Dashboard Content Enhancements (#5092)

Dashboard Content Enhancements

cves/2002/CVE-2002-1131.yaml

@@ -1,10 +1,10 @@
 id: CVE-2002-1131
 
 info:
-  name: SquirrelMail 1.2.6/1.2.7 - Multiple Cross-Site Scripting Vulnerabilities
+  name: SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting
   author: dhiyaneshDk
   severity: medium
-  description: The Virtual Keyboard plugin for SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+  description: The Virtual Keyboard plugin for SquirrelMail 1.2.6/1.2.7 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
   reference:
     - http://www.redhat.com/support/errata/RHSA-2002-204.html
     - http://www.debian.org/security/2002/dsa-191
@@ -12,6 +12,7 @@ info:
     - https://www.exploit-db.com/exploits/21811
     - https://web.archive.org/web/20051124131714/http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html
     - http://web.archive.org/web/20210129020617/https://www.securityfocus.com/bid/5763/
+    - https://nvd.nist.gov/vuln/detail/CVE-2002-1131
   classification:
     cve-id: CVE-2002-1131
   tags: xss,squirrelmail,cve,cve2002
@@ -41,3 +42,5 @@ requests:
         part: header
         words:
           - "text/html"
+
+# Enhanced by mp on 2022/08/12

cves/2005/CVE-2005-4385.yaml

@@ -1,14 +1,14 @@
 id: CVE-2005-4385
 
 info:
-  name: Cofax <= 2.0RC3 XSS
+  name: Cofax <=2.0RC3 - Cross-Site Scripting
   author: geeknik
   severity: medium
-  description: Cross-site scripting vulnerability in search.htm in Cofax 2.0 RC3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.
+  description: Cofax 2.0 RC3 and earlier contains a cross-site scripting vulnerability in search.htm which allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.
   reference:
     - http://pridels0.blogspot.com/2005/12/cofax-xss-vuln.html
-    - https://nvd.nist.gov/vuln/detail/CVE-2005-4385
     - http://web.archive.org/web/20210121165100/https://www.securityfocus.com/bid/15940/
+    - https://nvd.nist.gov/vuln/detail/CVE-2005-4385
   classification:
     cve-id: CVE-2005-4385
   tags: cofax,xss,cve,cve2005
@@ -27,3 +27,5 @@ requests:
         part: body
         words:
           - "'>\"</script><script>alert(document.domain)</script>"
+
+# Enhanced by mp on 2022/08/12

cves/2006/CVE-2006-1681.yaml

@@ -1,15 +1,15 @@
 id: CVE-2006-1681
 
 info:
-  name: Cherokee HTTPD <=0.5 XSS
+  name: Cherokee HTTPD <=0.5 - Cross-Site Scripting
   author: geeknik
   severity: medium
-  description: Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.
+  description: Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.
   reference:
     - http://web.archive.org/web/20210217161726/https://www.securityfocus.com/bid/17408/
-    - https://nvd.nist.gov/vuln/detail/CVE-2006-1681
     - http://web.archive.org/web/20140803090438/http://secunia.com/advisories/19587/
     - http://www.vupen.com/english/advisories/2006/1292
+    - https://nvd.nist.gov/vuln/detail/CVE-2006-1681
   classification:
     cve-id: CVE-2006-1681
   tags: cherokee,httpd,xss,cve,cve2006
@@ -32,3 +32,5 @@ requests:
         part: header
         words:
           - text/html
+
+# Enhanced by mp on 2022/08/12

cves/2007/CVE-2007-0885.yaml

@@ -1,14 +1,15 @@
 id: CVE-2007-0885
 
 info:
-  name: Rainbow.Zen Jira XSS
+  name: Jira Rainbow.Zen - Cross-Site Scripting
   author: geeknik
   severity: medium
-  description: Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter.
+  description: Jira Rainbow.Zen contains a cross-site scripting vulnerability via Jira/secure/BrowseProject.jspa which allows remote attackers to inject arbitrary web script or HTML via the id parameter.
   reference:
     - http://web.archive.org/web/20201208220614/https://www.securityfocus.com/archive/1/459590/100/0/threaded
     - https://web.archive.org/web/20210119080228/http://www.securityfocus.com/bid/22503
     - https://exchange.xforce.ibmcloud.com/vulnerabilities/32418
+    - https://nvd.nist.gov/vuln/detail/CVE-2007-0885
   classification:
     cve-id: CVE-2007-0885
   tags: cve,cve2007,jira,xss
@@ -32,3 +33,5 @@ requests:
         part: header
         words:
           - "text/html"
+
+# Enhanced by mp on 2022/08/12

cves/2007/CVE-2007-5728.yaml

@@ -1,15 +1,16 @@
 id: CVE-2007-5728
 
 info:
-  name: phpPgAdmin 4.1.1 - 'Redirect.php' Cross-Site Scripting
+  name: phpPgAdmin <=4.1.1 - Cross-Site Scripting
   author: dhiyaneshDK
   severity: medium
-  description: Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.
+  description: phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, which are different vectors than CVE-2007-2865.
   reference:
     - https://www.exploit-db.com/exploits/30090
     - http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.html
     - http://web.archive.org/web/20210130131735/https://www.securityfocus.com/bid/24182/
     - http://web.archive.org/web/20161220160642/http://secunia.com/advisories/25446/
+    - https://nvd.nist.gov/vuln/detail/CVE-2007-5728
   classification:
     cve-id: CVE-2007-5728
   metadata:
@@ -36,3 +37,5 @@ requests:
         part: header
         words:
           - "text/html"
+
+# Enhanced by mp on 2022/08/12

cves/2008/CVE-2008-2398.yaml

@@ -1,15 +1,16 @@
 id: CVE-2008-2398
 
 info:
-  name: AppServ Open Project 2.5.10 and earlier XSS
+  name: AppServ Open Project <=2.5.10 - Cross-Site Scripting
   author: unstabl3
   severity: medium
-  description: Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.
+  description: AppServ Open Project 2.5.10 and earlier contains a cross-site scripting vulnerability in index.php which allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.
   reference:
     - https://exchange.xforce.ibmcloud.com/vulnerabilities/42546
     - http://web.archive.org/web/20210121181851/https://www.securityfocus.com/bid/29291/
     - http://web.archive.org/web/20140724110348/http://secunia.com/advisories/30333/
     - http://securityreason.com/securityalert/3896
+    - https://nvd.nist.gov/vuln/detail/CVE-2008-2398
   classification:
     cve-id: CVE-2008-2398
   tags: cve,cve2008,xss
@@ -33,3 +34,5 @@ requests:
         words:
           - "text/html"
         part: header
+
+# Enhanced by mp on 2022/08/12

cves/2009/CVE-2009-1872.yaml

@@ -1,15 +1,16 @@
 id: CVE-2009-1872
 
 info:
-  name: Adobe Coldfusion 8 linked XSS vulnerabilies
+  name: Adobe Coldfusion <=8.0.1 - Cross-Site Scripting
   author: princechaddha
   severity: medium
-  description: Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.
+  description: Adobe ColdFusion Server 8.0.1 and earlier contain multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.
   reference:
     - https://web.archive.org/web/20201208121904/https://www.securityfocus.com/archive/1/505803/100/0/threaded
     - https://www.tenable.com/cve/CVE-2009-1872
     - http://www.adobe.com/support/security/bulletins/apsb09-12.html
     - http://www.dsecrg.com/pages/vul/show.php?id=122
+    - https://nvd.nist.gov/vuln/detail/CVE-2009-1872
   classification:
     cve-id: CVE-2009-1872
   metadata:
@@ -37,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2013/CVE-2013-6281.yaml

