tags: cve,cve2013,wordpress,xss,wp-plugin
+  description: "Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter."
 
 requests:
   - method: GET

cves/2013/CVE-2013-3526.yaml

@@ -6,6 +6,7 @@ info:
   severity: medium
   reference: https://nvd.nist.gov/vuln/detail/CVE-2013-3526
   tags: cve,cve2013,wordpress,xss,wp-plugin
+  description: "Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter."
 
 requests:
   - method: GET

cves/2014/CVE-2014-2323.yaml

@@ -7,6 +7,11 @@ info:
   author: geeknik
   severity: critical
   tags: cve,cve2014,sqli,lighttpd
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.80
+    cve-id: CVE-2014-2323
+    cwe-id: CWE-89
 
 requests:
   - raw:

cves/2014/CVE-2014-3744.yaml

@@ -9,6 +9,11 @@ info:
     - https://snyk.io/vuln/npm:st:20140206
   severity: high
   tags: cve,cve2014,lfi,nodejs,st
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.50
+    cve-id: CVE-2014-3744
+    cwe-id: CWE-22
 
 requests:
   - method: GET

cves/2014/CVE-2014-4210.yaml

@@ -8,6 +8,7 @@ info:
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2014-4210
     - https://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cve-2014-4.html
+  description: "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services."
 
 requests:
   - method: GET

cves/2014/CVE-2014-4535.yaml

@@ -8,6 +8,12 @@ info:
     - https://wpscan.com/vulnerability/7fb78d3c-f784-4630-ad92-d33e5de814fd
     - https://nvd.nist.gov/vuln/detail/CVE-2014-4535
   tags: cve,cve2014,wordpress,wp-plugin,xss
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2014-4535
+    cwe-id: CWE-79
+  description: "Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php."
 
 requests:
   - method: GET

cves/2014/CVE-2014-4536.yaml

@@ -8,6 +8,12 @@ info:
     - https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f
     - https://nvd.nist.gov/vuln/detail/CVE-2014-4536
   tags: cve,cve2014,wordpress,wp-plugin,xss
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2014-4536
+    cwe-id: CWE-79
+  description: "Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter."
 
 requests:
   - method: GET

cves/2014/CVE-2014-6271.yaml

@@ -3,13 +3,18 @@ id: CVE-2014-6271
 info:
   name: Shellshock
   author: pentest_swissky
-  severity: high
+  severity: critical
   description: Attempts to exploit the "shellshock" vulnerability (CVE-2014-6271 and CVE-2014-7169) in web applications
   reference:
     - http://www.kb.cert.org/vuls/id/252743
     - http://www.us-cert.gov/ncas/alerts/TA14-268A
   tags: cve,cve2014,rce
 
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.80
+    cve-id: CVE-2014-6271
+    cwe-id: CWE-78
 requests:
   - method: GET
     path:

cves/2014/CVE-2014-6308.yaml

@@ -6,6 +6,7 @@ info:
   severity: high
   reference: https://packetstormsecurity.com/files/128285/OsClass-3.4.1-Local-File-Inclusion.html
   tags: cve,cve2014,lfi
+  description: "Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php."
 
 requests:
   - method: GET

cves/2014/CVE-2014-9094.yaml

@@ -6,6 +6,7 @@ info:
   severity: medium
   reference: https://nvd.nist.gov/vuln/detail/CVE-2014-9094
   tags: cve,2014,wordpress,xss,wp-plugin
+  description: "Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter."
 
 requests:
   - method: GET

cves/2015/CVE-2015-1000012.yaml

@@ -8,6 +8,12 @@ info:
     - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012
   tags: cve,cve2015,wordpress,wp-plugin,lfi
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.50
+    cve-id: CVE-2015-1000012
+    cwe-id: CWE-200
+  description: "Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin"
 
 requests:
   - method: GET

cves/2015/CVE-2015-2080.yaml

@@ -3,7 +3,7 @@ id: CVE-2015-2080
 info:
   name: Eclipse Jetty Remote Leakage
   author: pikpikcu
-  severity: medium
+  severity: high
   reference:
     - https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md
     - https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
@@ -11,6 +11,11 @@ info:
   description: |
     The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak
   tags: cve,cve2015,jetty
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.50
+    cve-id: CVE-2015-2080
+    cwe-id: CWE-200
 
 requests:
   - method: POST

cves/2015/CVE-2015-2807.yaml

@@ -8,6 +8,7 @@ info:
     - https://advisories.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/
     - https://nvd.nist.gov/vuln/detail/CVE-2015-2807
   tags: cve,cve2015,wordpress,wp-plugin,xss
+  description: "Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter."
 
