From 52ede2665a1401f4b8cb0e62ac0e9d274ac9e52f Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 24 Feb 2022 23:32:18 +0000 Subject: [PATCH] Auto Generated CVE annotations [Thu Feb 24 23:32:18 UTC 2022] :robot: --- cves/2018/CVE-2018-9161.yaml | 5 +++++ cves/2022/CVE-2022-0653.yaml | 1 + 2 files changed, 6 insertions(+) diff --git a/cves/2018/CVE-2018-9161.yaml b/cves/2018/CVE-2018-9161.yaml index 88f8189a7a..5db121e528 100644 --- a/cves/2018/CVE-2018-9161.yaml +++ b/cves/2018/CVE-2018-9161.yaml @@ -9,6 +9,11 @@ info: - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5453.php - https://nvd.nist.gov/vuln/detail/CVE-2018-9161 tags: cve,cve2018,prismaweb,exposure + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2018-9161 + cwe-id: CWE-798 requests: - method: GET diff --git a/cves/2022/CVE-2022-0653.yaml b/cves/2022/CVE-2022-0653.yaml index 114ac988f7..e53d5843a4 100644 --- a/cves/2022/CVE-2022-0653.yaml +++ b/cves/2022/CVE-2022-0653.yaml @@ -7,6 +7,7 @@ info: reference: - https://www.wordfence.com/blog/2022/02/reflected-cross-site-scripting-vulnerability-patched-in-wordpress-profile-builder-plugin/ tags: cve,cve2022,wordpress,xss,wp-plugin + description: "The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1.\n\n" requests: - method: GET