@@ -1,16 +1,17 @@
 id: CVE-2013-6281
 
 info:
-  name: WordPress Spreadsheet - dhtmlxspreadsheet Plugin Reflected XSS
+  name: WordPress Spreadsheet - Cross-Site Scripting
   author: random-robbie
   severity: medium
   description: |
-    The dhtmlxspreadsheet WordPress plugin was affected by a /dhtmlxspreadsheet/codebase/spreadsheet.php page Parameter Reflected XSS security vulnerability.
+    WordPress Spreadsheet plugin contains a reflected cross-site scripting vulnerability in /dhtmlxspreadsheet/codebase/spreadsheet.php.
   reference:
     - https://wpscan.com/vulnerability/49785932-f4e0-4aaa-a86c-4017890227bf
     - http://web.archive.org/web/20210213174519/https://www.securityfocus.com/bid/63256/
     - https://wordpress.org/plugins/dhtmlxspreadsheet/
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6281
+    - https://nvd.nist.gov/vuln/detail/CVE-2013-6281
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -44,3 +45,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2015/CVE-2015-1880.yaml

@@ -1,15 +1,15 @@
 id: CVE-2015-1880
 
 info:
-  name: XSS in Fortigates SSL VPN login page
+  name: Fortinet FortiOS <=5.2.3 - Cross-Site Scripting
   author: pikpikcu
   severity: medium
-  description: Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
+  description: Fortinet FortiOS 5.2.x before 5.2.3 contains a cross-site scripting vulnerability in the SSL VPN login page which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2015-1880
     - https://www.c2.lol/articles/xss-in-fortigates-ssl-vpn-login-page
     - http://www.fortiguard.com/advisory/FG-IR-15-005/
     - http://web.archive.org/web/20210122155324/https://www.securityfocus.com/bid/74652/
+    - https://nvd.nist.gov/vuln/detail/CVE-2015-1880
   classification:
     cve-id: CVE-2015-1880
   tags: cve,cve2015,xss,fortigates,ssl
@@ -35,3 +35,5 @@ requests:
         words:
           - "text/html"
         part: header
+
+# Enhanced by mp on 2022/08/12

cves/2015/CVE-2015-2068.yaml

@@ -1,14 +1,14 @@
 id: CVE-2015-2068
 
 info:
-  name: Magento Server Magmi Plugin - Cross Site Scripting
+  name: Magento Server Mass Importer - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.php.
+  description: Magento Server Mass Importer plugin contains multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.php.
   reference:
     - https://www.exploit-db.com/exploits/35996
-    - https://nvd.nist.gov/vuln/detail/CVE-2015-2068
     - http://packetstormsecurity.com/files/130250/Magento-Server-MAGMI-Cross-Site-Scripting-Local-File-Inclusion.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2015-2068
   classification:
     cve-id: CVE-2015-2068
   metadata:
@@ -36,3 +36,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2015/CVE-2015-2807.yaml

@@ -1,15 +1,15 @@
 id: CVE-2015-2807
 
 info:
-  name: Navis DocumentCloud 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
+  name: Navis DocumentCloud <0.1.1 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.
+  description: Navis DocumentCloud plugin before 0.1.1 for WordPress contains a reflected cross-site scripting vulnerability in js/window.php which allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.
   reference:
     - https://advisories.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/
-    - https://nvd.nist.gov/vuln/detail/CVE-2015-2807
     - https://security.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/
     - https://wordpress.org/plugins/navis-documentcloud/changelog/
+    - https://nvd.nist.gov/vuln/detail/CVE-2015-2807
   classification:
     cve-id: CVE-2015-2807
   metadata:
@@ -36,3 +36,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2015/CVE-2015-6477.yaml

@@ -1,10 +1,10 @@
 id: CVE-2015-6477
 
 info:
-  name: Nordex NC2 'username' Parameter XSS
+  name: Nordex NC2  - Cross-Site Scripting
   author: geeknik
   severity: medium
-  description: An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  description: Nordex NC2 contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
     - https://seclists.org/fulldisclosure/2015/Dec/117
     - https://ics-cert.us-cert.gov/advisories/ICSA-15-286-01
@@ -30,3 +30,5 @@ requests:
         part: body
         words:
           - "</script><script>alert('{{randstr}}')</script>"
+
+# Enhanced by mp on 2022/08/12

cves/2015/CVE-2015-6544.yaml

@@ -1,16 +1,16 @@
 id: CVE-2015-6544
 
 info:
-  name: iTop XSS
+  name: Combodo iTop <2.2.0-2459 - Cross-Site Scripting
   author: pikpikcu
   severity: medium
   description: |
-    Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title.
+    Combodo iTop before 2.2.0-2459 contains a cross-site scripting vulnerability in application/dashboard.class.inc.php which allows remote attackers to inject arbitrary web script or HTML via a dashboard title.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2015-6544
     - https://www.htbridge.com/advisory/HTB23268
     - http://sourceforge.net/p/itop/tickets/1114/
     - http://sourceforge.net/p/itop/code/3662/
+    - https://nvd.nist.gov/vuln/detail/CVE-2015-6544
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -38,3 +38,5 @@ requests:
         part: header
         words:
           - text/html
+
+# Enhanced by mp on 2022/08/12

cves/2015/CVE-2015-6920.yaml

@@ -1,15 +1,14 @@
 id: CVE-2015-6920
 
 info:
-  name: sourceAFRICA <= 0.1.3 - Unauthenticated Cross-Site Scripting (XSS)
+  name: WordPress sourceAFRICA <=0.1.3 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: WordPress sourceAFRICA plugin version 0.1.3 suffers from a cross site scripting vulnerability.
+  description: WordPress sourceAFRICA plugin version 0.1.3 contains a cross-site scripting vulnerability.
   reference:
-    - https://packetstormsecurity.com/files/133371/
-    - https://nvd.nist.gov/vuln/detail/CVE-2015-6920
     - http://packetstormsecurity.com/files/133371/WordPress-sourceAFRICA-0.1.3-Cross-Site-Scripting.html
     - https://wpvulndb.com/vulnerabilities/8169
+    - https://nvd.nist.gov/vuln/detail/CVE-2015-6920
   classification:
     cve-id: CVE-2015-6920
   tags: cve,cve2015,wordpress,wp-plugin,xss
@@ -34,3 +33,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2015/CVE-2015-7377.yaml

@@ -1,15 +1,14 @@
 id: CVE-2015-7377
 
 info:
-  name: Pie-Register <= 2.0.18 - Unauthenticated Reflected Cross-Site Scripting (XSS)
+  name: WordPress Pie-Register <2.0.19 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: Cross-site scripting (XSS) vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the invitaion_code parameter in a pie-register page to the default URI.
+  description: WordPress Pie Register before 2.0.19 contains a reflected cross-site scripting vulnerability in pie-register/pie-register.php which allows remote attackers to inject arbitrary web script or HTML via the invitaion_code parameter in a pie-register page to the default URL.
   reference:
     - https://packetstormsecurity.com/files/133928/WordPress-Pie-Register-2.0.18-Cross-Site-Scripting.html
-    - https://nvd.nist.gov/vuln/detail/CVE-2015-7377
-    - http://packetstormsecurity.com/files/133928/WordPress-Pie-Register-2.0.18-Cross-Site-Scripting.html
     - https://github.com/GTSolutions/Pie-Register/blob/2.0.19/readme.txt
+    - https://nvd.nist.gov/vuln/detail/CVE-2015-7377
   classification:
     cve-id: CVE-2015-7377
   tags: cve,cve2015,wordpress,wp-plugin,xss
@@ -34,3 +33,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2015/CVE-2015-8349.yaml