 requests:
   - method: GET

cves/2015/CVE-2015-6544.yaml

@@ -8,6 +8,11 @@ info:
     Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title.
   reference: https://nvd.nist.gov/vuln/detail/CVE-2015-6544
   tags: cve,cve2015,xss,itop
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2015-6544
+    cwe-id: CWE-79
 
 requests:
   - method: GET

cves/2015/CVE-2015-8349.yaml

@@ -7,6 +7,11 @@ info:
   description: Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.
   reference: https://nvd.nist.gov/vuln/detail/CVE-2015-8349
   tags: cve,cve2015,xss,sourcebans
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2015-8349
+    cwe-id: CWE-79
 
 requests:
   - method: GET

cves/2015/CVE-2015-8399.yaml

@@ -6,6 +6,11 @@ info:
   description: Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.
   reference: https://jira.atlassian.com/browse/CONFSERVER-39704?src=confmacro
   tags: cve,cve2015,atlassian,confluence
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
+    cvss-score: 4.30
+    cve-id: CVE-2015-8399
+    cwe-id: CWE-200
 
 requests:
   - method: GET

cves/2015/CVE-2015-8813.yaml

@@ -9,6 +9,11 @@ info:
     - https://blog.securelayer7.net/umbraco-the-open-source-asp-net-cms-multiple-vulnerabilities/
     - https://nvd.nist.gov/vuln/detail/CVE-2015-8813
   tags: cve,cve2015,ssrf,oob
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
+    cvss-score: 8.20
+    cve-id: CVE-2015-8813
+    cwe-id: CWE-918
 
 requests:
   - method: GET

cves/2015/CVE-2015-9414.yaml

@@ -8,6 +8,12 @@ info:
     - https://wpscan.com/vulnerability/2ac2d43f-bf3f-4831-9585-5c5484051095
     - https://nvd.nist.gov/vuln/detail/CVE-2015-9414
   tags: cve,cve2015,wordpress,wp-plugin,xss
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2015-9414
+    cwe-id: CWE-79
+  description: "The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter."
 
 requests:
   - method: GET

cves/2015/CVE-2015-9480.yaml

@@ -8,6 +8,12 @@ info:
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9480
     - https://www.exploit-db.com/exploits/37252
   tags: cve,cve2015,wordpress,wp-plugin,lfi
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.50
+    cve-id: CVE-2015-9480
+    cwe-id: CWE-22
+  description: "The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter."
 
 requests:
   - method: GET

cves/2016/CVE-2016-0957.yaml

@@ -7,6 +7,10 @@ info:
   reference: https://www.kernelpicnic.net/2016/07/24/Microsoft-signout.live.com-Remote-Code-Execution-Write-Up.html
   severity: high
   tags: cve,cve2016,adobe,aem
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.50
+    cve-id: CVE-2016-0957
 
 requests:
   - method: GET

cves/2016/CVE-2016-1000126.yaml

@@ -6,6 +6,12 @@ info:
   severity: medium
   reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000126
   tags: cve,cve2016,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000126
+    cwe-id: CWE-79
+  description: "Reflected XSS in wordpress plugin admin-font-editor v1.8"
 
 requests:
   - method: GET

cves/2016/CVE-2016-1000127.yaml

@@ -7,6 +7,11 @@ info:
   description: Reflected XSS in wordpress plugin ajax-random-post v2.00
   reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000127
   tags: cve,cve2016,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000127
+    cwe-id: CWE-79
 
 requests:
   - method: GET

cves/2016/CVE-2016-1000128.yaml

@@ -9,6 +9,11 @@ info:
     - http://www.vapidlabs.com/wp/wp_advisory.php?v=161
     - https://wordpress.org/plugins/anti-plagiarism
   tags: cve,cve2016,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000128
+    cwe-id: CWE-79
 
 requests:
   - method: GET

cves/2016/CVE-2016-1000129.yaml

@@ -7,6 +7,11 @@ info:
   description: Reflected XSS in wordpress plugin defa-online-image-protector v3.3
   reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000129
   tags: cve,cve2016,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000129
+    cwe-id: CWE-79
 
 requests:
   - method: GET

cves/2016/CVE-2016-1000130.yaml

@@ -7,6 +7,11 @@ info:
   description: Reflected XSS in wordpress plugin e-search v1.0
   reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000130
   tags: cve,cve2016,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000130
+    cwe-id: CWE-79
 
 requests:
   - method: GET

cves/2016/CVE-2016-1000131.yaml

@@ -6,6 +6,12 @@ info:
   severity: medium
   reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000131
   tags: cve,cve2016,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000131
+    cwe-id: CWE-79
+  description: "Reflected XSS in wordpress plugin e-search v1.0"
 
 requests:
   - method: GET

cves/2016/CVE-2016-1000132.yaml

@@ -7,6 +7,11 @@ info:
   description: Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8
   reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000132
   tags: cve,cve2016,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000132
+    cwe-id: CWE-79
 
 requests:
   - method: GET

cves/2016/CVE-2016-1000133.yaml

@@ -7,6 +7,11 @@ info:
   description: Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1
   reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000133
   tags: cve,cve2016,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000133
+    cwe-id: CWE-79
 
