daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Dashboard Content Enhancements (#5324) 

Dashboard Content Enhancements
* dos2nix on several templates
* replacing some cvedetails links with NIST
patch-1
MostInterestingBotInTheWorld 2022-09-08 09:28:46 -04:00 committed by GitHub
parent 0f365a29a4
commit 554c11c57b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
195 changed files with 3191 additions and 2952 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cves/2008/CVE-2008-1059.yaml
View File

@ -10,7 +10,7 @@ info:
- https://www.exploit-db.com/exploits/5194
- https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881
- https://nvd.nist.gov/vuln/detail/CVE-2008-1059
- http://secunia.com/advisories/29099
- https://web.archive.org/web/20090615225856/http://secunia.com/advisories/29099/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5

8
cves/2008/CVE-2008-1061.yaml
View File

@ -1,16 +1,15 @@
id: CVE-2008-1061
info:
name: Wordpress Plugin Sniplets 1.2.2 - Cross-Site Scripting
name: WordPress Sniplets <=1.2.2 - Cross-Site Scripting
author: dhiyaneshDK
severity: medium
description: |
Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to (a) warning.php, (b) notice.php, and (c) inset.php in view/sniplets/, and possibly (d) modules/execute.php; the (2) url parameter to (e) view/admin/submenu.php; and the (3) page parameter to (f) view/admin/pager.php.
WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php.
reference:
- https://www.exploit-db.com/exploits/5194
- https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881
- https://nvd.nist.gov/vuln/detail/CVE-2008-1061
- http://secunia.com/advisories/29099
classification:
cve-id: CVE-2008-1061
tags: xss,wp-plugin,wp,edb,wpscan,cve,cve2008,wordpress,sniplets
@ -35,3 +34,6 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

2
cves/2011/CVE-2011-2744.yaml
View File

@ -7,8 +7,8 @@ info:
description: A directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.
reference:
- https://www.exploit-db.com/exploits/35945
- https://www.cvedetails.com/cve/CVE-2011-2744
- http://www.openwall.com/lists/oss-security/2011/07/13/6
- https://nvd.nist.gov/vuln/detail/CVE-2011-2744
- http://web.archive.org/web/20140723162411/http://secunia.com/advisories/45184/
classification:
cve-id: CVE-2011-2744

2
cves/2011/CVE-2011-4804.yaml
View File

@ -7,9 +7,9 @@ info:
description: A directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/36598
- https://www.cvedetails.com/cve/CVE-2011-4804
- http://web.archive.org/web/20140802122115/http://secunia.com/advisories/46844/
- http://web.archive.org/web/20210121214308/https://www.securityfocus.com/bid/48944/
- https://nvd.nist.gov/vuln/detail/CVE-2011-4804
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2011-4804

2
cves/2012/CVE-2012-0896.yaml
View File

@ -7,9 +7,9 @@ info:
description: An absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
reference:
- https://packetstormsecurity.com/files/108631/
- https://www.cvedetails.com/cve/CVE-2012-0896
- http://web.archive.org/web/20140804110141/http://secunia.com/advisories/47529/
- http://plugins.trac.wordpress.org/changeset/488883/count-per-day
- https://https://nvd.nist.gov/vuln/detail/CVE-2012-0896
classification:
cve-id: CVE-2012-0896
metadata:

1
cves/2013/CVE-2013-5979.yaml
View File

@ -8,7 +8,6 @@ info:
reference:
- https://www.exploit-db.com/exploits/26955
- https://nvd.nist.gov/vuln/detail/CVE-2013-5979
- https://www.cvedetails.com/cve/CVE-2013-5979
- https://bugs.launchpad.net/xibo/+bug/1093967
classification:
cve-id: CVE-2013-5979

1
cves/2014/CVE-2014-10037.yaml
View File

@ -7,7 +7,6 @@ info:
description: A directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impacts via a .. (dot dot) in the url parameter to photoalbum/index.php.
reference:
- https://www.exploit-db.com/exploits/30865
- https://www.cvedetails.com/cve/CVE-2014-10037
- https://nvd.nist.gov/vuln/detail/CVE-2014-10037
- http://www.exploit-db.com/exploits/30865
classification:

1
cves/2014/CVE-2014-5368.yaml
View File

@ -8,7 +8,6 @@ info:
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2014-5368
- https://www.exploit-db.com/exploits/39287
- https://www.cvedetails.com/cve/CVE-2014-5368
- http://seclists.org/oss-sec/2014/q3/417
classification:
cve-id: CVE-2014-5368

1
cves/2014/CVE-2014-8799.yaml
View File

@ -8,7 +8,6 @@ info:
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2014-8799
- https://www.exploit-db.com/exploits/35346
- https://www.cvedetails.com/cve/CVE-2014-8799
- https://wordpress.org/plugins/dukapress/changelog/
classification:
cve-id: CVE-2014-8799

8
cves/2015/CVE-2015-4127.yaml
View File

@ -1,16 +1,16 @@
id: CVE-2015-4127
info:
name: WordPress Plugin church_admin - Cross-Site Scripting (XSS)
name: WordPress Church Admin <0.810 - Cross-Site Scripting
author: daffainfo
severity: medium
description: |
Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/.
WordPress Church Admin plugin before 0.810 allows remote attackers to inject arbitrary web script or HTML via the address parameter via index.php/2015/05/21/church_admin-registration-form/.
reference:
- https://www.exploit-db.com/exploits/37112
- https://wpscan.com/vulnerability/2d5b3707-f58a-4154-93cb-93f7058e3408
- https://nvd.nist.gov/vuln/detail/CVE-2015-4127
- https://wordpress.org/plugins/church-admin/changelog/
- https://nvd.nist.gov/vuln/detail/CVE-2015-4127
classification:
cve-id: CVE-2015-4127
tags: wp-plugin,wp,edb,wpscan,cve,cve2015,wordpress,xss
@ -35,3 +35,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

1
cves/2016/CVE-2016-2389.yaml
View File

@ -7,7 +7,6 @@ info:
description: SAP xMII 15.0 for SAP NetWeaver 7.4 is susceptible to a local file inclusion vulnerability in the GetFileList function. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to /Catalog, aka SAP Security Note 2230978.
reference:
- https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
- https://www.cvedetails.com/cve/CVE-2016-2389
- http://packetstormsecurity.com/files/137046/SAP-MII-15.0-Directory-Traversal.html
- https://www.exploit-db.com/exploits/39837/
- https://nvd.nist.gov/vuln/detail/CVE-2016-2389

2
cves/2016/CVE-2016-6601.yaml
View File

@ -6,9 +6,9 @@ info:
severity: high
description: Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile
reference:
- https://www.cvedetails.com/cve/CVE-2016-6601
- https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt
- https://www.exploit-db.com/exploits/40229/
- https://nvd.nist.gov/vuln/detail/CVE-2016-6601
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5

8
cves/2017/CVE-2017-11629.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2017-11629
info:
name: FineCms 5.0.10 - Cross Site Scripting
name: FineCMS <=5.0.10 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request.
FineCMS through 5.0.10 contains a cross-site scripting vulnerability in controllers/api.php via the function parameter in a c=api&m=data2 request.
reference:
- http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#URL-Redirector-Abuse
- https://nvd.nist.gov/vuln/detail/CVE-2017-11629/
- http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#api-php-Reflected-XSS
- https://nvd.nist.gov/vuln/detail/CVE-2017-11629/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -39,3 +39,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

7
cves/2018/CVE-2018-19386.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2018-19386
info:
name: SolarWinds Database Performance Analyzer 11.1. 457 - Cross Site Scripting
name: SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting
author: pikpikcu
severity: medium
description: SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
description: SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
reference:
- https://www.cvedetails.com/cve/CVE-2018-19386/
- https://i.imgur.com/Y7t2AD6.png
- https://medium.com/greenwolf-security/reflected-xss-in-solarwinds-database-performance-analyzer-988bd7a5cd5
- https://nvd.nist.gov/vuln/detail/CVE-2018-19386
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -29,3 +30,5 @@ requests:
- type: word
words:
- '<a href="javascript:alert(document.domain)//'
# Enhanced by mp on 2022/08/31

9
cves/2018/CVE-2018-19439.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2018-19439
info:
name: Cross Site Scripting in Oracle Secure Global Desktop Administration Console
name: Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting
author: madrobot,dwisiswant0
severity: medium
description: XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4)
description: Oracle Secure Global Desktop Administration Console 4.4 contains a reflected cross-site scripting vulnerability in helpwindow.jsp via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.
reference:
- http://web.archive.org/web/20210124221313/https://www.securityfocus.com/bid/106006/
- http://seclists.org/fulldisclosure/2018/Nov/58
- http://packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-Administration-Console-4.4-Cross-Site-Scripting.html
- https://nvd.nist.gov/vuln/detail/CVE-2018-19439
remediation: Fixed in later versions including 5.4.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -25,3 +26,5 @@ requests:
words:
- "<script>alert(1337)</script><!--</TITLE>"
part: body
# Enhanced by mp on 2022/08/31