@@ -1,14 +1,14 @@
 id: CVE-2015-8349
 
 info:
-  name: SourceBans XSS
+  name: SourceBans <2.0 - Cross-Site Scripting
   author: pikpikcu
   severity: medium
-  description: Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.
+  description: SourceBans before 2.0 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2015-8349
     - https://www.htbridge.com/advisory/HTB23273
     - http://web.archive.org/web/20201207072921/https://www.securityfocus.com/archive/1/537018/100/0/threaded
+    - https://nvd.nist.gov/vuln/detail/CVE-2015-8349
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -36,3 +36,5 @@ requests:
         part: header
         words:
           - text/
+
+# Enhanced by mp on 2022/08/12

cves/2015/CVE-2015-9414.yaml

@@ -1,15 +1,15 @@
 id: CVE-2015-9414
 
 info:
-  name: WP Symposium <= 15.8.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
+  name: WordPress Symposium <=15.8.1 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter.
+  description: WordPress Symposium through 15.8.1 contains a reflected cross-site scripting vulnerability via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter which allows an attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
     - https://wpscan.com/vulnerability/2ac2d43f-bf3f-4831-9585-5c5484051095
-    - https://nvd.nist.gov/vuln/detail/CVE-2015-9414
     - https://wpvulndb.com/vulnerabilities/8175
     - https://wordpress.org/plugins/wp-symposium/#developers
+    - https://nvd.nist.gov/vuln/detail/CVE-2015-9414
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -39,3 +39,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2016/CVE-2016-1000126.yaml

@@ -1,15 +1,15 @@
 id: CVE-2016-1000126
 
 info:
-  name: Admin Font Editor <= 1.8 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress Admin Font Editor <=1.8 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: Reflected XSS in wordpress plugin admin-font-editor v1.8
+  description: WordPress Admin Font Editor 1.8 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000126
     - http://www.vapidlabs.com/wp/wp_advisory.php?v=526
     - https://wordpress.org/plugins/admin-font-editor
     - http://web.archive.org/web/20210123183728/https://www.securityfocus.com/bid/93896/
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000126
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -39,3 +39,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2016/CVE-2016-1000129.yaml

@@ -1,15 +1,15 @@
 id: CVE-2016-1000129
 
 info:
-  name: defa-online-image-protector <= 3.3 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress defa-online-image-protector <=3.3 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: Reflected XSS in wordpress plugin defa-online-image-protector v3.3
+  description: WordPress defa-online-image-protector 3.3 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000129
     - https://wordpress.org/plugins/defa-online-image-protector
     - http://www.vapidlabs.com/wp/wp_advisory.php?v=449
     - http://web.archive.org/web/20210614204644/https://www.securityfocus.com/bid/93892
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000129
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -39,3 +39,6 @@ requests:
       - type: status
         status:
           - 200
+
+
+# Enhanced by mp on 2022/08/12

cves/2016/CVE-2016-1000130.yaml

@@ -1,14 +1,14 @@
 id: CVE-2016-1000130
 
 info:
-  name: e-search <= 1.0 - Reflected Cross-Site Scripting (XSS) via date_select.php
+  name: WordPress e-search <=1.0 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: Reflected XSS in wordpress plugin e-search v1.0
+  description: Wordpress plugin e-search 1.0 and before contains a cross-site scripting vulnerability via date_select.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000130
     - https://wordpress.org/plugins/e-search
     - http://www.vapidlabs.com/wp/wp_advisory.php?v=394
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000130
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -38,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2016/CVE-2016-1000131.yaml

@@ -1,15 +1,15 @@
 id: CVE-2016-1000131
 
 info:
-  name: e-search <= 1.0 - Reflected Cross-Site Scripting (XSS) via title_az.php
+  name: WordPress e-search <=1.0 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: Reflected XSS in wordpress plugin e-search v1.0
+  description: WordPress e-search 1.0 and before contains a reflected cross-site scripting vulnerability via title_az.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000131
     - http://www.vapidlabs.com/wp/wp_advisory.php?v=393
     - https://wordpress.org/plugins/e-search
     - http://web.archive.org/web/20210123183536/https://www.securityfocus.com/bid/93867/
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000131
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -39,3 +39,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2016/CVE-2016-1000132.yaml

@@ -1,15 +1,15 @@
 id: CVE-2016-1000132
 
 info:
-  name: enhanced-tooltipglossary v3.2.8 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress enhanced-tooltipglossary 3.2.8 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8
+  description: WordPress enhanced-tooltipglossary 3.2.8 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000132
     - http://www.vapidlabs.com/wp/wp_advisory.php?v=37
     - https://wordpress.org/plugins/enhanced-tooltipglossary
     - http://web.archive.org/web/20210123183532/https://www.securityfocus.com/bid/93865/
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000132
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -39,3 +39,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2016/CVE-2016-1000133.yaml

@@ -1,15 +1,15 @@
 id: CVE-2016-1000133
 
 info:
-  name: forget-about-shortcode-buttons 1.1.1 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress forget-about-shortcode-buttons 1.1.1 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1
+  description: Wordpress plugin forget-about-shortcode-buttons 1.1.1 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000133
     - https://wordpress.org/plugins/forget-about-shortcode-buttons
     - http://www.vapidlabs.com/wp/wp_advisory.php?v=602
     - http://web.archive.org/web/20210123183542/https://www.securityfocus.com/bid/93869/
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000133
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -39,3 +39,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2016/CVE-2016-1000134.yaml

@@ -1,15 +1,15 @@
 id: CVE-2016-1000134
 
 info:
-  name: HDW WordPress Video Gallery <= 1.2 - Reflected Cross-Site Scripting (XSS) via playlist.php
+  name: WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: Reflected XSS in wordpress plugin hdw-tube v1.2
+  description: WordPress HDW Video Gallery 1.2 and before contains a cross-site scripting vulnerability via playlist.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000134
     - http://www.vapidlabs.com/wp/wp_advisory.php?v=530
     - https://wordpress.org/plugins/hdw-tube
     - http://web.archive.org/web/20210615135341/https://www.securityfocus.com/bid/93868
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000134
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -39,3 +39,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2016/CVE-2016-1000135.yaml

@@ -1,15 +1,15 @@
 id: CVE-2016-1000135
 
 info:
-  name: HDW WordPress Video Gallery <= 1.2 - Reflected Cross-Site Scripting (XSS) via mychannel.php
+  name: WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: Reflected XSS in wordpress plugin hdw-tube v1.2
+  description: WordPress HDW Video Gallery 1.2 and before contains a cross-site scripting vulnerability via mychannel.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000135
     - http://www.vapidlabs.com/wp/wp_advisory.php?v=533
     - https://wordpress.org/plugins/hdw-tube
     - http://web.archive.org/web/20210123183240/https://www.securityfocus.com/bid/93820/
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000135
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -39,3 +39,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2016/CVE-2016-1000136.yaml

@@ -1,14 +1,14 @@
 id: CVE-2016-1000136
 
 info:
-  name: heat-trackr v1.0 - XSS via heat-trackr_abtest_add.php
+  name: WordPress heat-trackr 1.0 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: Reflected XSS in wordpress plugin heat-trackr v1.0
+  description: WordPress heat-trackr 1.0 contains a cross-site scripting vulnerability via heat-trackr_abtest_add.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
     - http://www.vapidlabs.com/wp/wp_advisory.php?v=798
-    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000136
     - https://wordpress.org/plugins/heat-trackr
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000136
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -38,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2016/CVE-2016-1000137.yaml

@@ -1,14 +1,15 @@
 id: CVE-2016-1000137
 
 info:
-  name: Hero Maps Pro 2.1.0 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress Hero Maps Pro 2.1.0 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: Reflected XSS in wordpress plugin hero-maps-pro v2.1.0
+  description: WordPress Hero Maps Pro 2.1.0 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
     - http://www.vapidlabs.com/wp/wp_advisory.php?v=658
     - https://wordpress.org/plugins/hero-maps-pro
     - http://web.archive.org/web/20210123183224/https://www.securityfocus.com/bid/93815/
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000137
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -36,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2016/CVE-2016-1000138.yaml