 requests:
   - method: GET

cves/2016/CVE-2016-1000134.yaml

@@ -7,6 +7,11 @@ info:
   description: Reflected XSS in wordpress plugin hdw-tube v1.2
   reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000134
   tags: cve,cve2016,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000134
+    cwe-id: CWE-79
 
 requests:
   - method: GET

cves/2016/CVE-2016-1000135.yaml

@@ -7,6 +7,11 @@ info:
   description: Reflected XSS in wordpress plugin hdw-tube v1.2
   reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000135
   tags: cve,cve2016,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000135
+    cwe-id: CWE-79
 
 requests:
   - method: GET

cves/2016/CVE-2016-1000137.yaml

@@ -6,6 +6,12 @@ info:
   severity: medium
   reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=658
   tags: cve,cve2016,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000137
+    cwe-id: CWE-79
+  description: "Reflected XSS in wordpress plugin hero-maps-pro v2.1.0"
 
 requests:
   - method: GET

cves/2016/CVE-2016-1000138.yaml

@@ -6,6 +6,12 @@ info:
   severity: medium
   reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=38
   tags: cve,cve2016,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000138
+    cwe-id: CWE-79
+  description: "Reflected XSS in wordpress plugin indexisto v1.0.5"
 
 requests:
   - method: GET

cves/2016/CVE-2016-1000139.yaml

@@ -8,6 +8,12 @@ info:
     - https://wpscan.com/vulnerability/0a60039b-a08a-4f51-a540-59f397dceb6a
     - https://nvd.nist.gov/vuln/detail/CVE-2016-1000139
   tags: cve,cve2016,wordpress,wp-plugin,xss
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000139
+    cwe-id: CWE-79
+  description: "Reflected XSS in wordpress plugin infusionsoft v1.5.11"
 
 requests:
   - method: GET

cves/2016/CVE-2016-1000140.yaml

@@ -6,6 +6,12 @@ info:
   severity: medium
   reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000140
   tags: cve,cve2016,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000140
+    cwe-id: CWE-79
+  description: "Reflected XSS in wordpress plugin new-year-firework v1.1.9"
 
 requests:
   - method: GET

cves/2016/CVE-2016-1000146.yaml

@@ -6,6 +6,12 @@ info:
   severity: medium
   reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000146
   tags: cve,cve2016,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000146
+    cwe-id: CWE-79
+  description: "Reflected XSS in wordpress plugin pondol-formmail v1.1"
 
 requests:
   - method: GET

cves/2016/CVE-2016-1000148.yaml

@@ -8,6 +8,12 @@ info:
     - https://wpscan.com/vulnerability/ead796ed-202a-451f-b041-d39c9cf1fb54
     - https://nvd.nist.gov/vuln/detail/CVE-2016-1000148
   tags: cve,cve2016,wordpress,wp-plugin,xss
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000148
+    cwe-id: CWE-79
+  description: "Reflected XSS in wordpress plugin s3-video v0.983"
 
 requests:
   - method: GET

cves/2016/CVE-2016-1000149.yaml

@@ -6,6 +6,12 @@ info:
   severity: medium
   reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000149
   tags: cve,cve2016,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000149
+    cwe-id: CWE-79
+  description: "Reflected XSS in wordpress plugin simpel-reserveren v3.5.2"
 
 requests:
   - method: GET

cves/2016/CVE-2016-1000152.yaml

@@ -7,6 +7,11 @@ info:
   description: Reflected XSS in wordpress plugin tidio-form v1.0
   reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000152
   tags: cve,cve2016,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000152
+    cwe-id: CWE-79
 
 requests:
   - method: GET

cves/2016/CVE-2016-1000153.yaml

@@ -6,6 +6,12 @@ info:
   severity: medium
   reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000153
   tags: cve,cve2016,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000153
+    cwe-id: CWE-79
+  description: "Reflected XSS in wordpress plugin tidio-gallery v1.1"
 
 requests:
   - method: GET

cves/2016/CVE-2016-1000154.yaml

@@ -7,6 +7,11 @@ info:
   description: Reflected XSS in wordpress plugin whizz v1.0.
   reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000154
   tags: cve,cve2016,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000154
+    cwe-id: CWE-79
 
 requests:
   - method: GET

cves/2016/CVE-2016-1000155.yaml

@@ -6,6 +6,12 @@ info:
   severity: medium
   reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000155
   tags: cve,cve2016,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-1000155
+    cwe-id: CWE-79
+  description: "Reflected XSS in wordpress plugin wpsolr-search-engine v7.6"
 