5
cves/2018/CVE-2018-19749.yaml
View File

@ -5,10 +5,11 @@ info:
author: arafatansari
severity: medium
description: |
DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via assets/add/account-owner.php Owner name field.
DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/account-owner.php Owner name field.
reference:
- https://github.com/domainmod/domainmod/issues/81
- https://www.exploit-db.com/exploits/45941/
- https://nvd.nist.gov/vuln/detail/CVE-2018-19749
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
cvss-score: 4.8
@ -49,3 +50,5 @@ requests:
- 'contains(all_headers_3, "text/html")'
- "contains(body_3, '><script>alert(document.domain)</script></a>')"
condition: and
# Enhanced by mp on 2022/08/31

6
cves/2018/CVE-2018-19751.yaml
View File

@ -5,11 +5,11 @@ info:
author: arafatansari
severity: medium
description: |
DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via /admin/ssl-fields/add.php Display Name, Description & Notes fields parameters.
DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /admin/ssl-fields/add.php Display Name, Description & Notes field parameters.
reference:
- https://www.exploit-db.com/exploits/45947/
- https://nvd.nist.gov/vuln/detail/CVE-2018-19751
- https://github.com/domainmod/domainmod/issues/83
- https://nvd.nist.gov/vuln/detail/CVE-2018-19751
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
cvss-score: 4.8
@ -58,3 +58,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

6
cves/2018/CVE-2018-19752.yaml
View File

@ -5,11 +5,11 @@ info:
author: arafatansari
severity: medium
description: |
DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes,registrar field.
DomainMOD through 4.11.01 contains a cross-site scripting vulnerability via the assets/add/registrar.php notes field for Registrar.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2018-19752
- https://github.com/domainmod/domainmod/issues/84
- https://www.exploit-db.com/exploits/45949/
- https://nvd.nist.gov/vuln/detail/CVE-2018-19752
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
cvss-score: 4.8
@ -57,3 +57,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

7
cves/2018/CVE-2018-19877.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2018-19877
info:
name: Adiscon LogAnalyzer 4.1.7 - Cross Site Scripting
name: Adiscon LogAnalyzer <4.1.7 - Cross-Site Scripting
author: arafatansari
severity: medium
description: |
Adiscon LogAnalyzer before 4.1.7 is affected by Cross-Site Scripting (XSS) in the 'referer' parameter of the login.php file.
Adiscon LogAnalyzer before 4.1.7 contains a cross-site scripting vulnerability in the 'referer' parameter of the login.php file.
reference:
- https://loganalyzer.adiscon.com/news/loganalyzer-v4-1-7-v4-stable-released/
- https://www.exploit-db.com/exploits/45958/
- https://nvd.nist.gov/vuln/detail/CVE-2018-19877
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -38,3 +39,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

5
cves/2018/CVE-2018-19892.yaml
View File

@ -5,10 +5,11 @@ info:
author: arafatansari
severity: medium
description: |
DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via /domain//admin/dw/add-server.php DisplayName parameters.
DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /domain//admin/dw/add-server.php DisplayName parameters.
reference:
- https://www.exploit-db.com/exploits/45959
- https://github.com/domainmod/domainmod/issues/85
- https://nvd.nist.gov/vuln/detail/CVE-2018-19892
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
cvss-score: 4.8
@ -56,3 +57,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

5
cves/2018/CVE-2018-19914.yaml
View File

@ -5,10 +5,11 @@ info:
author: arafatansari
severity: medium
description: |
DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via assets/add/dns.php Profile Name or notes field.
DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/dns.php Profile Name or notes field.
reference:
- https://www.exploit-db.com/exploits/46375/
- https://github.com/domainmod/domainmod/issues/87
- https://nvd.nist.gov/vuln/detail/CVE-2018-19914
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
cvss-score: 4.8
@ -49,3 +50,5 @@ requests:
- 'contains(all_headers_3, "text/html")'
- 'contains(body_3, "><script>alert(document.domain)</script></a>")'
condition: and
# Enhanced by mp on 2022/08/31

2
cves/2019/CVE-2019-1010290.yaml
View File

@ -7,8 +7,8 @@ info:
description: Babel Multilingual site Babel All is affected by Open Redirection The impact is Redirection to any URL, which is supplied to redirect in a newurl parameter. The component is redirect The attack vector is The victim must open a link created by an attacker
reference:
- https://untrustednetwork.net/en/2019/02/20/open-redirection-vulnerability-in-babel/
- https://www.cvedetails.com/cve/CVE-2019-1010290
- http://dev.cmsmadesimple.org/project/files/729
- https://nvd.nist.gov/vuln/detail/CVE-2019-1010290
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1

5
cves/2019/CVE-2019-14974.yaml
View File

@ -4,9 +4,10 @@ info:
name: SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
author: madrobot
severity: medium
description: SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS.
description: SugarCRM Enterprise 9.0.0 contains a cross-site scripting vulnerability via mobile/error-not-supported-platform.html?desktop_url.
reference:
- https://www.exploit-db.com/exploits/47247
- https://nvd.nist.gov/vuln/detail/CVE-2019-14974
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -27,3 +28,5 @@ requests:
words:
- "url = window.location.search.split(\"?desktop_url=\")[1]"
part: body
# Enhanced by mp on 2022/08/31

8
cves/2019/CVE-2019-15501.yaml
View File

@ -1,14 +1,14 @@
id: CVE-2019-15501
info:
name: LSoft ListServ - XSS
name: L-Soft LISTSERV <16.5-2018a - Cross-Site Scripting
author: LogicalHunter
severity: medium
description: Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter.
description: L-Soft LISTSERV before 16.5-2018a contains a reflected cross-site scripting vulnerability via the /scripts/wa.exe OK parameter.
reference:
- https://www.exploit-db.com/exploits/47302
- http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018a_WhatsNew.pdf
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15501
- https://nvd.nist.gov/vuln/detail/CVE-2019-15501
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -36,3 +36,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

8
cves/2019/CVE-2019-15811.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2019-15811
info:
name: DomainMOD 4.13.0 - Cross-Site Scripting
name: DomainMOD <=4.13.0 - Cross-Site Scripting
author: arafatansari
severity: medium
description: |
DomainMOD 4.13.0 is vulnerable to Cross Site Scripting (XSS) via /reporting/domains/cost-by-month.php in Daterange parameters.
DomainMOD through 4.13.0 contains a cross-site scripting vulnerability via /reporting/domains/cost-by-month.php in Daterange parameters.
reference:
- https://www.exploit-db.com/exploits/47325
- https://github.com/domainmod/domainmod/issues/108
- https://zerodays.lol/
- https://nvd.nist.gov/vuln/detail/CVE-2019-15811
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -44,3 +44,5 @@ requests:
- 'contains(body_2, "value=\"\"onfocus=\"alert(document.domain)\"autofocus=")'
- 'contains(body_2, "DomainMOD")'
condition: and
# Enhanced by mp on 2022/08/31

8
cves/2019/CVE-2019-15889.yaml
View File

@ -1,14 +1,14 @@
id: CVE-2019-15889
info:
name: WordPress Plugin Download Manager 2.9.93 - Reflected Cross-Site Scripting (XSS)
name: WordPress Download Manager <2.9.94 - Cross-Site Scripting
author: daffainfo
severity: medium
description: The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
description: WordPress Download Manager plugin before 2.9.94 contains a cross-site scripting vulnerability via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15889
- https://www.cybersecurity-help.cz/vdb/SB2019041819
- https://wordpress.org/plugins/download-manager/#developers
- https://nvd.nist.gov/vuln/detail/CVE-2019-15889
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -36,3 +36,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

7
cves/2019/CVE-2019-16332.yaml
View File

@ -1,13 +1,14 @@
id: CVE-2019-16332
info:
name: API Bearer Auth <= 20181229 - Reflected Cross-Site Scripting (XSS)
name: WordPress API Bearer Auth <20190907 - Cross-Site Scripting
author: daffainfo
severity: medium
description: In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
description: WordPress API Bearer Auth plugin before 20190907 contains a cross-site scripting vulnerability. The server parameter is not correctly filtered in swagger-config.yaml.php.
reference:
- https://plugins.trac.wordpress.org/changeset/2152730
- https://wordpress.org/plugins/api-bearer-auth/#developers
- https://nvd.nist.gov/vuln/detail/CVE-2019-16332
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -35,3 +36,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

8
cves/2019/CVE-2019-16525.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2019-16525
info:
name: Wordpress Plugin Checklist <= 1.1.5 - Reflected Cross-Site Scripting (XSS)
name: WordPress Checklist <1.1.9 - Cross-Site Scripting
author: daffainfo
severity: medium
description: An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code.
description: WordPress Checklist plugin before 1.1.9 contains a cross-site scripting vulnerability. The fill parameter is not correctly filtered in the checklist-icon.php file.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2019-16525
- https://wordpress.org/plugins/checklist/#developers
- https://packetstormsecurity.com/files/154436/WordPress-Checklist-1.1.5-Cross-Site-Scripting.html
- https://plugins.trac.wordpress.org/changeset/2155029/
- https://nvd.nist.gov/vuln/detail/CVE-2019-16525
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -37,3 +37,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

8
cves/2019/CVE-2019-16931.yaml
View File

@ -1,16 +1,16 @@
id: CVE-2019-16931
info:
name: Visualizer < 3.3.1 - Stored Cross-Site Scripting (XSS)
name: WordPress Visualizer <3.3.1 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
By abusing a lack of access controls on the /wp-json/visualizer/v1/update-chart WP-JSON API endpoint, an attacker can arbitrarily modify meta data of an existing chart, and inject a XSS payload to be stored and later executed when an admin goes to edit the chart.
WordPress Visualizer plugin before 3.3.1 contains a stored cross-site scripting vulnerability via /wp-json/visualizer/v1/update-chart WP-JSON API endpoint. An unauthenticated attacker can execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard.
reference:
- https://wpscan.com/vulnerability/867e000d-d2f5-4d53-89b0-41d7d4163f44
- https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf
- https://nvd.nist.gov/vuln/detail/CVE-2019-16931
- https://wpvulndb.com/vulnerabilities/9893
- https://nvd.nist.gov/vuln/detail/CVE-2019-16931
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -44,3 +44,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

2
cves/2019/CVE-2019-17382.yaml
View File

@ -7,7 +7,7 @@ info:
description: Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view&dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
reference:
- https://www.exploit-db.com/exploits/47467
- https://www.cvedetails.com/cve/CVE-2019-17382/
- https://nvd.nist.gov/vuln/detail/CVE-2019-17382
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 9.1

1
cves/2019/CVE-2019-18665.yaml
View File

@ -9,7 +9,6 @@ info:
reference:
- https://atomic111.github.io/article/secudos-domos-directory_traversal
- https://vuldb.com/?id.144804
- https://www.cvedetails.com/cve/CVE-2019-18665
- https://www.secudos.de/news-und-events/aktuelle-news/domos-release-5-6
- https://nvd.nist.gov/vuln/detail/CVE-2019-18665
classification:

7
cves/2019/CVE-2019-19134.yaml
View File

@ -1,15 +1,16 @@
id: CVE-2019-19134
info:
name: Hero Maps Premium < 2.2.3 - Unauthenticated Reflected Cross-Site Scripting (XSS)
name: WordPress Hero Maps Premium <=2.2.1 - Cross-Site Scripting
author: daffainfo
severity: medium
description: The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index.php p parameter because it fails to sufficiently sanitize user-supplied input - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
description: WordPress Hero Maps Premium plugin 2.2.1 and prior contains an unauthenticated reflected cross-site scripting vulnerability via the views/dashboard/index.php p parameter.
reference:
- https://wpscan.com/vulnerability/d179f7fe-e3e7-44b3-9bf8-aab2e90dbe01
- https://www.hooperlabs.xyz/disclosures/cve-2019-19134.php
- https://heroplugins.com/product/maps/
- https://heroplugins.com/changelogs/hmaps/changelog.txt
- https://nvd.nist.gov/vuln/detail/CVE-2019-19134
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -37,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

7
cves/2019/CVE-2019-19368.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2019-19368
info:
name: Rumpus FTP Web File Manager 8.2.9.1 XSS
name: Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting
author: madrobot
severity: medium
description: A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts
description: Rumpus FTP Web File Manager 8.2.9.1 contains a reflected cross-site scripting vulnerability via the Login page. An attacker can send a crafted link to end users and can execute arbitrary JavaScript.
reference:
- https://github.com/harshit-shukla/CVE-2019-19368/
- https://www.maxum.com/Rumpus/Download.html
- http://packetstormsecurity.com/files/155719/Rumpus-FTP-Web-File-Manager-8.2.9.1-Cross-Site-Scripting.html
- https://nvd.nist.gov/vuln/detail/CVE-2019-19368
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -29,3 +30,5 @@ requests:
words:
- "value=''><sVg/OnLoAD=alert`1337`//'>"
part: body
# Enhanced by mp on 2022/08/31

7
cves/2019/CVE-2019-19908.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2019-19908
info:
name: phpMyChat-Plus - Cross-Site Scripting
name: phpMyChat-Plus 1.98 - Cross-Site Scripting
author: madrobot
severity: medium
description: phpMyChat-Plus 1.98 is vulnerable to reflected cross-site scripting (XSS) via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.
description: phpMyChat-Plus 1.98 contains a cross-site scripting vulnerability via pmc_username parameter of pass_reset.php in password reset URL.
reference:
- https://cinzinga.github.io/CVE-2019-19908/
- http://ciprianmp.com/
- https://sourceforge.net/projects/phpmychat/
- https://nvd.nist.gov/vuln/detail/CVE-2019-19908
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -29,3 +30,5 @@ requests:
words:
- "<script>alert(1337)</script>"
part: body
# Enhanced by mp on 2022/08/31

7
cves/2019/CVE-2019-20141.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2019-20141
info:
name: Neon Dashboard - Cross-Site Scripting
name: WordPress Laborator Neon Theme 2.0 - Cross-Site Scripting
author: knassar702
severity: medium
description: An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter.
description: WordPress Laborator Neon theme 2.0 contains a cross-site scripting vulnerability via the data/autosuggest-remote.php q parameter.
reference:
- https://knassar7o2.blogspot.com/2019/12/neon-dashboard-cve-2019-20141.html
- https://knassar7o2.blogspot.com/2019/12/neon-dashboard-xss-reflected.html
- https://knassar702.github.io/cve/neon/
- https://nvd.nist.gov/vuln/detail/CVE-2019-20141
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -33,3 +34,5 @@ requests:
words:
- "text/html"
part: header
# Enhanced by mp on 2022/08/31

8
cves/2019/CVE-2019-20210.yaml
View File

@ -1,16 +1,16 @@
id: CVE-2019-20210
info:
name: CTHthemes CityBook < 2.3.4 - Reflected XSS
name: WordPress CTHthemes - Cross-Site Scripting
author: edoardottt
severity: medium
description: |
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query.
WordPress CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes contain reflected cross-site scripting vulnerabilities via a search query.
reference:
- https://wpscan.com/vulnerability/10013
- https://nvd.nist.gov/vuln/detail/CVE-2019-20210
- https://wpvulndb.com/vulnerabilities/10018
- https://cxsecurity.com/issue/WLB-2019120112
- https://nvd.nist.gov/vuln/detail/CVE-2019-20210
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -40,3 +40,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

7
cves/2019/CVE-2019-3402.yaml
View File

@ -1,13 +1,14 @@
id: CVE-2019-3402
info:
name: Jira - Reflected XSS using searchOwnerUserName parameter.
name: Jira <8.1.1 - Cross-Site Scripting
author: pdteam
severity: medium
description: The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.
description: Jira before 8.1.1 contains a cross-site scripting vulnerability via ConfigurePortalPages.jspa resource in the searchOwnerUserName parameter.
reference:
- https://gist.github.com/0x240x23elu/891371d46a1e270c7bdded0469d8e09c
- https://jira.atlassian.com/browse/JRASERVER-69243
- https://nvd.nist.gov/vuln/detail/CVE-2019-3402
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -31,3 +32,5 @@ requests:
words:
- "<script>alert(1)</script>"
part: body
# Enhanced by mp on 2022/08/31

14
cves/2019/CVE-2019-3911.yaml
View File

@ -1,14 +1,12 @@
id: CVE-2019-3911
info:
name: LabKey Server < 18.3.0 - XSS
name: LabKey Server Community Edition <18.3.0 - Cross-Site Scripting
author: princechaddha
severity: medium
description: Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror
parameter in the /__r2/query endpoints.
description: LabKey Server Community Edition before 18.3.0-61806.763 contains a reflected cross-site scripting vulnerability via the onerror parameter in the /__r2/query endpoints, which allows an unauthenticated remote attacker to inject arbitrary JavaScript.
reference:
- https://www.tenable.com/security/research/tra-2019-03
- https://www.cvedetails.com/cve/CVE-2019-3911
- https://nvd.nist.gov/vuln/detail/CVE-2019-3911
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -17,24 +15,22 @@ info:
metadata:
shodan-query: 'Server: Labkey'
tags: cve,cve2019,xss,labkey,tenable
requests:
- method: GET
path:
- '{{BaseURL}}/__r2/query-printRows.view?schemaName=ListManager&query.queryName=ListManager&query.sort=Nameelk5q%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Ezp59r&query.containerFilterName=CurrentAndSubfolders&query.selectionKey=%24ListManager%24ListManager%24%24query&query.showRows=ALL'
matchers-condition: and
matchers:
- type: word
part: body
words:
- "</script><script>alert(document.domain)</script>"
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# Enhanced by cs on 2022/09/07

12
cves/2019/CVE-2019-7219.yaml
View File

@ -1,26 +1,25 @@
id: CVE-2019-7219
info:
name: Zarafa WebApp Reflected XSS
name: Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting
author: pdteam
severity: medium
description: |
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.
Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
reference:
- https://github.com/verifysecurity/CVE-2019-7219
- https://stash.kopano.io/repos?visibility=public
- https://nvd.nist.gov/vuln/detail/CVE-2019-7219
remediation: This is a discontinued product. The issue was fixed in later versions. However, some former Zarafa WebApp customers use the related Kopano product instead.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2019-7219
cwe-id: CWE-79
tags: cve,cve2019,zarafa,xss
requests:
- method: GET
path:
- '{{BaseURL}}/webapp/?fccc%27\%22%3E%3Csvg/onload=alert(/xss/)%3E'
matchers-condition: and
matchers:
- type: word
@ -31,7 +30,8 @@ requests:
part: header
words:
- "text/html"
- type: status
status:
- 200
# Enhanced by cs on 2022/09/07

6
cves/2019/CVE-2019-7543.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2019-7543
info:
name: KindEditor 4.1.11, the php/demo.php - (XSS)
name: KindEditor 4.1.11 - Cross-Site Scripting
author: pikpikcu
severity: medium
description: KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability.
description: KindEditor 4.1.11 contains a cross-site scripting vulnerability via the php/demo.php content1 parameter.
reference:
- https://github.com/0xUhaw/CVE-Bins/tree/master/KindEditor
- https://nvd.nist.gov/vuln/detail/CVE-2019-7543
@ -36,3 +36,5 @@ requests:
part: header
words:
- text/html
# Enhanced by mp on 2022/08/31

8
cves/2019/CVE-2019-8937.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2019-8937
info:
name: HotelDruid 2.3.0 - XSS
name: HotelDruid 2.3.0 - Cross-Site Scripting
author: LogicalHunter
severity: medium
description: HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php.
description: HotelDruid 2.3.0 contains a cross-site scripting vulnerability affecting nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php.
reference:
- https://www.exploit-db.com/exploits/46429
- https://www.exploit-db.com/exploits/46429/
- https://sourceforge.net/projects/hoteldruid/
- http://packetstormsecurity.com/files/151779/HotelDruid-2.3-Cross-Site-Scripting.html
- https://nvd.nist.gov/vuln/detail/CVE-2019-8937
metadata:
verified: true
classification:
@ -44,3 +44,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

9
cves/2019/CVE-2019-9955.yaml
View File

@ -1,17 +1,16 @@
id: CVE-2019-9955
info:
name: Zyxel - Reflected Cross-site Scripting
name: Zyxel - Cross-Site Scripting
author: pdteam
severity: medium
description: On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security
firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter.
description: Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, and ZyWALL 1100 devices contain a reflected cross-site scripting vulnerability on the security firewall login page via the mp_idx parameter.
reference:
- http://packetstormsecurity.com/files/152525/Zyxel-ZyWall-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2019/Apr/22
- https://www.exploit-db.com/exploits/46706/
- https://www.securitymetrics.com/blog/Zyxel-Devices-Vulnerable-Cross-Site-Scripting-Login-page
- https://www.zyxel.com/support/reflected-cross-site-scripting-vulnerability-of-firewalls.shtml
- https://nvd.nist.gov/vuln/detail/CVE-2019-9955
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -31,3 +30,5 @@ requests:
- "\";alert('1');//"
- "<title>Welcome</title>"
condition: and
# Enhanced by mp on 2022/08/31

7
cves/2019/CVE-2019-9978.yaml
View File

@ -1,15 +1,16 @@
id: CVE-2019-9978
info:
name: WordPress social-warfare RFI
name: WordPress Social Warfare <3.5.3 - Cross-Site Scripting
author: madrobot,dwisiswant0
severity: medium
description: The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.
description: WordPress Social Warfare plugin before 3.5.3 contains a cross-site scripting vulnerability via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, affecting Social Warfare and Social Warfare Pro.
reference:
- https://github.com/mpgn/CVE-2019-9978
- https://www.wordfence.com/blog/2019/03/unpatched-zero-day-vulnerability-in-social-warfare-plugin-exploited-in-the-wild/
- https://www.pluginvulnerabilities.com/2019/03/21/full-disclosure-of-settings-change-persistent-cross-site-scripting-xss-vulnerability-in-social-warfare/
- https://www.cybersecurity-help.cz/vdb/SB2019032105
- https://nvd.nist.gov/vuln/detail/CVE-2019-9978
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -32,3 +33,5 @@ requests:
part: interactsh_protocol
words:
- "http"
# Enhanced by mp on 2022/08/31

8
cves/2020/CVE-2020-11110.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2020-11110
info:
name: Grafana Unauthenticated Stored XSS
name: Grafana <=6.7.1 - Cross-Site Scripting
author: emadshanab
severity: medium
description: Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
description: Grafana through 6.7.1 contains an unauthenticated stored cross-site scripting vulnerability due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
reference:
- https://web.archive.org/web/20210717142945/https://ctf-writeup.revers3c.com/challenges/web/CVE-2020-11110/index.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-11110
- https://github.com/grafana/grafana/blob/master/CHANGELOG.md
- https://security.netapp.com/advisory/ntap-20200810-0002/
- https://nvd.nist.gov/vuln/detail/CVE-2020-11110
remediation: This issue can be resolved by updating Grafana to the latest version.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
@ -57,3 +57,5 @@ requests:
group: 1
regex:
- '"url":"([a-z:/0-9A-Z]+)"'
# Enhanced by mp on 2022/09/02

7
cves/2020/CVE-2020-11930.yaml
View File

@ -1,16 +1,17 @@
id: CVE-2020-11930
info:
name: WordPress Plugin "Translate WordPress with GTranslate" (gtranslate) XSS
name: WordPress GTranslate <2.8.52 - Cross-Site Scripting
author: dhiyaneshDK
severity: medium
description: |
The GTranslate plugin before 2.8.52 for WordPress was vulnerable to an Unauthenticated Reflected XSS vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.
WordPress GTranslate plugin before 2.8.52 contains an unauthenticated reflected cross-site scripting vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.
reference:
- https://wpscan.com/vulnerability/10181
- https://payatu.com/blog/gaurav/analysis-of-cve-2020-11930:-reflected-xss-in-gtranslate-wordpress-module
- https://plugins.trac.wordpress.org/changeset/2245581/gtranslate
- https://plugins.trac.wordpress.org/changeset/2245591/gtranslate
- https://nvd.nist.gov/vuln/detail/CVE-2020-11930
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -36,3 +37,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/02

8
cves/2020/CVE-2020-12054.yaml
View File

@ -1,14 +1,16 @@
id: CVE-2020-12054
info:
name: Catch Breadcrumb < 1.5.7 - Unauthenticated Reflected XSS
name: WordPress Catch Breadcrumb <1.5.4 - Cross-Site Scripting
author: daffainfo
severity: medium
description: The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query).
description: |
WordPress Catch Breadcrumb plugin before 1.5.4 contains a reflected cross-site scripting vulnerability via the s parameter (a search query). Also affected are 16 themes if the plugin is enabled: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO.
reference:
- https://wpscan.com/vulnerability/30a83491-2f59-4c41-98bd-a9e6e5a609d4
- https://wpvulndb.com/vulnerabilities/10184
- https://cxsecurity.com/issue/WLB-2020040144
- https://nvd.nist.gov/vuln/detail/CVE-2020-12054
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -38,3 +40,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/02

7
cves/2020/CVE-2020-14408.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2020-14408
info:
name: Agentejo Cockpit 0.10.2 - Reflected XSS
name: Agentejo Cockpit 0.10.2 - Cross-Site Scripting
author: edoardottt
severity: medium
description: An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in the /auth/login route allows for injection of arbitrary JavaScript code into a web page's content, creating a Reflected XSS attack vector.
description: Agentejo Cockpit 0.10.2 contains a reflected cross-site scripting vulnerability due to insufficient sanitization of the to parameter in the /auth/login route, which allows for injection of arbitrary JavaScript code into a web page's content.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -13,7 +13,6 @@ info:
reference:
- https://github.com/agentejo/cockpit/issues/1310
- https://nvd.nist.gov/vuln/detail/CVE-2020-14408
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14408
metadata:
verified: true
tags: cve,cve2022,cockpit,agentejo,xss,oss
@ -39,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/02

8
cves/2020/CVE-2020-5191.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2020-5191
info:
name: Hospital Management System 4.0 - Cross-Site Scripting
name: PHPGurukul Hospital Management System - Cross-Site Scripting
author: TenBird
severity: medium
description: |
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.
PHPGurukul Hospital Management System in PHP 4.0 contains multiple cross-site scripting vulnerabilities. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
reference:
- https://www.exploit-db.com/exploits/47841
- https://nvd.nist.gov/vuln/detail/CVE-2020-5191
- https://phpgurukul.com/hospital-management-system-in-php/
- https://nvd.nist.gov/vuln/detail/CVE-2020-5191
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -53,3 +53,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/02

10
cves/2020/CVE-2020-8115.yaml
View File

@ -1,21 +1,21 @@
id: CVE-2020-8115
info:
name: Revive Adserver XSS
name: Revive Adserver <=5.0.3 - Cross-Site Scripting
author: madrobot,dwisiswant0
severity: medium
description: |
A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back without proper escaping in a JavaScript context, allowing an attacker to execute arbitrary JS code on the browser of the victim.
Revive Adserver 5.0.3 and prior contains a reflected cross-site scripting vulnerability in the publicly accessible afr.php delivery script. In older versions, it is possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script is printed back without proper escaping, allowing an attacker to execute arbitrary JavaScript code on the browser of the victim.
reference:
- https://hackerone.com/reports/775693
- https://www.revive-adserver.com/security/revive-sa-2020-001/
- https://nvd.nist.gov/vuln/detail/CVE-2020-8115
remediation: There are currently no known exploits. As of 3.2.2, the session identifier cannot be accessed as it is stored in an http-only cookie.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2020-8115
cwe-id: CWE-79
tags: cve,cve2020,xss,hackerone
requests:
- method: GET
path:
@ -29,3 +29,5 @@ requests:
part: body
regex:
- (?mi)window\.location\.replace\(".*alert\(1337\)
# Enhanced by cs on 2022/09/07

7
cves/2020/CVE-2020-8191.yaml
View File

@ -1,13 +1,14 @@
id: CVE-2020-8191
info:
name: Citrix ADC & NetScaler Gateway Reflected XSS
name: Citrix ADC/Gateway - Cross-Site Scripting
author: dwisiswant0
severity: medium
description: |
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).
Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 contain a cross-site scripting vulnerability due to improper input validation.
reference:
- https://support.citrix.com/article/CTX276688
- https://nvd.nist.gov/vuln/detail/CVE-2020-8191
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -40,3 +41,5 @@ requests:
words:
- "text/html"
part: header
# Enhanced by mp on 2022/09/02

7
cves/2020/CVE-2020-8512.yaml
View File

@ -1,15 +1,16 @@
id: CVE-2020-8512
info:
name: IceWarp WebMail XSS
name: IceWarp WebMail Server <=11.4.4.1 - Cross-Site Scripting
author: pdteam,dwisiswant0
severity: medium
description: In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.
description: IceWarp Webmail Server through 11.4.4.1 contains a cross-site scripting vulnerability in the /webmail/ color parameter.
reference:
- https://www.exploit-db.com/exploits/47988
- https://twitter.com/sagaryadav8742/status/1275170967527006208
- https://cxsecurity.com/issue/WLB-2020010205
- https://packetstormsecurity.com/files/156103/IceWarp-WebMail-11.4.4.1-Cross-Site-Scripting.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-8512
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -36,3 +37,5 @@ requests:
words:
- "text/html"
part: header
# Enhanced by mp on 2022/09/02

6
cves/2020/CVE-2020-9036.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2020-9036
info:
name: Jeedom through 4.0.38 allows XSS
name: Jeedom <=4.0.38 - Cross-Site Scripting
author: pikpikcu
severity: medium
description: Jeedom through 4.0.38 allows XSS.
description: Jeedom through 4.0.38 contains a cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
reference:
- https://sysdream.com/news/lab/2020-08-05-cve-2020-9036-jeedom-xss-leading-to-remote-code-execution/
- https://nvd.nist.gov/vuln/detail/CVE-2020-9036
@ -35,3 +35,5 @@ requests:
part: header
words:
- text/html
# Enhanced by mp on 2022/09/02

7
cves/2020/CVE-2020-9344.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2020-9344
info:
name: Jira Subversion ALM for enterprise XSS
name: Jira Subversion ALM for Enterprise <8.8.2 - Cross-Site Scripting
author: madrobot
severity: medium
description: Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations.
description: Jira Subversion ALM for Enterprise before 8.8.2 contains a cross-site scripting vulnerability at multiple locations.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9344
- https://kintosoft.atlassian.net/wiki/spaces/SVNALM/pages/753565697/Security+Bulletin
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-007.txt
- https://nvd.nist.gov/vuln/detail/CVE-2020-13483
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -40,3 +41,5 @@ requests:
words:
- "text/html"
part: header
# Enhanced by md on 2022/09/02

7
cves/2020/CVE-2020-9496.yaml
View File

@ -1,15 +1,16 @@
id: CVE-2020-9496
info:
name: Apache OFBiz XML-RPC Java Deserialization
name: Apache OFBiz 17.12.03 - Cross-Site Scripting
author: dwisiswant0
severity: medium
description: XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
description: Apache OFBiz 17.12.03 contains cross-site scripting and unsafe deserialization vulnerabilities via an XML-RPC request.
reference:
- http://packetstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserialization.html
- http://packetstormsecurity.com/files/161769/Apache-OFBiz-XML-RPC-Java-Deserialization.html
- https://securitylab.github.com/advisories/GHSL-2020-069-apache_ofbiz
- https://s.apache.org/l0994
- https://nvd.nist.gov/vuln/detail/CVE-2020-9496
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -43,3 +44,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/09/02

2
vulnerabilities/other/cisco-rv-series-rce.yaml → cves/2021/CVE-2021-1472.yaml
View File

@ -1,4 +1,4 @@
id: cisco-rv-series-rce
id: CVE-2021-1472
info:
name: Cisco Small Business RV Series - Authentication Bypass and Command Injection

8
cves/2021/CVE-2021-20137.yaml
View File

@ -1,19 +1,19 @@
id: CVE-2021-20137
info:
name: Gryphon Tower - Reflected XSS
name: Gryphon Tower - Cross-Site Scripting
author: edoardottt
severity: medium
description: A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower router's web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker javascript execution in the context of the victim's browser.
description: Gryphon Tower router web interface contains a reflected cross-site scripting vulnerability in the url parameter of the /cgi-bin/luci/site_access/ page. An attacker can exploit this issue by tricking a user into following a specially crafted link, granting the attacker JavaScript execution in the victim's browser.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-20137
cwe-id: CWE-79
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-20137
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20137
- https://www.tenable.com/security/research/tra-2021-51
- https://nvd.nist.gov/vuln/detail/CVE-2021-20137
tags: xss,tenable,cve,cve2021,gryphon
requests:
@ -38,3 +38,5 @@ requests:
- 'onfocus=alert(document.domain) autofocus=1>'
- 'Send Access Request URL'
condition: and
# Enhanced by md on 2022/09/02

8
cves/2021/CVE-2021-20792.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2021-20792
info:
name: Quiz And Survey Master < 7.1.14 - Reflected Cross-Site Scripting
name: WordPress Quiz and Survey Master <7.1.14 - Cross-Site Scripting
author: dhiyaneshDK
severity: medium
description: Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors."
description: WordPress Quiz and Survey Master plugin prior to 7.1.14 contains a cross-site scripting vulnerability which allows a remote attacker to inject arbitrary script via unspecified vectors.
reference:
- https://wpscan.com/vulnerability/4deb3464-00ed-483b-8d91-f9dffe2d57cf
- https://nvd.nist.gov/vuln/detail/CVE-2021-20792
- https://quizandsurveymaster.com/
- https://jvn.jp/en/jp/JVN65388002/index.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-20792
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -48,3 +48,5 @@ requests:
part: header
words:
- "text/html"
# Enhanced by mp on 2022/09/02

7
cves/2021/CVE-2021-21799.yaml
View File

@ -1,14 +1,13 @@
id: CVE-2021-21799
info:
name: Advantech R-SeeNet v 2.4.12 - Cross Site Scripting
name: Advantech R-SeeNet 2.4.12 - Cross-Site Scripting
author: arafatansari
severity: medium
description: |
Advantech R-SeeNet v 2.4.12 is vulnerable to Refleced Cross Site Scripting in the telnet_form.php script functionality.
Advantech R-SeeNet 2.4.12 contains a reflected cross-site scripting vulnerability in the telnet_form.php script functionality.
reference:
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1270
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21799
- https://nvd.nist.gov/vuln/detail/CVE-2021-21799
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
@ -40,3 +39,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/02

7
cves/2021/CVE-2021-21800.yaml
View File

@ -1,14 +1,13 @@
id: CVE-2021-21800
info:
name: Advantech R-SeeNet v 2.4.12 - Cross Site Scripting
name: Advantech R-SeeNet 2.4.12 - Cross-Site Scripting
author: arafatansari
severity: medium
description: |
Advantech R-SeeNet v 2.4.12 is vulnerable to Refleced Cross Site Scripting in the ssh_form.php script functionality.
Advantech R-SeeNet 2.4.12 contains a reflected cross-site scripting vulnerability in the ssh_form.php script functionality.
reference:
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1271
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21800
- https://nvd.nist.gov/vuln/detail/CVE-2021-21800
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
@ -40,3 +39,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/02

8
cves/2021/CVE-2021-21801.yaml
View File

@ -1,13 +1,13 @@
id: CVE-2021-21801
info:
name: Advantech R-SeeNet graph parameter - Reflected Cross-Site Scripting (XSS)
name: Advantech R-SeeNet - Cross-Site Scripting
author: gy741
severity: medium
description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to
arbitrary JavaScript code execution.
description: Advantech R-SeeNet contains a cross-site scripting vulnerability in the device_graph_page.php script via the graph parameter. A specially crafted URL by an attacker can lead to arbitrary JavaScript code execution.
reference:
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272
- https://nvd.nist.gov/vuln/detail/CVE-2021-21801
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -37,3 +37,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/02

8
cves/2021/CVE-2021-21802.yaml
View File

@ -1,13 +1,13 @@
id: CVE-2021-21802
info:
name: Advantech R-SeeNet device_id parameter - Reflected Cross-Site Scripting (XSS)
name: Advantech R-SeeNet - Cross-Site Scripting
author: gy741
severity: medium
description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to
arbitrary JavaScript code execution.
description: Advantech R-SeeNet contains a cross-site scripting vulnerability in the device_graph_page.php script via the device_id parameter. A specially crafted URL by an attacker can lead to arbitrary JavaScript code execution.
reference:
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272
- https://nvd.nist.gov/vuln/detail/CVE-2021-21801
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -37,3 +37,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/02

8
cves/2021/CVE-2021-21803.yaml
View File

@ -1,13 +1,13 @@
id: CVE-2021-21803
info:
name: Advantech R-SeeNet is2sim parameter - Reflected Cross-Site Scripting (XSS)
name: Advantech R-SeeNet - Cross-Site Scripting
author: gy741
severity: medium
description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to
arbitrary JavaScript code execution.
description: Advantech R-SeeNet is vulnerable to cross-site scripting via the device_graph_page.php script via the is2sim parameter. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
reference:
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272
- https://nvd.nist.gov/vuln/detail/CVE-2021-21803
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -37,3 +37,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/02

8
cves/2021/CVE-2021-22122.yaml
View File

@ -1,16 +1,16 @@
id: CVE-2021-22122
info:
name: FortiWeb v6.3.x-6.2.x Unauthenticated XSS
name: FortiWeb - Cross-Site Scripting
author: dwisiswant0
severity: medium
description: |
An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated,
remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points.
FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points.
reference:
- https://www.fortiguard.com/psirt/FG-IR-20-122
- https://twitter.com/ptswarm/status/1357316793753362433
- https://fortiguard.com/advisory/FG-IR-20-122
- https://nvd.nist.gov/vuln/detail/CVE-2021-22122
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -31,3 +31,5 @@ requests:
- "No policy has been chosen."
condition: and
part: body
# Enhanced by mp on 2022/09/02

7
cves/2021/CVE-2021-24176.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2021-24176
info:
name: WordPress JH 404 Logger XSS
name: WordPress JH 404 Logger <=1.1 - Cross-Site Scripting
author: Ganofins
severity: medium
description: JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard.
description: WordPress JH 404 Logger plugin through 1.1 contains a cross-site scripting vulnerability. Referer and path of 404 pages are not properly sanitized when they are output in the WordPress dashboard, which can lead to executing arbitrary JavaScript code.
reference:
- https://wpscan.com/vulnerability/705bcd6e-6817-4f89-be37-901a767b0585
- https://wordpress.org/plugins/jh-404-logger/
- https://ganofins.com/blog/my-first-cve-2021-24176/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24176
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
@ -31,3 +32,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/02

8
cves/2021/CVE-2021-24235.yaml
View File

@ -1,14 +1,14 @@
id: CVE-2021-24235
info:
name: Goto - Tour & Travel < 2.0 - Reflected Cross-Site Scripting (XSS)
name: WordPress Goto Tour & Travel Theme <2.0 - Cross-Site Scripting
author: daffainfo
severity: medium
description: The Goto WordPress theme before 2.0 does not sanitise the keywords and start_date GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue.
description: WordPress Goto Tour & Travel theme before 2.0 contains an unauthenticated reflected cross-site scripting vulnerability. It does not sanitize the keywords and start_date GET parameters on its Tour List page.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-24235
- https://wpscan.com/vulnerability/eece90aa-582b-4c49-8b7c-14027f9df139
- https://m0ze.ru/vulnerability/[2021-02-10]-[WordPress]-[CWE-79]-Goto-WordPress-Theme-v1.9.txt
- https://nvd.nist.gov/vuln/detail/CVE-2021-24235
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -38,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/02

8
cves/2021/CVE-2021-24237.yaml
View File

@ -1,14 +1,14 @@
id: CVE-2021-24237
info:
name: Realteo WordPress Plugin <= 1.2.3 - Unauthenticated Reflected XSS
name: WordPress Realteo <=1.2.3 - Cross-Site Scripting
author: 0x_Akoko
severity: medium
description: The plugin, used by the Findeo Theme, did not properly sanitise the keyword_search, search_radius.
description: WordPress Realteo plugin 1.2.3 and prior contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of keyword_search, search_radius. _bedrooms and _bathrooms GET parameters before outputting them in its properties page.
reference:
- https://wpscan.com/vulnerability/087b27c4-289e-410f-af74-828a608a4e1e
- https://m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-79]-Realteo-WordPress-Plugin-v1.2.3.txt
- https://m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-79]-Findeo-WordPress-Theme-v1.3.0.txt
- https://nvd.nist.gov/vuln/detail/CVE-2021-24237
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -38,3 +38,5 @@ requests:
words:
- "text/html"
part: header
# Enhanced by mp on 2022/09/02

9
cves/2021/CVE-2021-24245.yaml
View File

@ -1,15 +1,14 @@
id: CVE-2021-24245
info:
name: WordPress Plugin Stop Spammers 2021.8 - Reflected XSS
name: WordPress Stop Spammers <2021.9 - Cross-Site Scripting
author: edoardottt
severity: medium
description: The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue.
description: WordPress Stop Spammers plugin before 2021.9 contains a reflected cross-site scripting vulnerability. It does not escape user input when blocking requests (such as matching a spam word), thus outputting it in an attribute after sanitizing it to remove HTML tags.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-24245
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24245
- https://packetstormsecurity.com/files/162623/WordPress-Stop-Spammers-2021.8-Cross-Site-Scripting.html
- https://wpscan.com/vulnerability/5e7accd6-08dc-4c6e-9d19-73e2d7e97735
- https://nvd.nist.gov/vuln/detail/CVE-2021-24245
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -42,3 +41,5 @@ requests:
part: body
words:
- "ad\" accesskey=X onclick=alert(1)"
# Enhanced by mp on 2022/09/02

8
cves/2021/CVE-2021-24274.yaml
View File

@ -1,14 +1,14 @@
id: CVE-2021-24274
info:
name: Ultimate Maps by Supsystic < 1.2.5 - Reflected Cross-Site scripting (XSS)
name: WordPress Supsystic Ultimate Maps <1.2.5 - Cross-Site Scripting
author: dhiyaneshDK
severity: medium
description: The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
description: WordPress Supsystic Ultimate Maps plugin before 1.2.5 contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of the tab parameter on the options page before outputting it in an attribute.
reference:
- https://wpscan.com/vulnerability/200a3031-7c42-4189-96b1-bed9e0ab7c1d
- https://nvd.nist.gov/vuln/detail/CVE-2021-24274
- http://packetstormsecurity.com/files/164316/WordPress-Ultimate-Maps-1.2.4-Cross-Site-Scripting.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-24274
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -36,3 +36,5 @@ requests:
words:
- "text/html"
part: header
# Enhanced by mp on 2022/09/02

2
cves/2021/CVE-2021-25075.yaml
View File

@ -3,7 +3,7 @@ id: CVE-2021-25075
info:
name: WordPress Duplicate Page or Post <1.5.1 - Cross-Site Scripting
author: DhiyaneshDK
severity: low
severity: high
description: |
WordPress Duplicate Page or Post plugin before 1.5.1 contains a stored cross-site scripting vulnerability. The plugin does not have any authorization and has a flawed cross-site request forgery check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing unauthenticated users to call it and change the plugin's settings, or perform such attack via cross-site request forgery.
reference:

2
cves/2021/CVE-2021-25120.yaml
View File

@ -7,8 +7,8 @@ info:
description: Easy Social Feed < 6.2.7 is susceptible to reflected cross-site scripting because the plugin does not sanitize and escape a parameter before outputting it back in an admin dashboard page, leading to it being executed in the context of a logged admin or editor.
reference:
- https://wpscan.com/vulnerability/6dd00198-ef9b-4913-9494-e08a95e7f9a0
- https://www.cvedetails.com/cve/CVE-2021-25120/
- https://wpscan.com/vulnerability/0ad020b5-0d16-4521-8ea7-39cd206ab9f6
- https://nvd.nist.gov/vuln/detail/CVE-2021-25120
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1

1
cves/2021/CVE-2021-36749.yaml
View File

@ -6,7 +6,6 @@ info:
severity: medium
description: Apache Druid ingestion system is vulnerable to local file inclusion. The InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1.
reference:
- https://www.cvedetails.com/cve/CVE-2021-36749/
- https://github.com/BrucessKING/CVE-2021-36749
- https://lists.apache.org/thread.html/rc9400a70d0ec5cdb8a3486fc5ddb0b5282961c0b63e764abfbcb9f5d%40%3Cdev.druid.apache.org%3E
- https://nvd.nist.gov/vuln/detail/CVE-2021-36749

2
cves/2021/CVE-2021-39501.yaml
View File

@ -7,8 +7,8 @@ info:
description: EyouCMS 1.5.4 is vulnerable to an Open Redirect vulnerability. An attacker can redirect a user to a malicious url via the Logout function.
reference:
- https://github.com/eyoucms/eyoucms/issues/17
- https://www.cvedetails.com/cve/CVE-2021-39501
- https://github.com/KietNA-HPT/CVE
- https://nvd.nist.gov/vuln/detail/CVE-2021-39501
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1

4
cves/2021/CVE-2021-46068.yaml
View File

@ -33,7 +33,7 @@ requests:
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
id=1&firstname=Adminstrator%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&lastname=Admin&username=admin
id=1&firstname=Administrator%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&lastname=Admin&username=admin
- |
GET /admin/?page=user HTTP/1.1
@ -49,5 +49,5 @@ requests:
dsl:
- "contains(all_headers_3, 'text/html')"
- "status_code_3 == 200"
- 'contains(body_3, "Adminstrator\"><script>alert(document.domain)</script> Admin")'
- 'contains(body_3, "Administrator\"><script>alert(document.domain)</script> Admin")'
condition: and

2
cves/2022/CVE-2022-0692.yaml
View File

@ -7,7 +7,7 @@ info:
description: An open redirect vulnerability exists in Rudloff/alltube that could let an attacker construct a URL within the application that causes redirection to an arbitrary external domain via Packagist in versions prior to 3.0.1.
reference:
- https://huntr.dev/bounties/4fb39400-e08b-47af-8c1f-5093c9a51203/
- https://www.cvedetails.com/cve/CVE-2022-0692
- https://nvd.nist.gov/vuln/detail/CVE-2022-0692
- https://huntr.dev/bounties/4fb39400-e08b-47af-8c1f-5093c9a51203
- https://github.com/rudloff/alltube/commit/bc14b6e45c766c05757fb607ef8d444cbbfba71a
classification:

10
vulnerabilities/wordpress/404-to-301-xss.yaml
View File

@ -1,13 +1,17 @@
id: 404-to-301-xss
info:
name: 404 to 301 < 3.1.2 - Reflected Cross-Site Scripting
name: WordPress 404 to 301 Log Manager <3.1.2 - Cross-Site Scripting
author: Akincibor
severity: medium
description: The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting.
description: WordPress 404 to 301 Log Manager 3.1.2 does not escape some URLs before outputting them back in attributes, leading to reflected cross-site scripting.
reference:
- https://wpscan.com/vulnerability/4a310b4f-79fa-4b74-93f8-e4522921abe1
- https://wordpress.org/plugins/404-to-301
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: wpscan,wp-plugin,xss,wp,wordpress,authenticated
requests:
@ -42,3 +46,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/07

8
vulnerabilities/wordpress/analytify-plugin-xss.yaml
View File

@ -5,12 +5,16 @@ info:
author: Akincibor
severity: medium
description: |
The plugin does not escape the current URL before outputting it back in a 404 page when the 404 tracking feature is enabled, leading to Reflected Cross-Site Scripting.
WordPress Analytify 4.2.1 does not escape the current URL before outputting it back in a 404 page when the 404 tracking feature is enabled, leading to reflected cross-site scripting.
reference:
- https://wpscan.com/vulnerability/b8415ed5-6fd0-42fe-9201-73686c1871c5
metadata:
verified: true
google-dork: inurl:/wp-content/plugins/wp-analytify
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: wp,wordpress,analytify,wpscan,wp-plugin,xss
requests:
@ -35,3 +39,5 @@ requests:
- type: status
status:
- 404
# Enhanced by mp on 2022/09/07

10
vulnerabilities/wordpress/avchat-video-chat-xss.yaml
View File

@ -1,16 +1,20 @@
id: avchat-video-chat-xss
info:
name: AVChat Video Chat 1.4.1 - index_popup.php Multiple Parameters Reflected XSS
name: WordPress AVChat Video Chat 1.4.1 - Cross-Site Scripting
author: DhiyaneshDK
severity: medium
description: |
The Community Lite Video Chat WordPress plugin was affected by an index_popup.php Multiple Parameters Reflected XSS security vulnerability.
WordPress AVChat Video Chat 1.4.1 is vulnerable to reflected cross-site scripting via index_popup.php and multiple parameters.
reference:
- https://codevigilant.com/disclosure/wp-plugin-avchat-3-a3-cross-site-scripting-xss/
- https://wpscan.com/vulnerability/fce99c82-3958-4c17-88d3-6e8fa1a11e59
metadata:
verified: true
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: xss,,wp,wpscan,wordpress,wp-plugin
@ -34,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/07

10
vulnerabilities/wordpress/calameo-publications-xss.yaml
View File

@ -1,17 +1,21 @@
id: calameo-publications-xss
info:
name: Manage Calameo Publications 1.1.0 - thickbox_content.php attachment_id Parameter Reflected XSS
name: WordPress Manage Calameo Publications 1.1.0 - Cross-Site Scripting
author: DhiyaneshDK
severity: medium
description: |
The Manage Calameo Publications by Athlon WordPress plugin was affected by a thickbox_content.php attachment_id Parameter Reflected XSS security vulnerability.
WordPress Manage Calameo Publications 1.1.0 is vulnerable to reflected cross-site scripting via thickbox_content.php and the attachment_id parameter.
reference:
- https://codevigilant.com/disclosure/wp-plugin-athlon-manage-calameo-publications-a3-cross-site-scripting-xss/
- https://wpscan.com/vulnerability/83343eb3-bb4c-4b82-adf6-745882f872cc
- https://wordpress.org/plugins/athlon-manage-calameo-publications/
metadata:
verified: true
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: wordpress,wp-plugin,xss,wp,wpscan
requests:
@ -34,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/07

10
vulnerabilities/wordpress/checkout-fields-manager-xss.yaml
View File

@ -1,15 +1,19 @@
id: checkout-fields-manager-xss
info:
name: Checkout Fields Manager for WooCommerce < 5.5.7 - Reflected Cross-Site Scripting
name: WordPress Checkout Fields Manager for WooCommerce <5.5.7 - Cross-Site Scripting
author: Akincibor
severity: medium
description: The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting.
description: WordPress Checkout Fields Manager for WooCommerce 5.5.7 does not escape some URLs before outputting them back in attributes, leading to reflected cross-site scripting.
reference:
- https://wpscan.com/vulnerability/ea617acd-348a-4060-a8bf-08ab3b569577
- https://wordpress.org/plugins/woocommerce-checkout-manager
metadata:
verified: true
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: xss,wp,wordpress,authenticated,woocommerce,wpscan,wp-plugin
requests:
@ -42,3 +46,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/07

10
vulnerabilities/wordpress/clearfy-cache-xss.yaml
View File

@ -1,13 +1,17 @@
id: clearfy-cache-xss
info:
name: Clearfy Cache < 2.0.5 - Reflected Cross-Site Scripting
name: WordPress Clearfy Cache <2.0.5 - Cross-Site Scripting
author: Akincibor
severity: medium
description: The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting.
description: WordPress Clearfy Cache 2.0.5 does not escape some URLs before outputting them back in attributes, leading to reflected cross-site scripting.
reference:
- https://wpscan.com/vulnerability/a59e7102-13d6-4f1e-b7b1-75eae307e516
- https://wordpress.org/plugins/clearfy
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: xss,wp,wordpress,authenticated,clearfy-cache,wpscan,wp-plugin
requests:
@ -42,3 +46,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/07

10
vulnerabilities/wordpress/curcy-xss.yaml
View File

@ -1,15 +1,19 @@
id: curcy-xss
info:
name: CURCY < 2.1.18 - Reflected Cross-Site Scripting
name: WordPress CURCY - Multi Currency for WooCommerce <2.1.18 - Cross-Site Scripting
author: Akincibor
severity: medium
description: The plugin does not escape some generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting.
description: WordPress CURCY - Multi Currency for WooCommerce 2.1.18 does not escape some generated URLs before outputting them back in attributes, leading to reflected cross-site scripting.
reference:
- https://wpscan.com/vulnerability/6ebafb52-e167-40bc-a86c-b9840b2b9b37
- https://wordpress.org/plugins/woo-multi-currency
metadata:
verified: true
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: wp-plugin,xss,wp,wordpress,authenticated,curcy,wpscan
requests:
@ -42,3 +46,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/07

9
vulnerabilities/wordpress/flow-flow-social-stream-xss.yaml
View File

@ -1,11 +1,16 @@
id: flow-flow-social-stream-xss
info:
name: Flow-Flow Social Stream <= 3.0.71 - Cross-Site Scripting
name: WordPress Flow-Flow Social Stream <=3.0.71 - Cross-Site Scripting
author: alph4byt3
severity: medium
description: WordPress Flow-Flow Social Stream 3.0.7.1 and prior is vulnerable to cross-site scripting.
reference:
- https://wpscan.com/vulnerability/8354b34e-40f4-4b70-bb09-38e2cf572ce9
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: xss,wordpress,wpscan
requests:
@ -30,3 +35,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/07

10
vulnerabilities/wordpress/members-list-xss.yaml
View File

@ -1,12 +1,16 @@
id: members-list-xss
info:
name: Members List < 4.3.7 - Reflected Cross-Site Scripting
name: WordPress Members List <4.3.7 - Cross-Site Scripting
author: Akincibor
severity: medium
description: The plugin does not sanitise and escape some parameters in various pages before outputting them back, leading to Reflected Cross-Site Scripting issues.
description: WordPress Members List 4.3.7 does not sanitize and escape some parameters in various pages before outputting them back, leading to reflected cross-site scripting vulnerabilities.
reference:
- https://wpscan.com/vulnerability/d13f26f0-5d91-49d7-b514-1577d4247648
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: wp,wordpress,wp-plugin,xss,wpscan
requests:
@ -31,3 +35,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/07

10
vulnerabilities/wordpress/modula-image-gallery-xss.yaml
View File

@ -1,15 +1,19 @@
id: modula-image-gallery-xss
info:
name: Modula Image Gallery < 2.6.7 - Reflected Cross-Site Scripting
name: WordPress Modula Image Gallery <2.6.7 - Cross-Site Scripting
author: Akincibor
severity: medium
description: The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting.
description: WordPress Modula Image Gallery 2.6.7 does not escape some URLs before outputting them back in attributes, leading to reflected cross-site scripting.
reference:
- https://wpscan.com/vulnerability/ee248078-89ee-4cc0-b0fe-e932cd00db3e
- https://wordpress.org/plugins/modula-best-grid-gallery
metadata:
verified: true
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: authenticated,wpscan,wp-plugin,xss,wp,wordpress
requests:
@ -42,3 +46,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/07

10
vulnerabilities/wordpress/new-user-approve-xss.yaml
View File

@ -1,15 +1,19 @@
id: new-user-approve-xss
info:
name: New User Approve < 2.4.1 - Reflected Cross-Site Scripting
name: WordPress New User Approve <2.4.1 - Cross-Site Scripting
author: Akincibor
severity: medium
description: The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting.
description: WordPress New User Approve 2.4.1 does not escape some URLs before outputting them back in attributes, leading to reflected cross-site scripting.
reference:
- https://wpscan.com/vulnerability/17f99601-f5c9-4300-9b4a-6d75fa7ab94a
- https://wordpress.org/plugins/new-user-approve
metadata:
verified: true
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: wordpress,xss,authenticated,wp-plugin,wpscan,wp
requests:
@ -43,3 +47,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/07

8
vulnerabilities/wordpress/sassy-social-share.yaml
View File

@ -5,9 +5,13 @@ info:
author: Random_Robbie
severity: medium
description: |
AJAX endpoints which returns JSON data has no Content-Type header set, and uses default text/html. Any JSON that has HTML will be rendered as such.
WordPress Sassy Social Share 3.3.3 and prior is vulnerable to cross-site scripting because certain AJAX endpoints return JSON data with no Content-Type header set and then use the default text/html. In other words, any JSON that has HTML will be rendered as such.
reference:
- https://wpscan.com/vulnerability/4631519b-2060-43a0-b69b-b3d7ed94c705
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: xss,wp,wpscan,wordpress,wp-plugin,sassy
requests:
@ -34,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/07

10
vulnerabilities/wordpress/seo-redirection-xss.yaml
View File

@ -1,14 +1,18 @@
id: seo-redirection-xss
info:
name: WordPress SEO Redirection < 7.4 - Reflected Cross-Site Scripting
name: WordPress SEO Redirection <7.4 - Cross-Site Scripting
author: DhiyaneshDK
severity: medium
description: |
The plugin does not escape the tab parameter before outputting it back in JavaScript code, leading to a Reflected Cross-Site Scripting issue.
WordPress SEO Redirection 7.4 does not escape the tab parameter before outputting it back in JavaScript code, leading to a reflected cross-site scripting vulnerability.
remediation: Fixed in version 7.4.
reference:
- https://wpscan.com/vulnerability/b694b9c0-a367-468c-99c2-6ba35bcf21ea
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: wordpress,xss,wp-plugin,authenticated,wpscan
requests:
@ -52,3 +56,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/07

10
vulnerabilities/wordpress/shortpixel-image-optimizer-xss.yaml
View File

@ -1,15 +1,19 @@
id: shortpixel-image-optimizer-xss
info:
name: ShortPixel Image Optimizer < 4.22.10 - Reflected Cross-Site Scripting
name: WordPress ShortPixel Image Optimizer <4.22.10 - Cross-Site Scripting
author: Akincibor
severity: medium
description: The plugin does not escape a generated URLs before outputting them back in an attribute, leading to Reflected Cross-Site Scripting.
description: WordPress ShortPixel Image Optimizer 4.22.10 does not escape generated URLs before outputting them back in an attribute, leading to reflected cross-site scripting.
reference:
- https://wpscan.com/vulnerability/8a0ddd14-7260-4fb6-bb87-2916aa41ff01
- https://wordpress.org/plugins/shortpixel-image-optimiser
metadata:
verified: true
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: shortpixel,authenticated,wpscan,xss,wp-plugin,wp,wordpress
requests:
@ -42,3 +46,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/07

10
vulnerabilities/wordpress/woocommerce-pdf-invoices-xss.yaml
View File

@ -1,13 +1,17 @@
id: woocommerce-pdf-invoices-xss
info:
name: WooCommerce PDF Invoices & Packing Slips < 2.15.0 - Reflected Cross-Site Scripting
name: WordPress WooCommerce PDF Invoices & Packing Slips <2.15.0 - Cross-Site Scripting
author: Akincibor
severity: medium
description: The plugin does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.
description: WordPress WooCommerce PDF Invoices & Packing Slips 2.15.0 does not escape some URLs before outputting them in attributes, leading to reflected cross-site scripting.
reference:
- https://wpscan.com/vulnerability/bc05dde0-98a2-46e3-b2c8-7bdc8c32394b
- https://wordpress.org/plugins/woocommerce-pdf-invoices-packing-slips/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: xss,wp,wordpress,woocommerce,authenticated,wpscan,wp-plugin
requests:
@ -43,3 +47,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/07

9
vulnerabilities/wordpress/wordpress-wordfence-waf-bypass-xss.yaml
View File

@ -1,11 +1,16 @@
id: wordpress-wordfence-waf-bypass-xss
info:
name: Wordpress Wordfence WAF - Cross-Site Scripting
name: Wordpress Wordfence - Cross-Site Scripting
author: hackergautam
severity: medium
description: Wordpress Wordfence is vulnerable to cross-site scripting.
reference:
- https://twitter.com/naglinagli/status/1382082473744564226
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: wordpress,wordfence,xss,bypass
requests:
@ -28,3 +33,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/07

9
vulnerabilities/wordpress/wordpress-wordfence-xss.yaml
View File

@ -1,9 +1,14 @@
id: wordpress-wordfence-xss
info:
name: WordPress Wordfence 7.4.6 Cross Site Scripting
name: WordPress Wordfence 7.4.6 - Cross Site Scripting
author: madrobot
severity: medium
description: WordPress Wordfence 7.4.6 is vulnerable to cross-site scripting.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: wordpress,wp-plugin,xss,wordfence
requests:
@ -26,3 +31,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/07

10
vulnerabilities/wordpress/wordpress-zebra-form-xss.yaml
View File

@ -1,14 +1,18 @@
id: wordpress-zebra-form-xss
info:
name: Zebra_Form Library <= 2.9.8 - Cross-Site Scripting (XSS)
name: Zebra_Form PHP Library <= 2.9.8 - Cross-Site Scripting
author: madrobot
severity: medium
description: |
The Zebra_Form PHP library v2.9.8 (latest) and below, used by some WordPress plugins, is affected by reflected Cross-Site Scripting issues in its process.php file.
Zebra_Form PHP library 2.9.8 and prior (which is used by some WordPress plugins) is affected by reflected cross-site scripting vulnerabilities via process.php.
reference:
- https://blog.wpscan.com/2021/02/15/zebra-form-xss-wordpress-vulnerability-affects-multiple-plugins.html
- https://wpscan.com/vulnerability/e4b796fa-3215-43ff-a6aa-71f6e1db25e5
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: wordpress,xss,wp,wpscan
requests:
@ -41,3 +45,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/07

10
vulnerabilities/wordpress/wp-all-export-xss.yaml
View File

@ -1,14 +1,18 @@
id: wp-all-export-xss
info:
name: WP All Export < 1.3.6 - Reflected Cross-Site Scripting
name: WordPress All Export <1.3.6 - Cross-Site Scripting
author: Akincibor
severity: medium
description: The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting.
description: WordPress All Export plugin before version 1.3.6 does not escape some URLs before outputting them back in attributes, leading to reflected cross-site scripting.
metadata:
verified: true
reference:
- https://wpscan.com/vulnerability/de330a59-d64d-40be-86df-98997949e5e4
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: wp-plugin,xss,wp,wordpress,authenticated,wpscan
requests:
@ -44,3 +48,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/07

10
vulnerabilities/wordpress/wp-ambience-xss.yaml
View File

@ -1,14 +1,18 @@
id: wp-ambience-xss
info:
name: WordPress Theme Ambience <= 1.0 - Cross-Site Scripting (XSS)
name: WordPress Ambience Theme <=1.0 - Cross-Site Scripting
author: daffainfo
severity: medium
description: |
The ambience WordPress theme was affected by a Cross-Site Scripting (XSS) security vulnerability.
WordPress Ambience Theme 1.0 and earlier was affected by a cross-site scripting vulnerability.
reference:
- https://www.exploit-db.com/expl oits/38568
- https://wpscan.com/vulnerability/c465e5c1-fe43-40e9-894a-97b8ac462381
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: wp-plugin,wp,edb,wpscan,wordpress,xss
requests:
@ -31,3 +35,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/07

14
vulnerabilities/wordpress/wp-blogroll-fun-xss.yaml
View File

@ -1,17 +1,21 @@
id: wp-blogroll-fun-xss
info:
name: WordPress Plugin Blogroll Fun-Show Last Post and Last Update Time (0.8.4) - Cross-Site Scripting
name: WordPress Blogroll Fun-Show Last Post and Last Update Time 0.8.4 - Cross-Site Scripting
author: DhiyaneshDK
severity: medium
severity: high
description: |
WordPress Plugin Blogroll Fun-Show Last Post and Last Update Time is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress Plugin Blogroll Fun-Show Last Post and Last Update Time version 0.8.4 is vulnerable; prior versions may also be affected.
remediation: Update to plugin version 0.8.5 or latest
WordPress Plugin Blogroll Fun-Show Last Post and Last Update Time 0.8.4 and possibly prior versions are prone to a cross-site scripting vulnerability because of a failure to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
remediation: Update to plugin version 0.8.5 or later.
reference:
- https://codevigilant.com/disclosure/wp-plugin-blogroll-fun-a3-cross-site-scripting-xss/
- https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-blogroll-fun-show-last-post-and-last-update-time-cross-site-scripting-0-8-4/
metadata:
verified: true
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: wordpress,wp-plugin,xss,unauth,wp
requests:
@ -34,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/07