@@ -1,14 +1,15 @@
 id: CVE-2016-1000138
 
 info:
-  name: Admin Font Editor <= 1.8 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress Admin Font Editor <=1.8 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: Reflected XSS in wordpress plugin indexisto v1.0.5
+  description: WordPress Admin Font Editor plugin indexisto 1.8 and before contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
     - http://www.vapidlabs.com/wp/wp_advisory.php?v=38
     - https://wordpress.org/plugins/indexisto
-    - http://web.archive.org/web/20210622181116/https://www.securityfocus.com/bid/93816
+    - http://web.archive.org/web/20210622181116/
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000138
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -38,3 +39,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2016/CVE-2016-1000139.yaml

@@ -1,15 +1,15 @@
 id: CVE-2016-1000139
 
 info:
-  name: Infusionsoft Gravity Forms Add-on <= 1.5.11 - XSS
+  name: WordPress Infusionsoft Gravity Forms <=1.5.11 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: Reflected XSS in wordpress plugin infusionsoft v1.5.11
+  description: WordPress plugin Infusionsoft 1.5.11 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
     - https://wpscan.com/vulnerability/0a60039b-a08a-4f51-a540-59f397dceb6a
-    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000139
     - https://wordpress.org/plugins/infusionsoft
     - http://www.vapidlabs.com/wp/wp_advisory.php?v=864
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000139
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -41,3 +41,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2016/CVE-2016-1000140.yaml

@@ -1,15 +1,15 @@
 id: CVE-2016-1000140
 
 info:
-  name: New Year Firework <= 1.1.9 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress New Year Firework <=1.1.9 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: Reflected XSS in wordpress plugin new-year-firework v1.1.9
+  description: WordPress New Year Firework 1.1.9 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000140
     - http://www.vapidlabs.com/wp/wp_advisory.php?v=453
     - https://wordpress.org/plugins/new-year-firework
     - http://web.archive.org/web/20210123183230/https://www.securityfocus.com/bid/93817/
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000140
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2016/CVE-2016-1000142.yaml

@@ -1,15 +1,15 @@
 id: CVE-2016-1000142
 
 info:
-  name: MW Font Changer <= 4.2.5 - Unauthenticated Reflected Cross-Site Scripting (XSS)
+  name: WordPress MW Font Changer <=4.2.5 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: The MW Font Changer WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability.
+  description: WordPress MW Font Changer plugin 4.2.5 and before contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
     - https://wpscan.com/vulnerability/4ff5d65a-ba61-439d-ab7f-745a0648fccc
-    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000142
     - http://www.vapidlabs.com/wp/wp_advisory.php?v=435
     - https://wordpress.org/plugins/parsi-font
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000142
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2016/CVE-2016-1000143.yaml

@@ -1,14 +1,14 @@
 id: CVE-2016-1000143
 
 info:
-  name: Photoxhibit v2.1.8 - Unauthenticated Reflected Cross-Site Scripting (XSS)
+  name: WordPress Photoxhibit 2.1.8 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: Reflected XSS in wordpress plugin photoxhibit v2.1.8
+  description: WordPress Photoxhibit 2.1.8 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
     - http://www.vapidlabs.com/wp/wp_advisory.php?v=780
-    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000143
     - https://wordpress.org/plugins/photoxhibit
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000143
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -36,3 +36,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2016/CVE-2016-1000146.yaml

@@ -1,15 +1,15 @@
 id: CVE-2016-1000146
 
 info:
-  name: Pondol Form to Mail <= 1.1 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress Pondol Form to Mail <=1.1 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: Reflected XSS in wordpress plugin pondol-formmail v1.1
+  description: WordPress Pondol Form to Mail 1.1 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000146
     - http://www.vapidlabs.com/wp/wp_advisory.php?v=787
     - https://wordpress.org/plugins/pondol-formmail
     - http://web.archive.org/web/20210615122859/https://www.securityfocus.com/bid/93584
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000146
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2016/CVE-2016-1000148.yaml

@@ -1,15 +1,15 @@
 id: CVE-2016-1000148
 
 info:
-  name: S3 Video Plugin <= 0.983 - Unauthenticated Reflected Cross-Site Scripting (XSS)
+  name: WordPress S3 Video <=0.983 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: Reflected XSS in wordpress plugin s3-video v0.983
+  description: WordPress S3 Video and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
     - https://wpscan.com/vulnerability/ead796ed-202a-451f-b041-d39c9cf1fb54
-    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000148
     - https://wordpress.org/plugins/s3-video
     - http://www.vapidlabs.com/wp/wp_advisory.php?v=240
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000148
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2016/CVE-2016-1000149.yaml

@@ -1,15 +1,15 @@
 id: CVE-2016-1000149
 
 info:
-  name: Simpel Reserveren 3 <= 3.5.2 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress Simpel Reserveren <=3.5.2 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: Reflected XSS in wordpress plugin simpel-reserveren v3.5.2
+  description: WordPress plugin Simpel Reserveren 3.5.2 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000149
     - https://wordpress.org/plugins/simpel-reserveren
     - http://www.vapidlabs.com/wp/wp_advisory.php?v=474
     - http://web.archive.org/web/20210125181834/https://www.securityfocus.com/bid/93582/
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000149
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2016/CVE-2016-1000152.yaml

@@ -1,15 +1,15 @@
 id: CVE-2016-1000152
 
 info:
-  name: Tidio-form <= 1.0 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress Tidio-form <=1.0 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: Reflected XSS in wordpress plugin tidio-form v1.0
+  description: WordPress tidio-form1.0 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000152
     - http://www.vapidlabs.com/wp/wp_advisory.php?v=799
     - https://wordpress.org/plugins/tidio-form
     - http://web.archive.org/web/20210125181732/https://www.securityfocus.com/bid/93579/
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000152
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2016/CVE-2016-1000153.yaml

@@ -1,10 +1,10 @@
 id: CVE-2016-1000153
 
 info:
-  name: Tidio Gallery <= 1.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
+  name: WordPress Tidio Gallery <=1.1 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: Reflected XSS in wordpress plugin tidio-gallery v1.1
+  description: WordPress plugin tidio-gallery v1.1 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2016-1000153
     - http://www.vapidlabs.com/wp/wp_advisory.php?v=427
@@ -37,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2016/CVE-2016-1000154.yaml

@@ -1,15 +1,15 @@
 id: CVE-2016-1000154
 
 info:
-  name: WHIZZ <= 1.0.7 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress WHIZZ <=1.0.7 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: Reflected XSS in wordpress plugin whizz v1.0.
+  description: WordPress plugin WHIZZ 1.07 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000154
     - http://www.vapidlabs.com/wp/wp_advisory.php?v=112
     - https://wordpress.org/plugins/whizz
     - http://web.archive.org/web/20210123180140/https://www.securityfocus.com/bid/93538/
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000154
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2016/CVE-2016-1000155.yaml

@@ -1,15 +1,15 @@
 id: CVE-2016-1000155
 
 info:
-  name: WPSOLR <= 8.6 - Unauthenticated Reflected Cross-Site Scripting (XSS)
+  name: WordPress WPSOLR <=8.6 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: Reflected XSS in wordpress plugin wpsolr-search-engine v7.6
+  description: WordPress WPSOLR 8.6 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000155
     - https://wordpress.org/plugins/wpsolr-search-engine
     - http://www.vapidlabs.com/wp/wp_advisory.php?v=303
     - http://web.archive.org/web/20210123180137/https://www.securityfocus.com/bid/93536/
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000155
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2016/CVE-2016-10993.yaml

@@ -1,14 +1,14 @@
 id: CVE-2016-10993
 
 info:
-  name: ScoreMe Theme - Unauthenticated Reflected Cross-Site Scripting (XSS)
+  name: ScoreMe Theme - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter.
+  description: WordPress ScoreMe theme through 2016-04-01 contains a reflected cross-site scripting vulnerability via the s parameter which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
     - https://www.vulnerability-lab.com/get_content.php?id=1808
-    - https://nvd.nist.gov/vuln/detail/CVE-2016-10993
     - https://wpvulndb.com/vulnerabilities/8431
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-10993
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 5.4
@@ -36,3 +36,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2016/CVE-2016-3978.yaml