 requests:
   - method: GET

cves/2016/CVE-2016-10033.yaml

@@ -2,10 +2,15 @@ id: CVE-2016-10033
 info:
   name: Wordpress 4.6 Remote Code Execution
   author: princechaddha
-  severity: high
+  severity: critical
   description: The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
   reference: https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html
   tags: wordpress,cve,cve2016,rce
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.80
+    cve-id: CVE-2016-10033
+    cwe-id: CWE-77
 
 requests:
   - raw:

cves/2016/CVE-2016-10956.yaml

@@ -9,6 +9,11 @@ info:
     - https://cxsecurity.com/issue/WLB-2016080220
     - https://wpvulndb.com/vulnerabilities/8609
   tags: cve,cve2016,wordpress,wp-plugin,lfi
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.50
+    cve-id: CVE-2016-10956
+    cwe-id: CWE-20
 
 requests:
   - method: GET

cves/2016/CVE-2016-10960.yaml

@@ -3,13 +3,18 @@ id: CVE-2016-10960
 info:
   name: wSecure Lite < 2.4 - Remote Code Execution (RCE)
   author: daffainfo
-  severity: critical
+  severity: high
   description: The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
   reference:
     - https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/
     - https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wsecure-lite-remote-code-execution-2-3/
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10960
   tags: cve,cve2016,wordpress,wp-plugin,rce
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.80
+    cve-id: CVE-2016-10960
+    cwe-id: CWE-20
 
 requests:
   - method: POST

cves/2016/CVE-2016-10993.yaml

@@ -8,6 +8,12 @@ info:
     - https://www.vulnerability-lab.com/get_content.php?id=1808
     - https://nvd.nist.gov/vuln/detail/CVE-2016-10993
   tags: cve,cve2016,wordpress,wp-theme,xss
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 5.40
+    cve-id: CVE-2016-10993
+    cwe-id: CWE-79
+  description: "The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter."
 
 requests:
   - method: GET

cves/2016/CVE-2016-2004.yaml

@@ -9,6 +9,11 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/39858
     - https://nvd.nist.gov/vuln/detail/CVE-2016-2004
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.80
+    cve-id: CVE-2016-2004
+    cwe-id: CWE-306
 
 network:
   - inputs:

cves/2016/CVE-2016-2389.yaml

@@ -9,6 +9,11 @@ info:
     - https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
     - https://www.cvedetails.com/cve/CVE-2016-2389
   tags: cve,cve2016,lfi,sap
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.50
+    cve-id: CVE-2016-2389
+    cwe-id: CWE-22
 
 requests:
   - method: GET

cves/2016/CVE-2016-3081.yaml

@@ -10,6 +10,11 @@ info:
     - https://cwiki.apache.org/confluence/display/WW/S2-032
     - https://struts.apache.org/docs/s2-032.html
   tags: cve,cve2016,struts,rce,apache
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.10
+    cve-id: CVE-2016-3081
+    cwe-id: CWE-77
 
 requests:
   - raw:

cves/2016/CVE-2016-5649.yaml

@@ -7,6 +7,11 @@ info:
   description: A vulnerability exists within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface.
   tags: cve,cve2016,iot,netgear,router
   reference: https://nvd.nist.gov/vuln/detail/CVE-2016-5649
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.80
+    cve-id: CVE-2016-5649
+    cwe-id: CWE-200
 
 requests:
   - raw:

cves/2016/CVE-2016-6277.yaml

@@ -3,12 +3,17 @@ id: CVE-2016-6277
 info:
   name: NETGEAR routers (including R6400, R7000, R8000 and similar) RCE
   author: pikpikcu
-  severity: critical
+  severity: high
   description: NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
   tags: cve,cves2016,netgear,rce,iot
   reference:
     - https://www.sj-vs.net/2016/12/10/temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/
     - https://nvd.nist.gov/vuln/detail/CVE-2016-6277
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
+    cvss-score: 8.80
+    cve-id: CVE-2016-6277
+    cwe-id: CWE-352
 
 requests:
   - method: GET

cves/2016/CVE-2016-7552.yaml

@@ -7,6 +7,11 @@ info:
   description: On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.
   reference: https://gist.github.com/malerisch/5de8b408443ee9253b3954a62a8d97b4
   tags: cve,cve2016,lfi
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.80
+    cve-id: CVE-2016-7552
+    cwe-id: CWE-22
 
 requests:
   - method: GET

cves/2016/CVE-2016-7981.yaml

@@ -8,6 +8,11 @@ info:
     Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
   reference: https://nvd.nist.gov/vuln/detail/CVE-2016-7981
   tags: cve,cve2016,xss,spip
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2016-7981
+    cwe-id: CWE-79
 
 requests:
   - method: GET

cves/2017/CVE-2017-1000028.yaml

@@ -7,6 +7,11 @@ info:
   description: Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
   reference: https://www.exploit-db.com/exploits/45196
   tags: cve,cve2017,oracle,glassfish,lfi
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.50
+    cve-id: CVE-2017-1000028
+    cwe-id: CWE-22
 
 requests:
   - method: GET

cves/2017/CVE-2017-1000170.yaml

@@ -7,6 +7,11 @@ info:
   reference: https://www.exploit-db.com/exploits/49693
   description: jqueryFileTree 2.1.5 and older Directory Traversal
   tags: cve,cve2017,wordpress,wp-plugin,lfi
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.50
+    cve-id: CVE-2017-1000170
+    cwe-id: CWE-22
 
 requests:
   - method: POST

cves/2017/CVE-2017-1000486.yaml

@@ -11,6 +11,11 @@ info:
     - https://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html
     - https://nvd.nist.gov/vuln/detail/CVE-2017-1000486
   tags: cve,cve2017,primetek,rce
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.80
+    cve-id: CVE-2017-1000486
+    cwe-id: CWE-326
 
 requests:
   - raw:

cves/2017/CVE-2017-10075.yaml

@@ -3,10 +3,14 @@ id: CVE-2017-10075
 info:
   name: Oracle Content Server XSS
   author: madrobot
-  severity: medium
+  severity: high
   description: The vulnerability can be used to include HTML or JavaScript code to the affected web page. The code is executed in the browser of users if they visit the manipulated site.
   reference: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
   tags: cve,cve2017,xss,oracle
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
+    cvss-score: 8.20
+    cve-id: CVE-2017-10075
 
 requests:
   - method: GET

cves/2017/CVE-2017-10271.yaml

@@ -9,6 +9,10 @@ info:
     - https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271
     - https://github.com/SuperHacker-liuan/cve-2017-10271-poc
   tags: cve,cve2017,rce,oracle,weblogic
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
+    cvss-score: 7.50
+    cve-id: CVE-2017-10271
 
 requests:
   - raw:

cves/2017/CVE-2017-11444.yaml

@@ -3,12 +3,17 @@ id: CVE-2017-11444
 info:
   name: Subrion CMS SQL Injection
   author: dwisiswant0
-  severity: high
+  severity: critical
   description: Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.
   reference:
     - https://github.com/intelliants/subrion/issues/479
     - https://mp.weixin.qq.com/s/89mCnjUCvmptLsKaeVlC9Q
   tags: cve,cve2017,sqli,subrion
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.80
+    cve-id: CVE-2017-11444
+    cwe-id: CWE-89
 
 requests:
   - method: GET

cves/2017/CVE-2017-12149.yaml

@@ -10,6 +10,11 @@ info:
     - https://chowdera.com/2020/12/20201229190934023w.html
     - https://github.com/vulhub/vulhub/tree/master/jboss/CVE-2017-12149
   tags: cve,cve2017,java,rce,deserialization
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.80
+    cve-id: CVE-2017-12149
+    cwe-id: CWE-502
 
 requests:
   - raw:

cves/2017/CVE-2017-12542.yaml

@@ -9,6 +9,10 @@ info:
     - https://nvd.nist.gov/vuln/detail/CVE-2017-12542
     - https://www.exploit-db.com/exploits/44005
   tags: cve,cve2017,ilo4,hpe
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.00
+    cve-id: CVE-2017-12542
 
 requests:
   - method: GET

cves/2017/CVE-2017-12611.yaml

@@ -7,6 +7,11 @@ info:
   description: In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
   reference: https://struts.apache.org/docs/s2-053.html
   tags: cve,cve2017,apache,rce,struts
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.80
+    cve-id: CVE-2017-12611
+    cwe-id: CWE-20
 
 requests:
   - method: POST

cves/2017/CVE-2017-12615.yaml

@@ -3,7 +3,7 @@ id: CVE-2017-12615
 info:
   name: Apache Tomcat RCE
   author: pikpikcu
-  severity: critical
+  severity: high
   tags: cve,cve2017,apache,rce
   reference: https://github.com/vulhub/vulhub/tree/master/tomcat/CVE-2017-12615
   description: |
@@ -11,6 +11,11 @@ info:
     This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server.
     However, due to the insufficient checks, an attacker could gain remote code execution on 7.0.{0 to 79}
     Tomcat servers that has enabled PUT by requesting PUT method on the Tomcat server using a specially crafted HTTP request.
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.10
+    cve-id: CVE-2017-12615
+    cwe-id: CWE-434
 
 requests:
   - method: PUT

cves/2017/CVE-2017-12629.yaml

@@ -10,6 +10,12 @@ info:
     - https://twitter.com/honoki/status/1298636315613974532
     - https://github.com/vulhub/vulhub/tree/master/solr/CVE-2017-12629-XXE
     - https://github.com/vulhub/vulhub/tree/master/solr/CVE-2017-12629-RCE
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.80
+    cve-id: CVE-2017-12629
+    cwe-id: CWE-611
+  description: "Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr."
 
 requests:
   - raw:

cves/2017/CVE-2017-12635.yaml

@@ -3,10 +3,15 @@ id: CVE-2017-12635
 info:
   name: Apache CouchDB 1.7.0 / 2.x < 2.1.1 Remote Privilege Escalation
   author: pikpikcu
-  severity: high
+  severity: critical
   description: Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.
   reference: https://github.com/assalielmehdi/CVE-2017-12635
   tags: cve,cve2017,couchdb
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.80
+    cve-id: CVE-2017-12635
+    cwe-id: CWE-269
 
 requests:
   - raw:

cves/2017/CVE-2017-12637.yaml

@@ -10,6 +10,11 @@ info:
     - https://www.cvedetails.com/cve/CVE-2017-12637/
     - https://nvd.nist.gov/vuln/detail/CVE-2017-12637
     - https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_SAP-Bugs-The-Phantom-Security.pdf
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.50
+    cve-id: CVE-2017-12637
+    cwe-id: CWE-22
 
 requests:
   - method: GET

cves/2017/CVE-2017-12794.yaml

@@ -10,6 +10,11 @@ info:
   description: |
     In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings.
   tags: xss,django,cve,cve2017
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2017-12794
+    cwe-id: CWE-79
 
 requests:
   - method: GET

cves/2017/CVE-2017-14535.yaml

@@ -8,6 +8,12 @@ info:
     - https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/
     - https://www.exploit-db.com/exploits/49913
   tags: cve,cve2017,trixbox,rce
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.80
+    cve-id: CVE-2017-14535
+    cwe-id: CWE-78
+  description: "trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php."
 
 requests:
   - raw:

cves/2017/CVE-2017-14537.yaml

@@ -10,6 +10,11 @@ info:
     - https://nvd.nist.gov/vuln/detail/CVE-2017-14537
     - https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/
     - https://sourceforge.net/projects/asteriskathome/ # vendor homepage
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 6.50
+    cve-id: CVE-2017-14537
+    cwe-id: CWE-22
 
 requests:
   - raw:

cves/2017/CVE-2017-14651.yaml

@@ -6,6 +6,15 @@ info:
   severity: medium
   description: WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.
   tags: cve,cve2017,wso2,xss
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 4.80
+    cve-id: CVE-2017-14651
+    cwe-id: CWE-79
+  reference:
+    - https://github.com/cybersecurityworks/Disclosed/issues/15
+    - https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0265
+    - https://cybersecurityworks.com/zerodays/cve-2017-14651-wso2.html
 
 requests:
   - method: GET

cves/2017/CVE-2017-14849.yaml

@@ -6,6 +6,15 @@ info:
   severity: high
   description: Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.
   tags: cve,cve2017,nodejs,lfi
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.50
+    cve-id: CVE-2017-14849
+    cwe-id: CWE-22
+  reference:
+    - https://twitter.com/nodejs/status/913131152868876288
+    - https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/
+    - http://www.securityfocus.com/bid/101056
 
 requests:
   - method: GET

cves/2017/CVE-2017-15647.yaml

@@ -3,12 +3,17 @@ id: CVE-2017-15647
 info:
   name: FiberHome - Directory Traversal
   author: daffainfo
-  severity: medium
+  severity: high
   description: On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
   reference:
     - https://www.exploit-db.com/exploits/44054
     - https://www.cvedetails.com/cve/CVE-2017-15647
   tags: cve,cve2017,lfi,router
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.50
+    cve-id: CVE-2017-15647
+    cwe-id: CWE-22
 
 requests:
   - method: GET

cves/2017/CVE-2017-15715.yaml

@@ -7,6 +7,11 @@ info:
   reference: https://github.com/vulhub/vulhub/tree/master/httpd/CVE-2017-15715
   severity: high
   tags: cve,cve2017,apache,httpd,fileupload
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.10
+    cve-id: CVE-2017-15715
+    cwe-id: CWE-20
 
 requests:
   - raw:

cves/2017/CVE-2017-15944.yaml

@@ -7,8 +7,12 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/43342
     - http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html
-  severity: high
+  severity: critical
   tags: cve,cve2017,rce,vpn,paloalto,globalprotect
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.80
+    cve-id: CVE-2017-15944
 
 requests:
   - raw:

cves/2017/CVE-2017-16806.yaml

@@ -6,6 +6,12 @@ info:
   reference: https://www.exploit-db.com/exploits/43141
   severity: high
   tags: cve,cve2017,ulterius,traversal
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.50
+    cve-id: CVE-2017-16806
+    cwe-id: CWE-22
+  description: "The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal."
 
 requests:
   - method: GET

cves/2017/CVE-2017-16877.yaml

@@ -7,6 +7,11 @@ info:
   description: ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
   reference: https://medium.com/@theRaz0r/arbitrary-file-reading-in-next-js-2-4-1-34104c4e75e9
   tags: cve,cve2017,nextjs,lfi
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.50
+    cve-id: CVE-2017-16877
+    cwe-id: CWE-22
 
 requests:
   - method: GET

cves/2017/CVE-2017-17043.yaml

@@ -7,6 +7,11 @@ info:
   description: The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly.
   reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17043
   tags: cve,cve2017,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2017-17043
+    cwe-id: CWE-79
 
 requests:
   - method: GET

cves/2017/CVE-2017-17059.yaml

@@ -9,6 +9,11 @@ info:
     - https://github.com/NaturalIntelligence/wp-thumb-post/issues/1
     - https://nvd.nist.gov/vuln/detail/CVE-2017-17059
   tags: cve,cve2017,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2017-17059
+    cwe-id: CWE-79
 
 requests:
   - method: POST

cves/2017/CVE-2017-17451.yaml

@@ -7,6 +7,11 @@ info:
   description: The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.
   reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17451
   tags: cve,cve2017,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2017-17451
+    cwe-id: CWE-79
 
 requests:
   - method: GET

cves/2017/CVE-2017-17562.yaml

@@ -10,6 +10,11 @@ info:
     - https://github.com/vulhub/vulhub/tree/master/goahead/CVE-2017-17562
   severity: high
   tags: cve,cve2017,rce,embedthis,goahead,fuzz
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.10
+    cve-id: CVE-2017-17562
+    cwe-id: CWE-20
 
 requests:
   - raw:

cves/2017/CVE-2017-18024.yaml

@@ -11,6 +11,11 @@ info:
   description: |
     AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.
   tags: cve,cve2017,xss,avantfax
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2017-18024
+    cwe-id: CWE-79
 
 requests:
   - raw:

cves/2017/CVE-2017-18536.yaml

@@ -7,6 +7,11 @@ info:
   description: The Stop User Enumeration WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability.
   reference: https://wpscan.com/vulnerability/956cc5fd-af06-43ac-aa85-46b468c73501
   tags: cve,cve2017,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2017-18536
+    cwe-id: CWE-79
 
 requests:
   - method: GET

cves/2017/CVE-2017-18638.yaml

@@ -11,6 +11,11 @@ info:
     - https://github.com/advisories/GHSA-vfj6-275q-4pvm
     - https://nvd.nist.gov/vuln/detail/CVE-2017-18638
   tags: cve,cve2017,graphite,ssrf,oob
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.50
+    cve-id: CVE-2017-18638
+    cwe-id: CWE-918
 
 requests:
   - method: GET

cves/2017/CVE-2017-3506.yaml

@@ -9,6 +9,10 @@ info:
   reference:
     - https://hackerone.com/reports/810778
     - https://nvd.nist.gov/vuln/detail/CVE-2017-3506
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
+    cvss-score: 7.40
+    cve-id: CVE-2017-3506
 
 requests:
   - raw:

cves/2017/CVE-2017-3528.yaml

@@ -3,11 +3,17 @@ id: CVE-2017-3528
 info:
   name: Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect
   author: 0x_Akoko
-  severity: low
+  severity: medium
   reference:
     - https://blog.zsec.uk/cve-2017-3528/
     - https://www.exploit-db.com/exploits/43592
   tags: oracle,redirect
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
+    cvss-score: 5.40
+    cve-id: CVE-2017-3528
+    cwe-id: CWE-601
+  description: "Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)."
 
 requests:
   - method: GET

cves/2017/CVE-2017-3881.yaml

@@ -10,6 +10,11 @@ info:
     - https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/dos/cisco/ios_telnet_rocem.md
   description: RCE exploit code is available for Cisco Catalyst 2960 switch model. This exploit is firmware dependent.
   tags: cve,cve2017,cisco,rce,network
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.80
+    cve-id: CVE-2017-3881
+    cwe-id: CWE-20
 
 network:
   - inputs:

cves/2017/CVE-2017-4011.yaml

@@ -10,6 +10,11 @@ info:
     - https://kc.mcafee.com/corporate/index?page=content&id=SB10198
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-4011
   tags: cve,cve2017,mcafee,xss
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2017-4011
+    cwe-id: CWE-79
 
 requests:
   - method: GET

cves/2017/CVE-2017-5487.yaml

@@ -3,12 +3,17 @@ id: CVE-2017-5487
 info:
   name: WordPress Core < 4.7.1 - Username Enumeration
   author: Manas_Harsh,daffainfo,geeknik
-  severity: info
+  severity: medium
   description: wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
   tags: cve,cve2017,wordpress
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2017-5487
     - https://www.exploit-db.com/exploits/41497
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-score: 5.30
+    cve-id: CVE-2017-5487
+    cwe-id: CWE-200
 
 requests:
   - method: GET

cves/2017/CVE-2017-5521.yaml

@@ -2,12 +2,17 @@ id: CVE-2017-5521
 info:
   name: Bypassing Authentication on NETGEAR Routers
   author: princechaddha
-  severity: medium
+  severity: high
   description: An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices.They are prone to password disclosure via simple crafted requests to the web management server.
   reference:
     - https://www.cvedetails.com/cve/CVE-2017-5521/
     - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2017-5521-bypassing-authentication-on-netgear-routers/
   tags: cve,cve2017,auth-bypass
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.10
+    cve-id: CVE-2017-5521
+    cwe-id: CWE-200
 
 requests:
   - method: GET

cves/2017/CVE-2017-5638.yaml

@@ -6,6 +6,11 @@ info:
   description: Struts is vulnerable to remote command injection attacks through incorrectly parsing an attacker’s invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server.
   tags: cve,cve2017,struts,rce,apache
   reference: https://github.com/mazen160/struts-pwn
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.00
+    cve-id: CVE-2017-5638
+    cwe-id: CWE-20
 
 requests:
   - raw:

cves/2017/CVE-2017-6090.yaml

@@ -3,9 +3,15 @@ id: CVE-2017-6090
 info:
   name: PhpCollab (unauthenticated) Arbitrary File Upload
   author: pikpikcu
-  severity: critical
+  severity: high
   tags: cve,cve2017,phpcollab,rce,fileupload
   reference: https://nvd.nist.gov/vuln/detail/CVE-2017-6090
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.80
+    cve-id: CVE-2017-6090
+    cwe-id: CWE-434
+  description: "Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/."
 
 requests:
   - raw:

cves/2017/CVE-2017-7269.yaml

@@ -9,6 +9,11 @@ info:
     - https://blog.0patch.com/2017/03/0patching-immortal-cve-2017-7269.html
     - https://github.com/danigargu/explodingcan/blob/master/explodingcan.py
   tags: cve,cve2017,rce
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.80
+    cve-id: CVE-2017-7269
+    cwe-id: CWE-119
 
 requests:
   - method: OPTIONS

cves/2017/CVE-2017-7391.yaml

@@ -9,6 +9,11 @@ info:
   reference:
     - https://github.com/dweeves/magmi-git/issues/522
     - https://github.com/dweeves/magmi-git/releases/download/0.7.22/magmi_full_0.7.22.zip
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2017-7391
+    cwe-id: CWE-79
 
 requests:
   - method: GET

cves/2017/CVE-2017-7615.yaml

@@ -15,6 +15,11 @@ info:
     - https://sourceforge.net/projects/mantisbt/files/mantis-stable/
     - http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt
     - https://www.exploit-db.com/exploits/41890
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.80
+    cve-id: CVE-2017-7615
+    cwe-id: CWE-640
 
 requests:
   - method: GET

cves/2017/CVE-2017-7921.yaml

@@ -2,12 +2,17 @@ id: CVE-2017-7921
 info:
   name: Hikvision Authentication Bypass
   author: princechaddha
-  severity: high
+  severity: critical
   description: An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
   reference:
     - http://www.hikvision.com/us/about_10805.html
     - https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01
   tags: cve,cve2017,auth-bypass
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.00
+    cve-id: CVE-2017-7921
+    cwe-id: CWE-287
 
 requests:
   - method: GET

cves/2017/CVE-2017-8917.yaml

@@ -2,10 +2,15 @@ id: CVE-2017-8917
 info:
   name: Joomla SQL Injection
   author: princechaddha
-  severity: high
+  severity: critical
   description: SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
   reference: https://www.cvedetails.com/cve/CVE-2017-8917/
   tags: cve,cve2017,joomla,sqli
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.80
+    cve-id: CVE-2017-8917
+    cwe-id: CWE-89
 
 requests:
   - method: GET

cves/2017/CVE-2017-9140.yaml

@@ -7,6 +7,11 @@ info:
   tags: cve,cve2017,xss,telerik
   description: Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd.
   reference: https://www.veracode.com/blog/secure-development/anatomy-cross-site-scripting-flaw-telerik-reporting-module
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2017-9140
+    cwe-id: CWE-79
 
 requests:
   - method: GET

cves/2017/CVE-2017-9288.yaml

@@ -7,6 +7,11 @@ info:
   description: The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).
   reference: https://nvd.nist.gov/vuln/detail/CVE-2017-9288
   tags: cve,cve2017,wordpress,xss,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2017-9288
+    cwe-id: CWE-79
 
 requests:
   - method: GET

cves/2017/CVE-2017-9506.yaml

@@ -3,13 +3,18 @@ id: CVE-2017-9506
 info:
   name: Jira IconURIServlet SSRF
   author: pdteam
-  severity: high
+  severity: medium
   description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
   reference:
     - http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html
     - https://ecosystem.atlassian.net/browse/OAUTH-344
     - https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3
   tags: cve,cve2017,atlassian,jira,ssrf,oob
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.10
+    cve-id: CVE-2017-9506
+    cwe-id: CWE-918
 
 requests:
   - raw: