Auto Generated CVE annotations [Thu Feb 24 23:32:18 UTC 2022] 🤖

2022-02-24 23:32:18 +00:00 · 2022-02-24 23:32:18 +00:00 · 52ede2665a
parent 203a15c6dc
commit 52ede2665a
2 changed files with 6 additions and 0 deletions
--- a/cves/2018/CVE-2018-9161.yaml
+++ b/cves/2018/CVE-2018-9161.yaml
@ -9,6 +9,11 @@ info:
    - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5453.php
    - https://nvd.nist.gov/vuln/detail/CVE-2018-9161
  tags: cve,cve2018,prismaweb,exposure
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.80
+    cve-id: CVE-2018-9161
+    cwe-id: CWE-798

 requests:
  - method: GET
--- a/cves/2022/CVE-2022-0653.yaml
+++ b/cves/2022/CVE-2022-0653.yaml
@ -7,6 +7,7 @@ info:
  reference:
    - https://www.wordfence.com/blog/2022/02/reflected-cross-site-scripting-vulnerability-patched-in-wordpress-profile-builder-plugin/
  tags: cve,cve2022,wordpress,xss,wp-plugin
+  description: "The Profile Builder &#8211; User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1.\n\n"

 requests:
  - method: GET