@@ -1,15 +1,13 @@
 id: CVE-2016-3978
 
 info:
-  name: FortiOS (Fortinet) - Open Redirect and XSS
+  name: Fortinet FortiOS  - Open Redirect/Cross-Site Scripting
   author: 0x_Akoko
   severity: medium
-  description: The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the "redirect" parameter to "login."
+  description: FortiOS Web User Interface in 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting attacks via the "redirect" parameter to "login."
   reference:
-    - https://seclists.org/fulldisclosure/2016/Mar/68
-    - https://nvd.nist.gov/vuln/detail/CVE-2016-3978
-    - http://seclists.org/fulldisclosure/2016/Mar/68
     - http://www.fortiguard.com/advisory/fortios-open-redirect-vulnerability
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-3978
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -27,3 +25,5 @@ requests:
         part: header
         regex:
           - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'  # https://regex101.com/r/ZDYhFh/1
+
+# Enhanced by mp on 2022/08/12

cves/2016/CVE-2016-7981.yaml

@@ -1,16 +1,16 @@
 id: CVE-2016-7981
 
 info:
-  name: SPIP 3.1.2 XSS
+  name: SPIP <3.1.2 - Cross-Site Scripting
   author: pikpikcu
   severity: medium
   description: |
-    Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
+    SPIP 3.1.2 and earlier contains a cross-site scripting vulnerability in valider_xml.php which allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2016-7981
     - https://core.spip.net/projects/spip/repository/revisions/23202
     - https://core.spip.net/projects/spip/repository/revisions/23201
     - https://core.spip.net/projects/spip/repository/revisions/23200
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-7981
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -38,3 +38,5 @@ requests:
         part: header
         words:
           - text/html
+
+# Enhanced by mp on 2022/08/12

cves/2017/CVE-2017-12544.yaml

@@ -1,15 +1,14 @@
-id: CVE-2017-12544
+id: CVE-2017-12544
 
 info:
-  name: HPE System Management - XSS
+  name: HPE System Management - Cross-Site Scripting
   author: divya_mudgal
   severity: medium
-  description: Reflected Cross-site scripting (XSS) on HPE System Management
+  description: HPE System Management contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
-    - https://seclists.org/fulldisclosure/2018/Mar/5
-    - https://nvd.nist.gov/vuln/detail/CVE-2017-12544
     - https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us
     - http://web.archive.org/web/20211206092413/https://securitytracker.com/id/1039437
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-12544
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 5.4
@@ -17,23 +16,25 @@ info:
     cwe-id: CWE-79
   tags: cve,cve2017,xss,hp
 
-requests:
+requests:
-  - method: GET
+  - method: GET
-    path:
+    path:
-      - "{{BaseURL}}/gsearch.php.en?prod=';prompt`document.domain`;//"
+      - "{{BaseURL}}/gsearch.php.en?prod=';prompt`document.domain`;//"
-
+
-    matchers-condition: and
+    matchers-condition: and
-    matchers:
+    matchers:
-      - type: word
+      - type: word
-        words:
+        words:
-          - "var prodName = '';prompt`document.domain`;//';"
+          - "var prodName = '';prompt`document.domain`;//';"
-        part: body
+        part: body
-
+
-      - type: word
+      - type: word
-        words:
+        words:
-          - "text/html"
+          - "text/html"
-        part: header
+        part: header
-
+
-      - type: status
+      - type: status
-        status:
+        status:
-          - 200
+          - 200
+
+# Enhanced by mp on 2022/08/12

cves/2017/CVE-2017-12583.yaml

@@ -1,12 +1,13 @@
 id: CVE-2017-12583
 
 info:
-  name: Reflected XSS in doku.php
+  name: DokuWiki - Cross-Site Scripting
   author: DhiyaneshDK
   severity: medium
-  description: DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php.
+  description: DokuWiki through 2017-02-19b contains a cross-site scripting vulnerability in the DATE_AT parameter to doku.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
   reference:
     - https://github.com/splitbrain/dokuwiki/issues/2061
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-12583
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -36,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2017/CVE-2017-17043.yaml

@@ -1,15 +1,15 @@
 id: CVE-2017-17043
 
 info:
-  name: Emag Marketplace Connector 1.0 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress Emag Marketplace Connector 1.0 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly.
+  description: WordPress Emag Marketplace Connector plugin 1.0 contains a reflected cross-site scripting vulnerability because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2017-17043
     - https://wordpress.org/support/topic/wordpress-emag-marketplace-connector-1-0-cross-site-scripting-vulnerability/
     - https://packetstormsecurity.com/files/145060/wpemagmc10-xss.txt
     - https://wpvulndb.com/vulnerabilities/8964
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-17043
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2017/CVE-2017-17059.yaml

@@ -1,14 +1,14 @@
 id: CVE-2017-17059
 
 info:
-  name: amtyThumb posts 8.1.3 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php.
+  description: WordPress amty-thumb-recent-post plugin 8.1.3 contains a cross-site scripting vulnerability via the query string to amtyThumbPostsAdminPg.php.
   reference:
     - https://github.com/NaturalIntelligence/wp-thumb-post/issues/1
-    - https://nvd.nist.gov/vuln/detail/CVE-2017-17059
     - https://packetstormsecurity.com/files/145044/WordPress-amtyThumb-8.1.3-Cross-Site-Scripting.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-17059
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -38,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2017/CVE-2017-17451.yaml

@@ -1,15 +1,15 @@
 id: CVE-2017-17451
 
 info:
-  name: WP Mailster <= 1.5.4 - Unauthenticated Cross-Site Scripting (XSS)
+  name: WordPress Mailster <=1.5.4 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.
+  description: WordPress Mailster 1.5.4 and before contains a cross-site scripting vulnerability in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2017-17451
     - https://wordpress.org/plugins/wp-mailster/#developers
     - https://packetstormsecurity.com/files/145222/WordPress-WP-Mailster-1.5.4.0-Cross-Site-Scripting.html
     - https://wpvulndb.com/vulnerabilities/8973
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-17451
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2017/CVE-2017-18024.yaml

@@ -1,10 +1,10 @@
 id: CVE-2017-18024
 
 info:
-  name: AvantFAX 3.3.3 XSS
+  name: AvantFAX 3.3.3 - Cross-Site Scripting
   author: pikpikcu
   severity: medium
-  description: AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.
+  description: AvantFAX 3.3.3 contains a cross-site scripting vulnerability via an arbitrary parameter name submitted to the default URL, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.
   reference:
     - https://hackerone.com/reports/963798
     - http://packetstormsecurity.com/files/145776/AvantFAX-3.3.3-Cross-Site-Scripting.html
@@ -42,3 +42,5 @@ requests:
         part: header
         words:
           - "text/html"
+
+# Enhanced by mp on 2022/08/12

cves/2017/CVE-2017-18598.yaml

@@ -1,15 +1,15 @@
-id: CVE-2017-18598
+id: CVE-2017-18598
 
 info:
-  name: Qards Plugin - Stored XSS and SSRF
+  name: WordPress Qards - Cross-Site Scripting
   author: pussycat0x
   severity: medium
-  description: The Qards plugin through 2017-10-11 for WordPress has XSS via a remote document specified in the url parameter to html2canvasproxy.php
+  description: WordPress Qards through 2017-10-11 contains a cross-site scripting vulnerability via a remote document specified in the URL parameter to html2canvasproxy.php.
   reference:
     - https://wpscan.com/vulnerability/8934
     - https://wpscan.com/vulnerability/454a0ce3-ecfe-47fc-a282-5caa51370645
-    - https://nvd.nist.gov/vuln/detail/CVE-2017-18598
     - https://wpvulndb.com/vulnerabilities/8934
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-18598
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -17,19 +17,21 @@ info:
     cwe-id: CWE-79
   tags: cve,cve2017,wordpress,ssrf,xss,wp-plugin,oast
 
-requests:
+requests:
-  - method: GET
+  - method: GET
-    path:
+    path:
-      - '{{BaseURL}}/wp-content/plugins/qards/html2canvasproxy.php?url=https://{{interactsh-url}}'
+      - '{{BaseURL}}/wp-content/plugins/qards/html2canvasproxy.php?url=https://{{interactsh-url}}'
-
+
-    matchers-condition: and
+    matchers-condition: and
-    matchers:
+    matchers:
-      - type: word
+      - type: word
-        part: interactsh_protocol
+        part: interactsh_protocol
-        words:
+        words:
-          - "http"
+          - "http"
-
+
-      - type: word
+      - type: word
-        part: body
+        part: body
-        words:
+        words:
-          - "console.log"
+          - "console.log"
+
+# Enhanced by mp on 2022/08/12

cves/2017/CVE-2017-4011.yaml

@@ -1,14 +1,14 @@
 id: CVE-2017-4011
 
 info:
-  name: McAfee NDLP User-Agent XSS
+  name: McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting
   author: geeknik
   severity: medium
-  description: McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request.
+  description: McAfee Network Data Loss Prevention User-Agent 9.3.x contains a cross-site scripting vulnerability which allows remote attackers to get session/cookie information via modification of the HTTP request.
   reference:
     - https://medium.com/@david.valles/cve-2017-4011-reflected-xss-found-in-mcafee-network-data-loss-prevention-ndlp-9-3-x-cf20451870ab
     - https://kc.mcafee.com/corporate/index?page=content&id=SB10198
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-4011
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-4011
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -34,3 +34,5 @@ requests:
         part: header
         words:
           - "text/html"
+
+# Enhanced by mp on 2022/08/12

cves/2017/CVE-2017-5631.yaml

@@ -1,15 +1,14 @@
 id: CVE-2017-5631
 
 info:
-  name: CaseAware - Cross Site Scripting
+  name: KMCIS CaseAware - Cross-Site Scripting
   author: edoardottt
   severity: medium
-  description: An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr") that is transmitted in the login.php query string.
+  description: KMCIS CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2017-5631
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5631
     - https://www.openbugbounty.org/incidents/228262/
     - https://www.exploit-db.com/exploits/42042/
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-5631
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +36,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2017/CVE-2017-7391.yaml

@@ -1,14 +1,15 @@
 id: CVE-2017-7391
 
 info:
-  name: Magmi Cross-Site Scripting v.0.7.22
+  name: Magmi 0.7.22 - Cross-Site Scripting
   author: pikpikcu
   severity: medium
-  description: A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the 'magmi-git-master/magmi/web/ajax_gettime.php' URL.
+  description: Magmi 0.7.22 contains a cross-site scripting vulnerability due to insufficient filtration of user-supplied data (prefix) passed to the magmi-git-master/magmi/web/ajax_gettime.php URL.
   reference:
     - https://github.com/dweeves/magmi-git/issues/522
     - https://github.com/dweeves/magmi-git/releases/download/0.7.22/magmi_full_0.7.22.zip
     - https://github.com/dweeves/magmi-git/pull/525
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-7391
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -36,3 +37,5 @@ requests:
         part: header
         words:
           - "text/html"
+
+# Enhanced by mp on 2022/08/12

cves/2017/CVE-2017-9288.yaml

@@ -1,15 +1,15 @@
 id: CVE-2017-9288
 
 info:
-  name: Raygun4WP <= 1.8.0 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress Raygun4WP <=1.8.0 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).
+  description: WordPress Raygun4WP 1.8.0 contains a reflected cross-site scripting vulnerability via sendtesterror.php.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2017-9288
     - https://github.com/MindscapeHQ/raygun4wordpress/pull/17
     - https://github.com/MindscapeHQ/raygun4wordpress/issues/16
     - http://jgj212.blogspot.kr/2017/05/a-reflected-xss-vulnerability-in.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-9288
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/12

cves/2017/CVE-2017-9506.yaml

@@ -1,14 +1,15 @@
 id: CVE-2017-9506
 
 info:
-  name: Jira IconURIServlet SSRF
+  name: Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery
   author: pdteam
   severity: medium
-  description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
+  description: The Atlassian Jira IconUriServlet of the OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 contains a cross-site scripting vulnerability which allows remote attackers to access the content of internal network resources and/or perform an attack via Server Side Request Forgery.
   reference:
     - http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html
     - https://ecosystem.atlassian.net/browse/OAUTH-344
     - https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-9506
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -30,3 +31,5 @@ requests:
         part: interactsh_protocol  # Confirms the HTTP Interaction
         words:
           - "http"
+
+# Enhanced by mp on 2022/08/12

cves/2020/CVE-2020-14413.yaml

@@ -1,13 +1,14 @@
 id: CVE-2020-14413
 
 info:
-  name: NeDi 1.9C XSS
+  name: NeDi 1.9C - Cross-Site Scripting
   author: pikpikcu
   severity: medium
-  description: NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily
+  description: NeDi 1.9C is vulnerable to cross-site scripting because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily
     bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= value.
   reference:
     - https://gist.github.com/farid007/8db2ab5367ba00e87f9479b32d46fea8
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-14413
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -35,4 +36,6 @@ requests:
       - type: word
         part: header
         words:
-          - "text/html"
+          - "text/html"
+
+# Enhanced by mp on 2022/08/15

cves/2020/CVE-2020-15500.yaml

@@ -1,14 +1,14 @@
 id: CVE-2020-15500
 
 info:
-  name: TileServer GL Reflected XSS
+  name: TileServer GL <=3.0.0 - Cross-Site Scripting
   author: Akash.C
   severity: medium
-  description: An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS.
+  description: TileServer GL through 3.0.0 is vulnerable to reflected cross-site scripting via server.js  because the content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2020-15500
     - https://github.com/maptiler/tileserver-gl/issues/461
     - http://packetstormsecurity.com/files/162193/Tileserver-gl-3.0.0-Cross-Site-Scripting.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-15500
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -35,4 +35,6 @@ requests:
       - type: word
         words:
           - "'>\"<svg/onload=confirm('xss')>"
-        part: body
+        part: body
+
+# Enhanced by mp on 2022/08/15

cves/2020/CVE-2020-19282.yaml

@@ -1,14 +1,14 @@
 id: CVE-2020-19282
 
 info:
-  name: Jeesns 1.4.2 XSS
+  name: Jeesns 1.4.2 - Cross-Site Scripting
   author: pikpikcu
   severity: medium
-  description: Reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field.
+  description: Jeesns 1.4.2 is vulnerable to reflected cross-site scripting that allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field.
   reference:
     - https://github.com/zchuanzhao/jeesns/issues/11
-    - https://nvd.nist.gov/vuln/detail/CVE-2020-19282
     - https://www.seebug.org/vuldb/ssvid-97940
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-19282
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
         part: header
         words:
           - text/html
+
+# Enhanced by mp on 2022/08/15

cves/2020/CVE-2020-19283.yaml

@@ -1,14 +1,14 @@
 id: CVE-2020-19283
 
 info:
-  name: Jeesns newVersion Reflection XSS
+  name: Jeesns 1.4.2 - Cross-Site Scripting
   author: pikpikcu
   severity: medium
-  description: Reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML.
+  description: Jeesns 1.4.2 is vulnerable to reflected cross-site scripting in the /newVersion component and allows attackers to execute arbitrary web scripts or HTML.
   reference:
     - https://github.com/zchuanzhao/jeesns/issues/10
-    - https://nvd.nist.gov/vuln/detail/CVE-2020-19283
     - https://www.seebug.org/vuldb/ssvid-97939
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-19283
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
         part: header
         words:
           - text/html
+
+# Enhanced by mp on 2022/08/15

cves/2020/CVE-2020-19295.yaml

@@ -1,14 +1,14 @@
 id: CVE-2020-19295
 
 info:
-  name: Jeesns Weibo Topic Reflection XSS
+  name: Jeesns 1.4.2 - Cross-Site Scripting
   author: pikpikcu
   severity: medium
-  description: Reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field.
+  description: Jeesns 1.4.2 is vulnerable to reflected cross-site scripting in the /weibo/topic component and allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field.
   reference:
     - https://github.com/zchuanzhao/jeesns/issues/21
-    - https://nvd.nist.gov/vuln/detail/CVE-2020-19295
     - https://www.seebug.org/vuldb/ssvid-97950
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-19295
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
         part: header
         words:
           - text/html
+
+# Enhanced by mp on 2022/08/15

cves/2020/CVE-2020-1943.yaml

@@ -1,15 +1,16 @@
 id: CVE-2020-1943
 
 info:
-  name: Apache OFBiz Reflected XSS
+  name: Apache OFBiz <=16.11.07 - Cross-Site Scripting
   author: pdteam
   severity: medium
-  description: Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07.
+  description: Apache OFBiz 16.11.01 to 16.11.07 is vulnerable to cross-site scripting because data sent with contentId to /control/stream is not sanitized.
   reference:
     - https://lists.apache.org/thread.html/rf867d9a25fa656b279b16e27b8ff6fcda689cfa4275a26655c685702%40%3Cdev.ofbiz.apache.org%3E
     - https://s.apache.org/pr5u8
     - https://lists.apache.org/thread.html/r034123f2767830169fd04c922afb22d2389de6e2faf3a083207202bc@%3Ccommits.ofbiz.apache.org%3E
     - https://lists.apache.org/thread.html/r8efd5b62604d849ae2f93b2eb9ce0ce0356a4cf5812deed14030a757@%3Cdev.ofbiz.apache.org%3E
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-1943
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/14

cves/2020/CVE-2020-2096.yaml

@@ -1,14 +1,15 @@
 id: CVE-2020-2096
 
 info:
-  name: Jenkins Gitlab Hook XSS
+  name: Jenkins Gitlab Hook <=1.4.2 - Cross-Site Scripting
   author: madrobot
   severity: medium
-  description: Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability.
+  description: Jenkins Gitlab Hook 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected cross-site scripting vulnerability.
   reference:
     - https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1683
     - http://www.openwall.com/lists/oss-security/2020/01/15/1
     - http://packetstormsecurity.com/files/155967/Jenkins-Gitlab-Hook-1.4.2-Cross-Site-Scripting.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-2096
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -38,3 +39,5 @@ requests:
         part: header
         words:
           - text/html
+
+# Enhanced by mp on 2022/08/14

cves/2020/CVE-2020-20988.yaml

@@ -4,9 +4,10 @@ info:
   author: arafatansari
   severity: medium
   description: |
-    DomainMOD 4.13.0 is vulnerable to Cross Site Scripting (XSS) via reporting/domains/cost-by-owner.php in "or Expiring Between" parameter.
+    DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter.
   reference:
     - https://mycvee.blogspot.com/p/xss2.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-20988
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 5.4
@@ -43,3 +44,5 @@ requests:
           - 'contains(body_2, "value=\"\"/><script>alert(document.domain)</script>")'
           - 'contains(body_2, "DomainMOD")'
         condition: and
+
+# Enhanced by mp on 2022/08/14

cves/2020/CVE-2020-25495.yaml

@@ -1,14 +1,15 @@
 id: CVE-2020-25495
 
 info:
-  name: SCO Openserver 5.0.7 - 'section' Cross-Site scripting
+  name: Xinuo Openserver 5/6 - Cross-Site scripting
   author: 0x_Akoko
   severity: medium
-  description: A reflected cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'.
+  description: Xinuo (formerly SCO) Openserver versions 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section' and is vulnerable to reflected cross-site scripting.
   reference:
     - https://www.exploit-db.com/exploits/49300
     - https://github.com/Ramikan/Vulnerabilities/blob/master/SCO%20Openserver%20XSS%20%26%20HTML%20Injection%20vulnerability
     - http://packetstormsecurity.com/files/160634/SCO-Openserver-5.0.7-Cross-Site-Scripting.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-25495
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -36,3 +37,5 @@ requests:
         words:
           - "text/html"
         part: header
+
+# Enhanced by mp on 2022/08/14

cves/2020/CVE-2020-25864.yaml

@@ -1,15 +1,16 @@
 id: CVE-2020-25864
 
 info:
-  name: HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode is vulnerable to cross-site scripting
+  name: HashiCorp Consul/Consul Enterprise <=1.9.4 - Cross-Site Scripting
   author: c-sh0
   severity: medium
   description: |
-    HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14.
+    HashiCorp Consul and Consul Enterprise up to version 1.9.4 are vulnerable to cross-site scripting via the key-value (KV) raw mode.
+  remediation: Fixed in 1.9.5, 1.8.10 and 1.7.14.
   reference:
     - https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368
-    - https://nvd.nist.gov/vuln/detail/CVE-2020-25864
     - https://www.hashicorp.com/blog/category/consul
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-25864
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -44,4 +45,6 @@ requests:
       - type: word
         part: body_2
         words:
-          - "<!DOCTYPE html><script>alert(document.domain)</script>"
+          - "<!DOCTYPE html><script>alert(document.domain)</script>"
+
+# Enhanced by mp on 2022/08/14

cves/2020/CVE-2020-26153.yaml

@@ -1,15 +1,15 @@
 id: CVE-2020-26153
 
 info:
-  name: Event Espresso Core-Reg XSS
+  name: Event Espresso Core-Reg 4.10.7.p - Cross-Site Scripting
   author: pikpikcu
   severity: medium
   description: |
-    cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
+    Event Espresso Core-Reg 4.10.7.p is vulnerable to cross-site scripting in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php and allows remote attackers to inject arbitrary web script or HTML via the page parameter.
   reference:
     - https://labs.nettitude.com/blog/cve-2020-26153-event-espresso-core-cross-site-scripting/
-    - https://nvd.nist.gov/vuln/detail/CVE-2020-26153
     - https://github.com/eventespresso/event-espresso-core/compare/4.10.6.p...4.10.7.p
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-26153
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
         part: header
         words:
           - text/html
+
+# Enhanced by mp on 2022/08/15

cves/2020/CVE-2020-27735.yaml

@@ -1,15 +1,15 @@
 id: CVE-2020-27735
 
 info:
-  name: Wing FTP's Web Interface XSS
+  name: Wing FTP 6.4.4 - Cross-Site Scripting
   author: pikpikcu
   severity: medium
   description: |
-    An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user's browser.
+    Wing FTP 6.4.4 is vulnerable to cross-site scripting via its web interface because an arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user's browser.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2020-27735
     - https://www.wftpserver.com/serverhistory.htm
     - https://wshenk.blogspot.com/2021/01/xss-in-wing-ftps-web-interface-cve-2020.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-27735
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -20,7 +20,7 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/help/english/index.html?javascript:alert(document.domain)"
+      - "{{BaseURL}}/help/english/index.html?javascript:alert(document.domain)"
 
     matchers-condition: and
     matchers:
@@ -37,3 +37,5 @@ requests:
         part: header
         words:
           - text/html
+
+# Enhanced by mp on 2022/08/14

cves/2020/CVE-2020-27982.yaml

@@ -1,14 +1,14 @@
 id: CVE-2020-27982
 
 info:
-  name: IceWarp WebMail Reflected XSS
+  name: IceWarp WebMail 11.4.5.0 - Cross-Site Scripting
   author: madrobot
   severity: medium
-  description: IceWarp 11.4.5.0 allows XSS via the language parameter.
+  description: IceWarp WebMail 11.4.5.0 is vulnerable to cross-site scripting via the language parameter.
   reference:
     - https://packetstormsecurity.com/files/159763/Icewarp-WebMail-11.4.5.0-Cross-Site-Scripting.html
-    - http://packetstormsecurity.com/files/159763/Icewarp-WebMail-11.4.5.0-Cross-Site-Scripting.html
     - https://cxsecurity.com/issue/WLB-2020100161
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-27982
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,4 +37,6 @@ requests:
       - type: word
         words:
           - "text/html"
-        part: header
+        part: header
+
+# Enhanced by mp on 2022/08/14

cves/2020/CVE-2020-28351.yaml

@@ -1,15 +1,14 @@
 id: CVE-2020-28351
 
 info:
-  name: ShoreTel 19.46.1802.0 XSS
+  name: Mitel ShoreTel 19.46.1802.0 Devices - Cross-Site Scripting
   author: pikpikcu
   severity: medium
-  description: conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due to insufficient validation for the time_zone object in the HOME_MEETING& page
+  description: Mitel ShoreTel 19.46.1802.0 devices and their conference component are vulnerable to an unauthenticated attacker conducting reflected cross-site scripting attacks via the PATH_INFO variable to index.php due to insufficient validation for the time_zone object in the HOME_MEETING& page.
   reference:
     - https://packetstormsecurity.com/files/159987/ShoreTel-Conferencing-19.46.1802.0-Cross-Site-Scripting.html
-    - https://nvd.nist.gov/vuln/detail/CVE-2020-28351
     - https://www.mitel.com/articles/what-happened-shoretel-products
-    - https://github.com/dievus/cve-2020-28351
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-28351
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -39,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/15

cves/2020/CVE-2020-29164.yaml

@@ -1,13 +1,14 @@
 id: CVE-2020-29164
 
 info:
-  name: PacsOne Server XSS
+  name: PacsOne Server <7.1.1 - Cross-Site Scripting
   author: geeknik
   severity: medium
-  description: PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS).
+  description: PacsOne Server (PACS Server In One Box) below 7.1.1 is vulnerable to cross-site scripting.
   reference:
     - https://gist.github.com/leommxj/0a32afeeaac960682c5b7c9ca8ed070d
     - https://pacsone.net/download.htm
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-29164
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -36,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/15

cves/2020/CVE-2020-29395.yaml

@@ -1,14 +1,14 @@
 id: CVE-2020-29395
 
 info:
-  name: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting (XSS)
+  name: Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.
+  description: Wordpress EventON Calendar 3.0.5 is vulnerable to cross-site scripting because it allows addons/?q= XSS via the search field.
   reference:
     - https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS
-    - https://nvd.nist.gov/vuln/detail/CVE-2020-29395
     - https://www.myeventon.com/news/
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-29395
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -36,3 +36,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/14

cves/2020/CVE-2020-3580.yaml

@@ -1,15 +1,15 @@
 id: CVE-2020-3580
 
 info:
-  name: Cisco ASA XSS
+  name: Cisco ASA/FTD Software - Cross-Site Scripting
   author: pikpikcu
   severity: medium
   description: |
-    Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.
+    Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software are vulnerable to cross-site scripting and could allow an unauthenticated, remote attacker to conduct attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the reference links.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2020-3580
     - https://twitter.com/ptswarm/status/1408050644460650502
     - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-multiple-FCB3vPZe
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-3580
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -40,4 +40,6 @@ requests:
       - type: word
         part: header
         words:
-          - "text/html"
+          - "text/html"
+
+# Enhanced by mp on 2022/08/14

cves/2020/CVE-2020-36510.yaml

@@ -1,14 +1,14 @@
 id: CVE-2020-36510
 
 info:
-  name: 15Zine < 3.3.0 - Reflected Cross-Site Scripting
+  name: WordPress 15Zine <3.3.0 - Cross-Site Scripting
   author: veshraj
   severity: medium
   description: |
-    The 15Zine Wordpress theme does not sanitize the cbi parameter before including it in the HTTP response via the cb_s_a AJAX action, leading to a reflected cross-site scripting.
+    WordPress 15Zine before 3.3.0 is vulnerable to reflected cross-site scripting because the theme does not sanitize the cbi parameter before including it in the HTTP response via the cb_s_a AJAX action.
   reference:
     - https://wpscan.com/vulnerability/d1dbc6d7-7488-40c2-bc38-0674ea5b3c95
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36510
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-36510
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.10
@@ -38,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/14

cves/2020/CVE-2020-6171.yaml

@@ -1,14 +1,14 @@
 id: CVE-2020-6171
 
 info:
-  name: CLink Office v2 XSS
+  name: CLink Office 2.0 - Cross-Site Scripting
   author: pikpikcu
   severity: medium
   description: |
-    A cross-site scripting (XSS) vulnerability in the index page of the CLink Office 2.0 management console allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
+    CLink Office 2.0 is vulnerable to cross-site scripting in the index page of the management console and allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2020-6171
     - https://www.deepcode.ca/index.php/2020/04/07/cve-2020-xss-in-clink-office-v2/
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-6171
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -36,3 +36,5 @@ requests:
         part: header
         words:
           - text/html
+
+# Enhanced by mp on 2022/08/15

cves/2020/CVE-2020-7318.yaml

@@ -1,19 +1,15 @@
 id: CVE-2020-7318
 
 info:
-  name: McAfee ePolicy Orchestrator Reflected XSS
+  name: McAfee ePolicy Orchestrator <5.10.9 Update 9 - Cross-Site Scripting
   author: dwisiswant0
   severity: medium
   description: |
-    Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO)
+    McAfee ePolicy Orchestrator before 5.10.9 Update 9 is vulnerable to a cross-site scripting vulnerability that allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
-    prior to 5.10.9 Update 9 allows administrators to inject arbitrary web
-    script or HTML via multiple parameters where the administrator's entries
-    were not correctly sanitized.
-
     reference:
     - https://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/
-  reference:
     - https://kc.mcafee.com/corporate/index?page=content&id=SB10332
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-7318
   classification:
     cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 4.3
@@ -43,3 +39,5 @@ requests:
           - "'\"><svg/onload=alert(document.domain)>"
         condition: and
         part: body
+
+# Enhanced by mp on 2022/08/15

cves/2021/CVE-2021-24275.yaml

@@ -1,14 +1,14 @@
 id: CVE-2021-24275
 
 info:
-  name: Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS)
+  name: Popup by Supsystic <1.10.5 - Cross-Site scripting
   author: dhiyaneshDK
   severity: medium
-  description: The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue.
+  description: WordPress Popup by Supsystic before 1.10.5 did not sanitize the tab parameter of its options page before outputting it in an attribute, leading to a reflected cross-site scripting issue.
   reference:
     - https://wpscan.com/vulnerability/efdc76e0-c14a-4baf-af70-9d381107308f
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24275
     - http://packetstormsecurity.com/files/164311/WordPress-Popup-1.10.4-Cross-Site-Scripting.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-24275
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -36,3 +36,5 @@ requests:
         words:
           - "text/html"
         part: header
+
+# Enhanced by mp on 2022/08/15

exposures/files/bitbucket-pipelines.yaml

@@ -1,7 +1,7 @@
 id: bitbucket-pipelines
 
 info:
-  name: BitBucket Piplelines Configuration Exposure
+  name: BitBucket Pipelines Configuration Exposure
   author: DhiyaneshDK
   severity: info
   metadata:

exposures/files/pipeline-configuration.yaml

@@ -1,7 +1,7 @@
 id: pipeline-configuration
 
 info:
-  name: Pipleline Configuration Exposure
+  name: Pipeline Configuration Exposure
   author: DhiyaneshDK
   severity: info
   metadata: