Dashboard Content Enhancements (#5324)
Dashboard Content Enhancements * dos2nix on several templates * replacing some cvedetails links with NISTpatch-1
parent
0f365a29a4
commit
554c11c57b
|
@ -10,7 +10,7 @@ info:
|
|||
- https://www.exploit-db.com/exploits/5194
|
||||
- https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2008-1059
|
||||
- http://secunia.com/advisories/29099
|
||||
- https://web.archive.org/web/20090615225856/http://secunia.com/advisories/29099/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
|
|
@ -1,16 +1,15 @@
|
|||
id: CVE-2008-1061
|
||||
|
||||
info:
|
||||
name: Wordpress Plugin Sniplets 1.2.2 - Cross-Site Scripting
|
||||
name: WordPress Sniplets <=1.2.2 - Cross-Site Scripting
|
||||
author: dhiyaneshDK
|
||||
severity: medium
|
||||
description: |
|
||||
Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to (a) warning.php, (b) notice.php, and (c) inset.php in view/sniplets/, and possibly (d) modules/execute.php; the (2) url parameter to (e) view/admin/submenu.php; and the (3) page parameter to (f) view/admin/pager.php.
|
||||
WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/5194
|
||||
- https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2008-1061
|
||||
- http://secunia.com/advisories/29099
|
||||
classification:
|
||||
cve-id: CVE-2008-1061
|
||||
tags: xss,wp-plugin,wp,edb,wpscan,cve,cve2008,wordpress,sniplets
|
||||
|
@ -35,3 +34,6 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -7,8 +7,8 @@ info:
|
|||
description: A directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/35945
|
||||
- https://www.cvedetails.com/cve/CVE-2011-2744
|
||||
- http://www.openwall.com/lists/oss-security/2011/07/13/6
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2011-2744
|
||||
- http://web.archive.org/web/20140723162411/http://secunia.com/advisories/45184/
|
||||
classification:
|
||||
cve-id: CVE-2011-2744
|
||||
|
|
|
@ -7,9 +7,9 @@ info:
|
|||
description: A directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/36598
|
||||
- https://www.cvedetails.com/cve/CVE-2011-4804
|
||||
- http://web.archive.org/web/20140802122115/http://secunia.com/advisories/46844/
|
||||
- http://web.archive.org/web/20210121214308/https://www.securityfocus.com/bid/48944/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2011-4804
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2011-4804
|
||||
|
|
|
@ -7,9 +7,9 @@ info:
|
|||
description: An absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/108631/
|
||||
- https://www.cvedetails.com/cve/CVE-2012-0896
|
||||
- http://web.archive.org/web/20140804110141/http://secunia.com/advisories/47529/
|
||||
- http://plugins.trac.wordpress.org/changeset/488883/count-per-day
|
||||
- https://https://nvd.nist.gov/vuln/detail/CVE-2012-0896
|
||||
classification:
|
||||
cve-id: CVE-2012-0896
|
||||
metadata:
|
||||
|
|
|
@ -8,7 +8,6 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/26955
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2013-5979
|
||||
- https://www.cvedetails.com/cve/CVE-2013-5979
|
||||
- https://bugs.launchpad.net/xibo/+bug/1093967
|
||||
classification:
|
||||
cve-id: CVE-2013-5979
|
||||
|
|
|
@ -7,7 +7,6 @@ info:
|
|||
description: A directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impacts via a .. (dot dot) in the url parameter to photoalbum/index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/30865
|
||||
- https://www.cvedetails.com/cve/CVE-2014-10037
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-10037
|
||||
- http://www.exploit-db.com/exploits/30865
|
||||
classification:
|
||||
|
|
|
@ -8,7 +8,6 @@ info:
|
|||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-5368
|
||||
- https://www.exploit-db.com/exploits/39287
|
||||
- https://www.cvedetails.com/cve/CVE-2014-5368
|
||||
- http://seclists.org/oss-sec/2014/q3/417
|
||||
classification:
|
||||
cve-id: CVE-2014-5368
|
||||
|
|
|
@ -8,7 +8,6 @@ info:
|
|||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2014-8799
|
||||
- https://www.exploit-db.com/exploits/35346
|
||||
- https://www.cvedetails.com/cve/CVE-2014-8799
|
||||
- https://wordpress.org/plugins/dukapress/changelog/
|
||||
classification:
|
||||
cve-id: CVE-2014-8799
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
id: CVE-2015-4127
|
||||
|
||||
info:
|
||||
name: WordPress Plugin church_admin - Cross-Site Scripting (XSS)
|
||||
name: WordPress Church Admin <0.810 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: |
|
||||
Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/.
|
||||
WordPress Church Admin plugin before 0.810 allows remote attackers to inject arbitrary web script or HTML via the address parameter via index.php/2015/05/21/church_admin-registration-form/.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/37112
|
||||
- https://wpscan.com/vulnerability/2d5b3707-f58a-4154-93cb-93f7058e3408
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-4127
|
||||
- https://wordpress.org/plugins/church-admin/changelog/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-4127
|
||||
classification:
|
||||
cve-id: CVE-2015-4127
|
||||
tags: wp-plugin,wp,edb,wpscan,cve,cve2015,wordpress,xss
|
||||
|
@ -35,3 +35,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -7,7 +7,6 @@ info:
|
|||
description: SAP xMII 15.0 for SAP NetWeaver 7.4 is susceptible to a local file inclusion vulnerability in the GetFileList function. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to /Catalog, aka SAP Security Note 2230978.
|
||||
reference:
|
||||
- https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
|
||||
- https://www.cvedetails.com/cve/CVE-2016-2389
|
||||
- http://packetstormsecurity.com/files/137046/SAP-MII-15.0-Directory-Traversal.html
|
||||
- https://www.exploit-db.com/exploits/39837/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-2389
|
||||
|
|
|
@ -6,9 +6,9 @@ info:
|
|||
severity: high
|
||||
description: Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile
|
||||
reference:
|
||||
- https://www.cvedetails.com/cve/CVE-2016-6601
|
||||
- https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt
|
||||
- https://www.exploit-db.com/exploits/40229/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-6601
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2017-11629
|
||||
|
||||
info:
|
||||
name: FineCms 5.0.10 - Cross Site Scripting
|
||||
name: FineCMS <=5.0.10 - Cross-Site Scripting
|
||||
author: ritikchaddha
|
||||
severity: medium
|
||||
description: |
|
||||
dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request.
|
||||
FineCMS through 5.0.10 contains a cross-site scripting vulnerability in controllers/api.php via the function parameter in a c=api&m=data2 request.
|
||||
reference:
|
||||
- http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#URL-Redirector-Abuse
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-11629/
|
||||
- http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#api-php-Reflected-XSS
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-11629/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -39,3 +39,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2018-19386
|
||||
|
||||
info:
|
||||
name: SolarWinds Database Performance Analyzer 11.1. 457 - Cross Site Scripting
|
||||
name: SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
|
||||
description: SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
|
||||
reference:
|
||||
- https://www.cvedetails.com/cve/CVE-2018-19386/
|
||||
- https://i.imgur.com/Y7t2AD6.png
|
||||
- https://medium.com/greenwolf-security/reflected-xss-in-solarwinds-database-performance-analyzer-988bd7a5cd5
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-19386
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -29,3 +30,5 @@ requests:
|
|||
- type: word
|
||||
words:
|
||||
- '<a href="javascript:alert(document.domain)//'
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2018-19439
|
||||
|
||||
info:
|
||||
name: Cross Site Scripting in Oracle Secure Global Desktop Administration Console
|
||||
name: Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting
|
||||
author: madrobot,dwisiswant0
|
||||
severity: medium
|
||||
description: XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4)
|
||||
description: Oracle Secure Global Desktop Administration Console 4.4 contains a reflected cross-site scripting vulnerability in helpwindow.jsp via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.
|
||||
reference:
|
||||
- http://web.archive.org/web/20210124221313/https://www.securityfocus.com/bid/106006/
|
||||
- http://seclists.org/fulldisclosure/2018/Nov/58
|
||||
- http://packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-Administration-Console-4.4-Cross-Site-Scripting.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-19439
|
||||
remediation: Fixed in later versions including 5.4.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -25,3 +26,5 @@ requests:
|
|||
words:
|
||||
- "<script>alert(1337)</script><!--</TITLE>"
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -5,10 +5,11 @@ info:
|
|||
author: arafatansari
|
||||
severity: medium
|
||||
description: |
|
||||
DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via assets/add/account-owner.php Owner name field.
|
||||
DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/account-owner.php Owner name field.
|
||||
reference:
|
||||
- https://github.com/domainmod/domainmod/issues/81
|
||||
- https://www.exploit-db.com/exploits/45941/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-19749
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 4.8
|
||||
|
@ -49,3 +50,5 @@ requests:
|
|||
- 'contains(all_headers_3, "text/html")'
|
||||
- "contains(body_3, '><script>alert(document.domain)</script></a>')"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -5,11 +5,11 @@ info:
|
|||
author: arafatansari
|
||||
severity: medium
|
||||
description: |
|
||||
DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via /admin/ssl-fields/add.php Display Name, Description & Notes fields parameters.
|
||||
DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /admin/ssl-fields/add.php Display Name, Description & Notes field parameters.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45947/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-19751
|
||||
- https://github.com/domainmod/domainmod/issues/83
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-19751
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 4.8
|
||||
|
@ -58,3 +58,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -5,11 +5,11 @@ info:
|
|||
author: arafatansari
|
||||
severity: medium
|
||||
description: |
|
||||
DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes,registrar field.
|
||||
DomainMOD through 4.11.01 contains a cross-site scripting vulnerability via the assets/add/registrar.php notes field for Registrar.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-19752
|
||||
- https://github.com/domainmod/domainmod/issues/84
|
||||
- https://www.exploit-db.com/exploits/45949/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-19752
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 4.8
|
||||
|
@ -57,3 +57,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2018-19877
|
||||
|
||||
info:
|
||||
name: Adiscon LogAnalyzer 4.1.7 - Cross Site Scripting
|
||||
name: Adiscon LogAnalyzer <4.1.7 - Cross-Site Scripting
|
||||
author: arafatansari
|
||||
severity: medium
|
||||
description: |
|
||||
Adiscon LogAnalyzer before 4.1.7 is affected by Cross-Site Scripting (XSS) in the 'referer' parameter of the login.php file.
|
||||
Adiscon LogAnalyzer before 4.1.7 contains a cross-site scripting vulnerability in the 'referer' parameter of the login.php file.
|
||||
reference:
|
||||
- https://loganalyzer.adiscon.com/news/loganalyzer-v4-1-7-v4-stable-released/
|
||||
- https://www.exploit-db.com/exploits/45958/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-19877
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -38,3 +39,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -5,10 +5,11 @@ info:
|
|||
author: arafatansari
|
||||
severity: medium
|
||||
description: |
|
||||
DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via /domain//admin/dw/add-server.php DisplayName parameters.
|
||||
DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /domain//admin/dw/add-server.php DisplayName parameters.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/45959
|
||||
- https://github.com/domainmod/domainmod/issues/85
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-19892
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 4.8
|
||||
|
@ -56,3 +57,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -5,10 +5,11 @@ info:
|
|||
author: arafatansari
|
||||
severity: medium
|
||||
description: |
|
||||
DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via assets/add/dns.php Profile Name or notes field.
|
||||
DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/dns.php Profile Name or notes field.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/46375/
|
||||
- https://github.com/domainmod/domainmod/issues/87
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-19914
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 4.8
|
||||
|
@ -49,3 +50,5 @@ requests:
|
|||
- 'contains(all_headers_3, "text/html")'
|
||||
- 'contains(body_3, "><script>alert(document.domain)</script></a>")'
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -7,8 +7,8 @@ info:
|
|||
description: Babel Multilingual site Babel All is affected by Open Redirection The impact is Redirection to any URL, which is supplied to redirect in a newurl parameter. The component is redirect The attack vector is The victim must open a link created by an attacker
|
||||
reference:
|
||||
- https://untrustednetwork.net/en/2019/02/20/open-redirection-vulnerability-in-babel/
|
||||
- https://www.cvedetails.com/cve/CVE-2019-1010290
|
||||
- http://dev.cmsmadesimple.org/project/files/729
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-1010290
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
|
|
@ -4,9 +4,10 @@ info:
|
|||
name: SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
|
||||
author: madrobot
|
||||
severity: medium
|
||||
description: SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS.
|
||||
description: SugarCRM Enterprise 9.0.0 contains a cross-site scripting vulnerability via mobile/error-not-supported-platform.html?desktop_url.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/47247
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-14974
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -27,3 +28,5 @@ requests:
|
|||
words:
|
||||
- "url = window.location.search.split(\"?desktop_url=\")[1]"
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
id: CVE-2019-15501
|
||||
|
||||
info:
|
||||
name: LSoft ListServ - XSS
|
||||
name: L-Soft LISTSERV <16.5-2018a - Cross-Site Scripting
|
||||
author: LogicalHunter
|
||||
severity: medium
|
||||
description: Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter.
|
||||
description: L-Soft LISTSERV before 16.5-2018a contains a reflected cross-site scripting vulnerability via the /scripts/wa.exe OK parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/47302
|
||||
- http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018a_WhatsNew.pdf
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15501
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-15501
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -36,3 +36,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2019-15811
|
||||
|
||||
info:
|
||||
name: DomainMOD 4.13.0 - Cross-Site Scripting
|
||||
name: DomainMOD <=4.13.0 - Cross-Site Scripting
|
||||
author: arafatansari
|
||||
severity: medium
|
||||
description: |
|
||||
DomainMOD 4.13.0 is vulnerable to Cross Site Scripting (XSS) via /reporting/domains/cost-by-month.php in Daterange parameters.
|
||||
DomainMOD through 4.13.0 contains a cross-site scripting vulnerability via /reporting/domains/cost-by-month.php in Daterange parameters.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/47325
|
||||
- https://github.com/domainmod/domainmod/issues/108
|
||||
- https://zerodays.lol/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-15811
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -44,3 +44,5 @@ requests:
|
|||
- 'contains(body_2, "value=\"\"onfocus=\"alert(document.domain)\"autofocus=")'
|
||||
- 'contains(body_2, "DomainMOD")'
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
id: CVE-2019-15889
|
||||
|
||||
info:
|
||||
name: WordPress Plugin Download Manager 2.9.93 - Reflected Cross-Site Scripting (XSS)
|
||||
name: WordPress Download Manager <2.9.94 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
|
||||
description: WordPress Download Manager plugin before 2.9.94 contains a cross-site scripting vulnerability via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
|
||||
reference:
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15889
|
||||
- https://www.cybersecurity-help.cz/vdb/SB2019041819
|
||||
- https://wordpress.org/plugins/download-manager/#developers
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-15889
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -36,3 +36,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
id: CVE-2019-16332
|
||||
|
||||
info:
|
||||
name: API Bearer Auth <= 20181229 - Reflected Cross-Site Scripting (XSS)
|
||||
name: WordPress API Bearer Auth <20190907 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
|
||||
description: WordPress API Bearer Auth plugin before 20190907 contains a cross-site scripting vulnerability. The server parameter is not correctly filtered in swagger-config.yaml.php.
|
||||
reference:
|
||||
- https://plugins.trac.wordpress.org/changeset/2152730
|
||||
- https://wordpress.org/plugins/api-bearer-auth/#developers
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-16332
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -35,3 +36,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2019-16525
|
||||
|
||||
info:
|
||||
name: Wordpress Plugin Checklist <= 1.1.5 - Reflected Cross-Site Scripting (XSS)
|
||||
name: WordPress Checklist <1.1.9 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code.
|
||||
description: WordPress Checklist plugin before 1.1.9 contains a cross-site scripting vulnerability. The fill parameter is not correctly filtered in the checklist-icon.php file.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-16525
|
||||
- https://wordpress.org/plugins/checklist/#developers
|
||||
- https://packetstormsecurity.com/files/154436/WordPress-Checklist-1.1.5-Cross-Site-Scripting.html
|
||||
- https://plugins.trac.wordpress.org/changeset/2155029/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-16525
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -37,3 +37,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
id: CVE-2019-16931
|
||||
|
||||
info:
|
||||
name: Visualizer < 3.3.1 - Stored Cross-Site Scripting (XSS)
|
||||
name: WordPress Visualizer <3.3.1 - Cross-Site Scripting
|
||||
author: ritikchaddha
|
||||
severity: medium
|
||||
description: |
|
||||
By abusing a lack of access controls on the /wp-json/visualizer/v1/update-chart WP-JSON API endpoint, an attacker can arbitrarily modify meta data of an existing chart, and inject a XSS payload to be stored and later executed when an admin goes to edit the chart.
|
||||
WordPress Visualizer plugin before 3.3.1 contains a stored cross-site scripting vulnerability via /wp-json/visualizer/v1/update-chart WP-JSON API endpoint. An unauthenticated attacker can execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/867e000d-d2f5-4d53-89b0-41d7d4163f44
|
||||
- https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-16931
|
||||
- https://wpvulndb.com/vulnerabilities/9893
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-16931
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -44,3 +44,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -7,7 +7,7 @@ info:
|
|||
description: Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view&dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/47467
|
||||
- https://www.cvedetails.com/cve/CVE-2019-17382/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-17382
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
||||
cvss-score: 9.1
|
||||
|
|
|
@ -9,7 +9,6 @@ info:
|
|||
reference:
|
||||
- https://atomic111.github.io/article/secudos-domos-directory_traversal
|
||||
- https://vuldb.com/?id.144804
|
||||
- https://www.cvedetails.com/cve/CVE-2019-18665
|
||||
- https://www.secudos.de/news-und-events/aktuelle-news/domos-release-5-6
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-18665
|
||||
classification:
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2019-19134
|
||||
|
||||
info:
|
||||
name: Hero Maps Premium < 2.2.3 - Unauthenticated Reflected Cross-Site Scripting (XSS)
|
||||
name: WordPress Hero Maps Premium <=2.2.1 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index.php p parameter because it fails to sufficiently sanitize user-supplied input - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
|
||||
description: WordPress Hero Maps Premium plugin 2.2.1 and prior contains an unauthenticated reflected cross-site scripting vulnerability via the views/dashboard/index.php p parameter.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/d179f7fe-e3e7-44b3-9bf8-aab2e90dbe01
|
||||
- https://www.hooperlabs.xyz/disclosures/cve-2019-19134.php
|
||||
- https://heroplugins.com/product/maps/
|
||||
- https://heroplugins.com/changelogs/hmaps/changelog.txt
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-19134
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -37,3 +38,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2019-19368
|
||||
|
||||
info:
|
||||
name: Rumpus FTP Web File Manager 8.2.9.1 XSS
|
||||
name: Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting
|
||||
author: madrobot
|
||||
severity: medium
|
||||
description: A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts
|
||||
description: Rumpus FTP Web File Manager 8.2.9.1 contains a reflected cross-site scripting vulnerability via the Login page. An attacker can send a crafted link to end users and can execute arbitrary JavaScript.
|
||||
reference:
|
||||
- https://github.com/harshit-shukla/CVE-2019-19368/
|
||||
- https://www.maxum.com/Rumpus/Download.html
|
||||
- http://packetstormsecurity.com/files/155719/Rumpus-FTP-Web-File-Manager-8.2.9.1-Cross-Site-Scripting.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-19368
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -29,3 +30,5 @@ requests:
|
|||
words:
|
||||
- "value=''><sVg/OnLoAD=alert`1337`//'>"
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2019-19908
|
||||
|
||||
info:
|
||||
name: phpMyChat-Plus - Cross-Site Scripting
|
||||
name: phpMyChat-Plus 1.98 - Cross-Site Scripting
|
||||
author: madrobot
|
||||
severity: medium
|
||||
description: phpMyChat-Plus 1.98 is vulnerable to reflected cross-site scripting (XSS) via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.
|
||||
description: phpMyChat-Plus 1.98 contains a cross-site scripting vulnerability via pmc_username parameter of pass_reset.php in password reset URL.
|
||||
reference:
|
||||
- https://cinzinga.github.io/CVE-2019-19908/
|
||||
- http://ciprianmp.com/
|
||||
- https://sourceforge.net/projects/phpmychat/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-19908
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -29,3 +30,5 @@ requests:
|
|||
words:
|
||||
- "<script>alert(1337)</script>"
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2019-20141
|
||||
|
||||
info:
|
||||
name: Neon Dashboard - Cross-Site Scripting
|
||||
name: WordPress Laborator Neon Theme 2.0 - Cross-Site Scripting
|
||||
author: knassar702
|
||||
severity: medium
|
||||
description: An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter.
|
||||
description: WordPress Laborator Neon theme 2.0 contains a cross-site scripting vulnerability via the data/autosuggest-remote.php q parameter.
|
||||
reference:
|
||||
- https://knassar7o2.blogspot.com/2019/12/neon-dashboard-cve-2019-20141.html
|
||||
- https://knassar7o2.blogspot.com/2019/12/neon-dashboard-xss-reflected.html
|
||||
- https://knassar702.github.io/cve/neon/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-20141
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -33,3 +34,5 @@ requests:
|
|||
words:
|
||||
- "text/html"
|
||||
part: header
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
id: CVE-2019-20210
|
||||
|
||||
info:
|
||||
name: CTHthemes CityBook < 2.3.4 - Reflected XSS
|
||||
name: WordPress CTHthemes - Cross-Site Scripting
|
||||
author: edoardottt
|
||||
severity: medium
|
||||
description: |
|
||||
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query.
|
||||
WordPress CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes contain reflected cross-site scripting vulnerabilities via a search query.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/10013
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-20210
|
||||
- https://wpvulndb.com/vulnerabilities/10018
|
||||
- https://cxsecurity.com/issue/WLB-2019120112
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-20210
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -40,3 +40,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
id: CVE-2019-3402
|
||||
|
||||
info:
|
||||
name: Jira - Reflected XSS using searchOwnerUserName parameter.
|
||||
name: Jira <8.1.1 - Cross-Site Scripting
|
||||
author: pdteam
|
||||
severity: medium
|
||||
description: The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.
|
||||
description: Jira before 8.1.1 contains a cross-site scripting vulnerability via ConfigurePortalPages.jspa resource in the searchOwnerUserName parameter.
|
||||
reference:
|
||||
- https://gist.github.com/0x240x23elu/891371d46a1e270c7bdded0469d8e09c
|
||||
- https://jira.atlassian.com/browse/JRASERVER-69243
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-3402
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -31,3 +32,5 @@ requests:
|
|||
words:
|
||||
- "<script>alert(1)</script>"
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,14 +1,12 @@
|
|||
id: CVE-2019-3911
|
||||
|
||||
info:
|
||||
name: LabKey Server < 18.3.0 - XSS
|
||||
name: LabKey Server Community Edition <18.3.0 - Cross-Site Scripting
|
||||
author: princechaddha
|
||||
severity: medium
|
||||
description: Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror
|
||||
parameter in the /__r2/query endpoints.
|
||||
description: LabKey Server Community Edition before 18.3.0-61806.763 contains a reflected cross-site scripting vulnerability via the onerror parameter in the /__r2/query endpoints, which allows an unauthenticated remote attacker to inject arbitrary JavaScript.
|
||||
reference:
|
||||
- https://www.tenable.com/security/research/tra-2019-03
|
||||
- https://www.cvedetails.com/cve/CVE-2019-3911
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-3911
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -17,24 +15,22 @@ info:
|
|||
metadata:
|
||||
shodan-query: 'Server: Labkey'
|
||||
tags: cve,cve2019,xss,labkey,tenable
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/__r2/query-printRows.view?schemaName=ListManager&query.queryName=ListManager&query.sort=Nameelk5q%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Ezp59r&query.containerFilterName=CurrentAndSubfolders&query.selectionKey=%24ListManager%24ListManager%24%24query&query.showRows=ALL'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "</script><script>alert(document.domain)</script>"
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by cs on 2022/09/07
|
||||
|
|
|
@ -1,26 +1,25 @@
|
|||
id: CVE-2019-7219
|
||||
|
||||
info:
|
||||
name: Zarafa WebApp Reflected XSS
|
||||
name: Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting
|
||||
author: pdteam
|
||||
severity: medium
|
||||
description: |
|
||||
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.
|
||||
Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
|
||||
reference:
|
||||
- https://github.com/verifysecurity/CVE-2019-7219
|
||||
- https://stash.kopano.io/repos?visibility=public
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-7219
|
||||
remediation: This is a discontinued product. The issue was fixed in later versions. However, some former Zarafa WebApp customers use the related Kopano product instead.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2019-7219
|
||||
cwe-id: CWE-79
|
||||
tags: cve,cve2019,zarafa,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/webapp/?fccc%27\%22%3E%3Csvg/onload=alert(/xss/)%3E'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
|
@ -31,7 +30,8 @@ requests:
|
|||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by cs on 2022/09/07
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2019-7543
|
||||
|
||||
info:
|
||||
name: KindEditor 4.1.11, the php/demo.php - (XSS)
|
||||
name: KindEditor 4.1.11 - Cross-Site Scripting
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability.
|
||||
description: KindEditor 4.1.11 contains a cross-site scripting vulnerability via the php/demo.php content1 parameter.
|
||||
reference:
|
||||
- https://github.com/0xUhaw/CVE-Bins/tree/master/KindEditor
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-7543
|
||||
|
@ -36,3 +36,5 @@ requests:
|
|||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2019-8937
|
||||
|
||||
info:
|
||||
name: HotelDruid 2.3.0 - XSS
|
||||
name: HotelDruid 2.3.0 - Cross-Site Scripting
|
||||
author: LogicalHunter
|
||||
severity: medium
|
||||
description: HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php.
|
||||
description: HotelDruid 2.3.0 contains a cross-site scripting vulnerability affecting nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/46429
|
||||
- https://www.exploit-db.com/exploits/46429/
|
||||
- https://sourceforge.net/projects/hoteldruid/
|
||||
- http://packetstormsecurity.com/files/151779/HotelDruid-2.3-Cross-Site-Scripting.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-8937
|
||||
metadata:
|
||||
verified: true
|
||||
classification:
|
||||
|
@ -44,3 +44,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,17 +1,16 @@
|
|||
id: CVE-2019-9955
|
||||
|
||||
info:
|
||||
name: Zyxel - Reflected Cross-site Scripting
|
||||
name: Zyxel - Cross-Site Scripting
|
||||
author: pdteam
|
||||
severity: medium
|
||||
description: On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security
|
||||
firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter.
|
||||
description: Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, and ZyWALL 1100 devices contain a reflected cross-site scripting vulnerability on the security firewall login page via the mp_idx parameter.
|
||||
reference:
|
||||
- http://packetstormsecurity.com/files/152525/Zyxel-ZyWall-Cross-Site-Scripting.html
|
||||
- http://seclists.org/fulldisclosure/2019/Apr/22
|
||||
- https://www.exploit-db.com/exploits/46706/
|
||||
- https://www.securitymetrics.com/blog/Zyxel-Devices-Vulnerable-Cross-Site-Scripting-Login-page
|
||||
- https://www.zyxel.com/support/reflected-cross-site-scripting-vulnerability-of-firewalls.shtml
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-9955
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -31,3 +30,5 @@ requests:
|
|||
- "\";alert('1');//"
|
||||
- "<title>Welcome</title>"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2019-9978
|
||||
|
||||
info:
|
||||
name: WordPress social-warfare RFI
|
||||
name: WordPress Social Warfare <3.5.3 - Cross-Site Scripting
|
||||
author: madrobot,dwisiswant0
|
||||
severity: medium
|
||||
description: The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.
|
||||
description: WordPress Social Warfare plugin before 3.5.3 contains a cross-site scripting vulnerability via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, affecting Social Warfare and Social Warfare Pro.
|
||||
reference:
|
||||
- https://github.com/mpgn/CVE-2019-9978
|
||||
- https://www.wordfence.com/blog/2019/03/unpatched-zero-day-vulnerability-in-social-warfare-plugin-exploited-in-the-wild/
|
||||
- https://www.pluginvulnerabilities.com/2019/03/21/full-disclosure-of-settings-change-persistent-cross-site-scripting-xss-vulnerability-in-social-warfare/
|
||||
- https://www.cybersecurity-help.cz/vdb/SB2019032105
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-9978
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -32,3 +33,5 @@ requests:
|
|||
part: interactsh_protocol
|
||||
words:
|
||||
- "http"
|
||||
|
||||
# Enhanced by mp on 2022/08/31
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2020-11110
|
||||
|
||||
info:
|
||||
name: Grafana Unauthenticated Stored XSS
|
||||
name: Grafana <=6.7.1 - Cross-Site Scripting
|
||||
author: emadshanab
|
||||
severity: medium
|
||||
description: Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
|
||||
description: Grafana through 6.7.1 contains an unauthenticated stored cross-site scripting vulnerability due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
|
||||
reference:
|
||||
- https://web.archive.org/web/20210717142945/https://ctf-writeup.revers3c.com/challenges/web/CVE-2020-11110/index.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-11110
|
||||
- https://github.com/grafana/grafana/blob/master/CHANGELOG.md
|
||||
- https://security.netapp.com/advisory/ntap-20200810-0002/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-11110
|
||||
remediation: This issue can be resolved by updating Grafana to the latest version.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
|
@ -57,3 +57,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- '"url":"([a-z:/0-9A-Z]+)"'
|
||||
|
||||
# Enhanced by mp on 2022/09/02
|
||||
|
|
|
@ -1,16 +1,17 @@
|
|||
id: CVE-2020-11930
|
||||
|
||||
info:
|
||||
name: WordPress Plugin "Translate WordPress with GTranslate" (gtranslate) XSS
|
||||
name: WordPress GTranslate <2.8.52 - Cross-Site Scripting
|
||||
author: dhiyaneshDK
|
||||
severity: medium
|
||||
description: |
|
||||
The GTranslate plugin before 2.8.52 for WordPress was vulnerable to an Unauthenticated Reflected XSS vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.
|
||||
WordPress GTranslate plugin before 2.8.52 contains an unauthenticated reflected cross-site scripting vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/10181
|
||||
- https://payatu.com/blog/gaurav/analysis-of-cve-2020-11930:-reflected-xss-in-gtranslate-wordpress-module
|
||||
- https://plugins.trac.wordpress.org/changeset/2245581/gtranslate
|
||||
- https://plugins.trac.wordpress.org/changeset/2245591/gtranslate
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-11930
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -36,3 +37,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/02
|
||||
|
|
|
@ -1,14 +1,16 @@
|
|||
id: CVE-2020-12054
|
||||
|
||||
info:
|
||||
name: Catch Breadcrumb < 1.5.7 - Unauthenticated Reflected XSS
|
||||
name: WordPress Catch Breadcrumb <1.5.4 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query).
|
||||
description: |
|
||||
WordPress Catch Breadcrumb plugin before 1.5.4 contains a reflected cross-site scripting vulnerability via the s parameter (a search query). Also affected are 16 themes if the plugin is enabled: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/30a83491-2f59-4c41-98bd-a9e6e5a609d4
|
||||
- https://wpvulndb.com/vulnerabilities/10184
|
||||
- https://cxsecurity.com/issue/WLB-2020040144
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-12054
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -38,3 +40,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/02
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2020-14408
|
||||
|
||||
info:
|
||||
name: Agentejo Cockpit 0.10.2 - Reflected XSS
|
||||
name: Agentejo Cockpit 0.10.2 - Cross-Site Scripting
|
||||
author: edoardottt
|
||||
severity: medium
|
||||
description: An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in the /auth/login route allows for injection of arbitrary JavaScript code into a web page's content, creating a Reflected XSS attack vector.
|
||||
description: Agentejo Cockpit 0.10.2 contains a reflected cross-site scripting vulnerability due to insufficient sanitization of the to parameter in the /auth/login route, which allows for injection of arbitrary JavaScript code into a web page's content.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -13,7 +13,6 @@ info:
|
|||
reference:
|
||||
- https://github.com/agentejo/cockpit/issues/1310
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-14408
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14408
|
||||
metadata:
|
||||
verified: true
|
||||
tags: cve,cve2022,cockpit,agentejo,xss,oss
|
||||
|
@ -39,3 +38,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/02
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2020-5191
|
||||
|
||||
info:
|
||||
name: Hospital Management System 4.0 - Cross-Site Scripting
|
||||
name: PHPGurukul Hospital Management System - Cross-Site Scripting
|
||||
author: TenBird
|
||||
severity: medium
|
||||
description: |
|
||||
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.
|
||||
PHPGurukul Hospital Management System in PHP 4.0 contains multiple cross-site scripting vulnerabilities. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/47841
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-5191
|
||||
- https://phpgurukul.com/hospital-management-system-in-php/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-5191
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -53,3 +53,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/02
|
||||
|
|
|
@ -1,21 +1,21 @@
|
|||
id: CVE-2020-8115
|
||||
|
||||
info:
|
||||
name: Revive Adserver XSS
|
||||
name: Revive Adserver <=5.0.3 - Cross-Site Scripting
|
||||
author: madrobot,dwisiswant0
|
||||
severity: medium
|
||||
description: |
|
||||
A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back without proper escaping in a JavaScript context, allowing an attacker to execute arbitrary JS code on the browser of the victim.
|
||||
Revive Adserver 5.0.3 and prior contains a reflected cross-site scripting vulnerability in the publicly accessible afr.php delivery script. In older versions, it is possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script is printed back without proper escaping, allowing an attacker to execute arbitrary JavaScript code on the browser of the victim.
|
||||
reference:
|
||||
- https://hackerone.com/reports/775693
|
||||
- https://www.revive-adserver.com/security/revive-sa-2020-001/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-8115
|
||||
remediation: There are currently no known exploits. As of 3.2.2, the session identifier cannot be accessed as it is stored in an http-only cookie.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2020-8115
|
||||
cwe-id: CWE-79
|
||||
tags: cve,cve2020,xss,hackerone
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
|
@ -29,3 +29,5 @@ requests:
|
|||
part: body
|
||||
regex:
|
||||
- (?mi)window\.location\.replace\(".*alert\(1337\)
|
||||
|
||||
# Enhanced by cs on 2022/09/07
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
id: CVE-2020-8191
|
||||
|
||||
info:
|
||||
name: Citrix ADC & NetScaler Gateway Reflected XSS
|
||||
name: Citrix ADC/Gateway - Cross-Site Scripting
|
||||
author: dwisiswant0
|
||||
severity: medium
|
||||
description: |
|
||||
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).
|
||||
Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 contain a cross-site scripting vulnerability due to improper input validation.
|
||||
reference:
|
||||
- https://support.citrix.com/article/CTX276688
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-8191
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -40,3 +41,5 @@ requests:
|
|||
words:
|
||||
- "text/html"
|
||||
part: header
|
||||
|
||||
# Enhanced by mp on 2022/09/02
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2020-8512
|
||||
|
||||
info:
|
||||
name: IceWarp WebMail XSS
|
||||
name: IceWarp WebMail Server <=11.4.4.1 - Cross-Site Scripting
|
||||
author: pdteam,dwisiswant0
|
||||
severity: medium
|
||||
description: In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.
|
||||
description: IceWarp Webmail Server through 11.4.4.1 contains a cross-site scripting vulnerability in the /webmail/ color parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/47988
|
||||
- https://twitter.com/sagaryadav8742/status/1275170967527006208
|
||||
- https://cxsecurity.com/issue/WLB-2020010205
|
||||
- https://packetstormsecurity.com/files/156103/IceWarp-WebMail-11.4.4.1-Cross-Site-Scripting.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-8512
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -36,3 +37,5 @@ requests:
|
|||
words:
|
||||
- "text/html"
|
||||
part: header
|
||||
|
||||
# Enhanced by mp on 2022/09/02
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2020-9036
|
||||
|
||||
info:
|
||||
name: Jeedom through 4.0.38 allows XSS
|
||||
name: Jeedom <=4.0.38 - Cross-Site Scripting
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: Jeedom through 4.0.38 allows XSS.
|
||||
description: Jeedom through 4.0.38 contains a cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
|
||||
reference:
|
||||
- https://sysdream.com/news/lab/2020-08-05-cve-2020-9036-jeedom-xss-leading-to-remote-code-execution/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-9036
|
||||
|
@ -35,3 +35,5 @@ requests:
|
|||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
# Enhanced by mp on 2022/09/02
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2020-9344
|
||||
|
||||
info:
|
||||
name: Jira Subversion ALM for enterprise XSS
|
||||
name: Jira Subversion ALM for Enterprise <8.8.2 - Cross-Site Scripting
|
||||
author: madrobot
|
||||
severity: medium
|
||||
description: Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations.
|
||||
description: Jira Subversion ALM for Enterprise before 8.8.2 contains a cross-site scripting vulnerability at multiple locations.
|
||||
reference:
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9344
|
||||
- https://kintosoft.atlassian.net/wiki/spaces/SVNALM/pages/753565697/Security+Bulletin
|
||||
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-007.txt
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-13483
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -40,3 +41,5 @@ requests:
|
|||
words:
|
||||
- "text/html"
|
||||
part: header
|
||||
|
||||
# Enhanced by md on 2022/09/02
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2020-9496
|
||||
|
||||
info:
|
||||
name: Apache OFBiz XML-RPC Java Deserialization
|
||||
name: Apache OFBiz 17.12.03 - Cross-Site Scripting
|
||||
author: dwisiswant0
|
||||
severity: medium
|
||||
description: XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
|
||||
description: Apache OFBiz 17.12.03 contains cross-site scripting and unsafe deserialization vulnerabilities via an XML-RPC request.
|
||||
reference:
|
||||
- http://packetstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserialization.html
|
||||
- http://packetstormsecurity.com/files/161769/Apache-OFBiz-XML-RPC-Java-Deserialization.html
|
||||
- https://securitylab.github.com/advisories/GHSL-2020-069-apache_ofbiz
|
||||
- https://s.apache.org/l0994
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-9496
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -43,3 +44,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by md on 2022/09/02
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
id: cisco-rv-series-rce
|
||||
id: CVE-2021-1472
|
||||
|
||||
info:
|
||||
name: Cisco Small Business RV Series - Authentication Bypass and Command Injection
|
|
@ -1,19 +1,19 @@
|
|||
id: CVE-2021-20137
|
||||
|
||||
info:
|
||||
name: Gryphon Tower - Reflected XSS
|
||||
name: Gryphon Tower - Cross-Site Scripting
|
||||
author: edoardottt
|
||||
severity: medium
|
||||
description: A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower router's web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker javascript execution in the context of the victim's browser.
|
||||
description: Gryphon Tower router web interface contains a reflected cross-site scripting vulnerability in the url parameter of the /cgi-bin/luci/site_access/ page. An attacker can exploit this issue by tricking a user into following a specially crafted link, granting the attacker JavaScript execution in the victim's browser.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2021-20137
|
||||
cwe-id: CWE-79
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-20137
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20137
|
||||
- https://www.tenable.com/security/research/tra-2021-51
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-20137
|
||||
tags: xss,tenable,cve,cve2021,gryphon
|
||||
|
||||
requests:
|
||||
|
@ -38,3 +38,5 @@ requests:
|
|||
- 'onfocus=alert(document.domain) autofocus=1>'
|
||||
- 'Send Access Request URL'
|
||||
condition: and
|
||||
|
||||
# Enhanced by md on 2022/09/02
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2021-20792
|
||||
|
||||
info:
|
||||
name: Quiz And Survey Master < 7.1.14 - Reflected Cross-Site Scripting
|
||||
name: WordPress Quiz and Survey Master <7.1.14 - Cross-Site Scripting
|
||||
author: dhiyaneshDK
|
||||
severity: medium
|
||||
description: Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors."
|
||||
description: WordPress Quiz and Survey Master plugin prior to 7.1.14 contains a cross-site scripting vulnerability which allows a remote attacker to inject arbitrary script via unspecified vectors.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/4deb3464-00ed-483b-8d91-f9dffe2d57cf
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-20792
|
||||
- https://quizandsurveymaster.com/
|
||||
- https://jvn.jp/en/jp/JVN65388002/index.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-20792
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -48,3 +48,5 @@ requests:
|
|||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
# Enhanced by mp on 2022/09/02
|
||||
|
|
|
@ -1,14 +1,13 @@
|
|||
id: CVE-2021-21799
|
||||
|
||||
info:
|
||||
name: Advantech R-SeeNet v 2.4.12 - Cross Site Scripting
|
||||
name: Advantech R-SeeNet 2.4.12 - Cross-Site Scripting
|
||||
author: arafatansari
|
||||
severity: medium
|
||||
description: |
|
||||
Advantech R-SeeNet v 2.4.12 is vulnerable to Refleced Cross Site Scripting in the telnet_form.php script functionality.
|
||||
Advantech R-SeeNet 2.4.12 contains a reflected cross-site scripting vulnerability in the telnet_form.php script functionality.
|
||||
reference:
|
||||
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1270
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21799
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-21799
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
|
@ -40,3 +39,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/02
|
||||
|
|
|
@ -1,14 +1,13 @@
|
|||
id: CVE-2021-21800
|
||||
|
||||
info:
|
||||
name: Advantech R-SeeNet v 2.4.12 - Cross Site Scripting
|
||||
name: Advantech R-SeeNet 2.4.12 - Cross-Site Scripting
|
||||
author: arafatansari
|
||||
severity: medium
|
||||
description: |
|
||||
Advantech R-SeeNet v 2.4.12 is vulnerable to Refleced Cross Site Scripting in the ssh_form.php script functionality.
|
||||
Advantech R-SeeNet 2.4.12 contains a reflected cross-site scripting vulnerability in the ssh_form.php script functionality.
|
||||
reference:
|
||||
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1271
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21800
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-21800
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
|
@ -40,3 +39,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/02
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
id: CVE-2021-21801
|
||||
|
||||
info:
|
||||
name: Advantech R-SeeNet graph parameter - Reflected Cross-Site Scripting (XSS)
|
||||
name: Advantech R-SeeNet - Cross-Site Scripting
|
||||
author: gy741
|
||||
severity: medium
|
||||
description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to
|
||||
arbitrary JavaScript code execution.
|
||||
description: Advantech R-SeeNet contains a cross-site scripting vulnerability in the device_graph_page.php script via the graph parameter. A specially crafted URL by an attacker can lead to arbitrary JavaScript code execution.
|
||||
reference:
|
||||
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-21801
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -37,3 +37,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/02
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
id: CVE-2021-21802
|
||||
|
||||
info:
|
||||
name: Advantech R-SeeNet device_id parameter - Reflected Cross-Site Scripting (XSS)
|
||||
name: Advantech R-SeeNet - Cross-Site Scripting
|
||||
author: gy741
|
||||
severity: medium
|
||||
description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to
|
||||
arbitrary JavaScript code execution.
|
||||
description: Advantech R-SeeNet contains a cross-site scripting vulnerability in the device_graph_page.php script via the device_id parameter. A specially crafted URL by an attacker can lead to arbitrary JavaScript code execution.
|
||||
reference:
|
||||
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-21801
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -37,3 +37,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/02
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
id: CVE-2021-21803
|
||||
|
||||
info:
|
||||
name: Advantech R-SeeNet is2sim parameter - Reflected Cross-Site Scripting (XSS)
|
||||
name: Advantech R-SeeNet - Cross-Site Scripting
|
||||
author: gy741
|
||||
severity: medium
|
||||
description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to
|
||||
arbitrary JavaScript code execution.
|
||||
description: Advantech R-SeeNet is vulnerable to cross-site scripting via the device_graph_page.php script via the is2sim parameter. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
|
||||
reference:
|
||||
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-21803
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -37,3 +37,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/02
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
id: CVE-2021-22122
|
||||
|
||||
info:
|
||||
name: FortiWeb v6.3.x-6.2.x Unauthenticated XSS
|
||||
name: FortiWeb - Cross-Site Scripting
|
||||
author: dwisiswant0
|
||||
severity: medium
|
||||
description: |
|
||||
An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated,
|
||||
remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points.
|
||||
FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points.
|
||||
reference:
|
||||
- https://www.fortiguard.com/psirt/FG-IR-20-122
|
||||
- https://twitter.com/ptswarm/status/1357316793753362433
|
||||
- https://fortiguard.com/advisory/FG-IR-20-122
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-22122
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -31,3 +31,5 @@ requests:
|
|||
- "No policy has been chosen."
|
||||
condition: and
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/09/02
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2021-24176
|
||||
|
||||
info:
|
||||
name: WordPress JH 404 Logger XSS
|
||||
name: WordPress JH 404 Logger <=1.1 - Cross-Site Scripting
|
||||
author: Ganofins
|
||||
severity: medium
|
||||
description: JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard.
|
||||
description: WordPress JH 404 Logger plugin through 1.1 contains a cross-site scripting vulnerability. Referer and path of 404 pages are not properly sanitized when they are output in the WordPress dashboard, which can lead to executing arbitrary JavaScript code.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/705bcd6e-6817-4f89-be37-901a767b0585
|
||||
- https://wordpress.org/plugins/jh-404-logger/
|
||||
- https://ganofins.com/blog/my-first-cve-2021-24176/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24176
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
|
@ -31,3 +32,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/02
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
id: CVE-2021-24235
|
||||
|
||||
info:
|
||||
name: Goto - Tour & Travel < 2.0 - Reflected Cross-Site Scripting (XSS)
|
||||
name: WordPress Goto Tour & Travel Theme <2.0 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: The Goto WordPress theme before 2.0 does not sanitise the keywords and start_date GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue.
|
||||
description: WordPress Goto Tour & Travel theme before 2.0 contains an unauthenticated reflected cross-site scripting vulnerability. It does not sanitize the keywords and start_date GET parameters on its Tour List page.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24235
|
||||
- https://wpscan.com/vulnerability/eece90aa-582b-4c49-8b7c-14027f9df139
|
||||
- https://m0ze.ru/vulnerability/[2021-02-10]-[WordPress]-[CWE-79]-Goto-WordPress-Theme-v1.9.txt
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24235
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -38,3 +38,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/02
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
id: CVE-2021-24237
|
||||
|
||||
info:
|
||||
name: Realteo WordPress Plugin <= 1.2.3 - Unauthenticated Reflected XSS
|
||||
name: WordPress Realteo <=1.2.3 - Cross-Site Scripting
|
||||
author: 0x_Akoko
|
||||
severity: medium
|
||||
description: The plugin, used by the Findeo Theme, did not properly sanitise the keyword_search, search_radius.
|
||||
description: WordPress Realteo plugin 1.2.3 and prior contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of keyword_search, search_radius. _bedrooms and _bathrooms GET parameters before outputting them in its properties page.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/087b27c4-289e-410f-af74-828a608a4e1e
|
||||
- https://m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-79]-Realteo-WordPress-Plugin-v1.2.3.txt
|
||||
- https://m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-79]-Findeo-WordPress-Theme-v1.3.0.txt
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24237
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -38,3 +38,5 @@ requests:
|
|||
words:
|
||||
- "text/html"
|
||||
part: header
|
||||
|
||||
# Enhanced by mp on 2022/09/02
|
||||
|
|
|
@ -1,15 +1,14 @@
|
|||
id: CVE-2021-24245
|
||||
|
||||
info:
|
||||
name: WordPress Plugin Stop Spammers 2021.8 - Reflected XSS
|
||||
name: WordPress Stop Spammers <2021.9 - Cross-Site Scripting
|
||||
author: edoardottt
|
||||
severity: medium
|
||||
description: The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue.
|
||||
description: WordPress Stop Spammers plugin before 2021.9 contains a reflected cross-site scripting vulnerability. It does not escape user input when blocking requests (such as matching a spam word), thus outputting it in an attribute after sanitizing it to remove HTML tags.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24245
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24245
|
||||
- https://packetstormsecurity.com/files/162623/WordPress-Stop-Spammers-2021.8-Cross-Site-Scripting.html
|
||||
- https://wpscan.com/vulnerability/5e7accd6-08dc-4c6e-9d19-73e2d7e97735
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24245
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -42,3 +41,5 @@ requests:
|
|||
part: body
|
||||
words:
|
||||
- "ad\" accesskey=X onclick=alert(1)"
|
||||
|
||||
# Enhanced by mp on 2022/09/02
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
id: CVE-2021-24274
|
||||
|
||||
info:
|
||||
name: Ultimate Maps by Supsystic < 1.2.5 - Reflected Cross-Site scripting (XSS)
|
||||
name: WordPress Supsystic Ultimate Maps <1.2.5 - Cross-Site Scripting
|
||||
author: dhiyaneshDK
|
||||
severity: medium
|
||||
description: The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
|
||||
description: WordPress Supsystic Ultimate Maps plugin before 1.2.5 contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of the tab parameter on the options page before outputting it in an attribute.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/200a3031-7c42-4189-96b1-bed9e0ab7c1d
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24274
|
||||
- http://packetstormsecurity.com/files/164316/WordPress-Ultimate-Maps-1.2.4-Cross-Site-Scripting.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24274
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -36,3 +36,5 @@ requests:
|
|||
words:
|
||||
- "text/html"
|
||||
part: header
|
||||
|
||||
# Enhanced by mp on 2022/09/02
|
||||
|
|
|
@ -3,7 +3,7 @@ id: CVE-2021-25075
|
|||
info:
|
||||
name: WordPress Duplicate Page or Post <1.5.1 - Cross-Site Scripting
|
||||
author: DhiyaneshDK
|
||||
severity: low
|
||||
severity: high
|
||||
description: |
|
||||
WordPress Duplicate Page or Post plugin before 1.5.1 contains a stored cross-site scripting vulnerability. The plugin does not have any authorization and has a flawed cross-site request forgery check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing unauthenticated users to call it and change the plugin's settings, or perform such attack via cross-site request forgery.
|
||||
reference:
|
||||
|
|
|
@ -7,8 +7,8 @@ info:
|
|||
description: Easy Social Feed < 6.2.7 is susceptible to reflected cross-site scripting because the plugin does not sanitize and escape a parameter before outputting it back in an admin dashboard page, leading to it being executed in the context of a logged admin or editor.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/6dd00198-ef9b-4913-9494-e08a95e7f9a0
|
||||
- https://www.cvedetails.com/cve/CVE-2021-25120/
|
||||
- https://wpscan.com/vulnerability/0ad020b5-0d16-4521-8ea7-39cd206ab9f6
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-25120
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
|
|
@ -6,7 +6,6 @@ info:
|
|||
severity: medium
|
||||
description: Apache Druid ingestion system is vulnerable to local file inclusion. The InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1.
|
||||
reference:
|
||||
- https://www.cvedetails.com/cve/CVE-2021-36749/
|
||||
- https://github.com/BrucessKING/CVE-2021-36749
|
||||
- https://lists.apache.org/thread.html/rc9400a70d0ec5cdb8a3486fc5ddb0b5282961c0b63e764abfbcb9f5d%40%3Cdev.druid.apache.org%3E
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-36749
|
||||
|
|
|
@ -7,8 +7,8 @@ info:
|
|||
description: EyouCMS 1.5.4 is vulnerable to an Open Redirect vulnerability. An attacker can redirect a user to a malicious url via the Logout function.
|
||||
reference:
|
||||
- https://github.com/eyoucms/eyoucms/issues/17
|
||||
- https://www.cvedetails.com/cve/CVE-2021-39501
|
||||
- https://github.com/KietNA-HPT/CVE
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-39501
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
|
|
@ -33,7 +33,7 @@ requests:
|
|||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
id=1&firstname=Adminstrator%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&lastname=Admin&username=admin
|
||||
id=1&firstname=Administrator%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&lastname=Admin&username=admin
|
||||
|
||||
- |
|
||||
GET /admin/?page=user HTTP/1.1
|
||||
|
@ -49,5 +49,5 @@ requests:
|
|||
dsl:
|
||||
- "contains(all_headers_3, 'text/html')"
|
||||
- "status_code_3 == 200"
|
||||
- 'contains(body_3, "Adminstrator\"><script>alert(document.domain)</script> Admin")'
|
||||
- 'contains(body_3, "Administrator\"><script>alert(document.domain)</script> Admin")'
|
||||
condition: and
|
||||
|
|
|
@ -7,7 +7,7 @@ info:
|
|||
description: An open redirect vulnerability exists in Rudloff/alltube that could let an attacker construct a URL within the application that causes redirection to an arbitrary external domain via Packagist in versions prior to 3.0.1.
|
||||
reference:
|
||||
- https://huntr.dev/bounties/4fb39400-e08b-47af-8c1f-5093c9a51203/
|
||||
- https://www.cvedetails.com/cve/CVE-2022-0692
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0692
|
||||
- https://huntr.dev/bounties/4fb39400-e08b-47af-8c1f-5093c9a51203
|
||||
- https://github.com/rudloff/alltube/commit/bc14b6e45c766c05757fb607ef8d444cbbfba71a
|
||||
classification:
|
||||
|
|
|
@ -1,13 +1,17 @@
|
|||
id: 404-to-301-xss
|
||||
|
||||
info:
|
||||
name: 404 to 301 < 3.1.2 - Reflected Cross-Site Scripting
|
||||
name: WordPress 404 to 301 Log Manager <3.1.2 - Cross-Site Scripting
|
||||
author: Akincibor
|
||||
severity: medium
|
||||
description: The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting.
|
||||
description: WordPress 404 to 301 Log Manager 3.1.2 does not escape some URLs before outputting them back in attributes, leading to reflected cross-site scripting.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/4a310b4f-79fa-4b74-93f8-e4522921abe1
|
||||
- https://wordpress.org/plugins/404-to-301
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: wpscan,wp-plugin,xss,wp,wordpress,authenticated
|
||||
|
||||
requests:
|
||||
|
@ -42,3 +46,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/07
|
||||
|
|
|
@ -1,16 +1,20 @@
|
|||
id: analytify-plugin-xss
|
||||
|
||||
info:
|
||||
name: Analytify < 4.2.1 - Cross-Site Scripting
|
||||
name: Analytify <4.2.1 - Cross-Site Scripting
|
||||
author: Akincibor
|
||||
severity: medium
|
||||
description: |
|
||||
The plugin does not escape the current URL before outputting it back in a 404 page when the 404 tracking feature is enabled, leading to Reflected Cross-Site Scripting.
|
||||
WordPress Analytify 4.2.1 does not escape the current URL before outputting it back in a 404 page when the 404 tracking feature is enabled, leading to reflected cross-site scripting.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/b8415ed5-6fd0-42fe-9201-73686c1871c5
|
||||
metadata:
|
||||
verified: true
|
||||
google-dork: inurl:/wp-content/plugins/wp-analytify
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: wp,wordpress,analytify,wpscan,wp-plugin,xss
|
||||
|
||||
requests:
|
||||
|
@ -35,3 +39,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 404
|
||||
|
||||
# Enhanced by mp on 2022/09/07
|
||||
|
|
|
@ -1,16 +1,20 @@
|
|||
id: avchat-video-chat-xss
|
||||
|
||||
info:
|
||||
name: AVChat Video Chat 1.4.1 - index_popup.php Multiple Parameters Reflected XSS
|
||||
name: WordPress AVChat Video Chat 1.4.1 - Cross-Site Scripting
|
||||
author: DhiyaneshDK
|
||||
severity: medium
|
||||
description: |
|
||||
The Community Lite Video Chat WordPress plugin was affected by an index_popup.php Multiple Parameters Reflected XSS security vulnerability.
|
||||
WordPress AVChat Video Chat 1.4.1 is vulnerable to reflected cross-site scripting via index_popup.php and multiple parameters.
|
||||
reference:
|
||||
- https://codevigilant.com/disclosure/wp-plugin-avchat-3-a3-cross-site-scripting-xss/
|
||||
- https://wpscan.com/vulnerability/fce99c82-3958-4c17-88d3-6e8fa1a11e59
|
||||
metadata:
|
||||
verified: true
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: xss,,wp,wpscan,wordpress,wp-plugin
|
||||
|
||||
|
||||
|
@ -34,3 +38,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/07
|
||||
|
|
|
@ -1,17 +1,21 @@
|
|||
id: calameo-publications-xss
|
||||
|
||||
info:
|
||||
name: Manage Calameo Publications 1.1.0 - thickbox_content.php attachment_id Parameter Reflected XSS
|
||||
name: WordPress Manage Calameo Publications 1.1.0 - Cross-Site Scripting
|
||||
author: DhiyaneshDK
|
||||
severity: medium
|
||||
description: |
|
||||
The Manage Calameo Publications by Athlon WordPress plugin was affected by a thickbox_content.php attachment_id Parameter Reflected XSS security vulnerability.
|
||||
WordPress Manage Calameo Publications 1.1.0 is vulnerable to reflected cross-site scripting via thickbox_content.php and the attachment_id parameter.
|
||||
reference:
|
||||
- https://codevigilant.com/disclosure/wp-plugin-athlon-manage-calameo-publications-a3-cross-site-scripting-xss/
|
||||
- https://wpscan.com/vulnerability/83343eb3-bb4c-4b82-adf6-745882f872cc
|
||||
- https://wordpress.org/plugins/athlon-manage-calameo-publications/
|
||||
metadata:
|
||||
verified: true
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: wordpress,wp-plugin,xss,wp,wpscan
|
||||
|
||||
requests:
|
||||
|
@ -34,3 +38,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/07
|
||||
|
|
|
@ -1,15 +1,19 @@
|
|||
id: checkout-fields-manager-xss
|
||||
|
||||
info:
|
||||
name: Checkout Fields Manager for WooCommerce < 5.5.7 - Reflected Cross-Site Scripting
|
||||
name: WordPress Checkout Fields Manager for WooCommerce <5.5.7 - Cross-Site Scripting
|
||||
author: Akincibor
|
||||
severity: medium
|
||||
description: The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting.
|
||||
description: WordPress Checkout Fields Manager for WooCommerce 5.5.7 does not escape some URLs before outputting them back in attributes, leading to reflected cross-site scripting.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/ea617acd-348a-4060-a8bf-08ab3b569577
|
||||
- https://wordpress.org/plugins/woocommerce-checkout-manager
|
||||
metadata:
|
||||
verified: true
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: xss,wp,wordpress,authenticated,woocommerce,wpscan,wp-plugin
|
||||
|
||||
requests:
|
||||
|
@ -42,3 +46,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/07
|
||||
|
|
|
@ -1,13 +1,17 @@
|
|||
id: clearfy-cache-xss
|
||||
|
||||
info:
|
||||
name: Clearfy Cache < 2.0.5 - Reflected Cross-Site Scripting
|
||||
name: WordPress Clearfy Cache <2.0.5 - Cross-Site Scripting
|
||||
author: Akincibor
|
||||
severity: medium
|
||||
description: The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting.
|
||||
description: WordPress Clearfy Cache 2.0.5 does not escape some URLs before outputting them back in attributes, leading to reflected cross-site scripting.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/a59e7102-13d6-4f1e-b7b1-75eae307e516
|
||||
- https://wordpress.org/plugins/clearfy
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: xss,wp,wordpress,authenticated,clearfy-cache,wpscan,wp-plugin
|
||||
|
||||
requests:
|
||||
|
@ -42,3 +46,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/07
|
||||
|
|
|
@ -1,15 +1,19 @@
|
|||
id: curcy-xss
|
||||
|
||||
info:
|
||||
name: CURCY < 2.1.18 - Reflected Cross-Site Scripting
|
||||
name: WordPress CURCY - Multi Currency for WooCommerce <2.1.18 - Cross-Site Scripting
|
||||
author: Akincibor
|
||||
severity: medium
|
||||
description: The plugin does not escape some generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting.
|
||||
description: WordPress CURCY - Multi Currency for WooCommerce 2.1.18 does not escape some generated URLs before outputting them back in attributes, leading to reflected cross-site scripting.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/6ebafb52-e167-40bc-a86c-b9840b2b9b37
|
||||
- https://wordpress.org/plugins/woo-multi-currency
|
||||
metadata:
|
||||
verified: true
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: wp-plugin,xss,wp,wordpress,authenticated,curcy,wpscan
|
||||
|
||||
requests:
|
||||
|
@ -42,3 +46,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/07
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
id: flow-flow-social-stream-xss
|
||||
|
||||
info:
|
||||
name: Flow-Flow Social Stream <= 3.0.71 - Cross-Site Scripting
|
||||
name: WordPress Flow-Flow Social Stream <=3.0.71 - Cross-Site Scripting
|
||||
author: alph4byt3
|
||||
severity: medium
|
||||
description: WordPress Flow-Flow Social Stream 3.0.7.1 and prior is vulnerable to cross-site scripting.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/8354b34e-40f4-4b70-bb09-38e2cf572ce9
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: xss,wordpress,wpscan
|
||||
|
||||
requests:
|
||||
|
@ -30,3 +35,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/07
|
||||
|
|
|
@ -1,12 +1,16 @@
|
|||
id: members-list-xss
|
||||
|
||||
info:
|
||||
name: Members List < 4.3.7 - Reflected Cross-Site Scripting
|
||||
name: WordPress Members List <4.3.7 - Cross-Site Scripting
|
||||
author: Akincibor
|
||||
severity: medium
|
||||
description: The plugin does not sanitise and escape some parameters in various pages before outputting them back, leading to Reflected Cross-Site Scripting issues.
|
||||
description: WordPress Members List 4.3.7 does not sanitize and escape some parameters in various pages before outputting them back, leading to reflected cross-site scripting vulnerabilities.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/d13f26f0-5d91-49d7-b514-1577d4247648
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: wp,wordpress,wp-plugin,xss,wpscan
|
||||
|
||||
requests:
|
||||
|
@ -31,3 +35,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/07
|
||||
|
|
|
@ -1,15 +1,19 @@
|
|||
id: modula-image-gallery-xss
|
||||
|
||||
info:
|
||||
name: Modula Image Gallery < 2.6.7 - Reflected Cross-Site Scripting
|
||||
name: WordPress Modula Image Gallery <2.6.7 - Cross-Site Scripting
|
||||
author: Akincibor
|
||||
severity: medium
|
||||
description: The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting.
|
||||
description: WordPress Modula Image Gallery 2.6.7 does not escape some URLs before outputting them back in attributes, leading to reflected cross-site scripting.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/ee248078-89ee-4cc0-b0fe-e932cd00db3e
|
||||
- https://wordpress.org/plugins/modula-best-grid-gallery
|
||||
metadata:
|
||||
verified: true
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: authenticated,wpscan,wp-plugin,xss,wp,wordpress
|
||||
|
||||
requests:
|
||||
|
@ -42,3 +46,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/07
|
||||
|
|
|
@ -1,15 +1,19 @@
|
|||
id: new-user-approve-xss
|
||||
|
||||
info:
|
||||
name: New User Approve < 2.4.1 - Reflected Cross-Site Scripting
|
||||
name: WordPress New User Approve <2.4.1 - Cross-Site Scripting
|
||||
author: Akincibor
|
||||
severity: medium
|
||||
description: The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting.
|
||||
description: WordPress New User Approve 2.4.1 does not escape some URLs before outputting them back in attributes, leading to reflected cross-site scripting.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/17f99601-f5c9-4300-9b4a-6d75fa7ab94a
|
||||
- https://wordpress.org/plugins/new-user-approve
|
||||
metadata:
|
||||
verified: true
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: wordpress,xss,authenticated,wp-plugin,wpscan,wp
|
||||
|
||||
requests:
|
||||
|
@ -43,3 +47,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/07
|
||||
|
|
|
@ -1,13 +1,17 @@
|
|||
id: sassy-social-share-xss
|
||||
|
||||
info:
|
||||
name: Sassy Social Share <= 3.3.3 - Cross-Site Scripting
|
||||
name: Sassy Social Share <=3.3.3 - Cross-Site Scripting
|
||||
author: Random_Robbie
|
||||
severity: medium
|
||||
description: |
|
||||
AJAX endpoints which returns JSON data has no Content-Type header set, and uses default text/html. Any JSON that has HTML will be rendered as such.
|
||||
WordPress Sassy Social Share 3.3.3 and prior is vulnerable to cross-site scripting because certain AJAX endpoints return JSON data with no Content-Type header set and then use the default text/html. In other words, any JSON that has HTML will be rendered as such.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/4631519b-2060-43a0-b69b-b3d7ed94c705
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: xss,wp,wpscan,wordpress,wp-plugin,sassy
|
||||
|
||||
requests:
|
||||
|
@ -34,3 +38,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/07
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
id: seo-redirection-xss
|
||||
|
||||
info:
|
||||
name: WordPress SEO Redirection < 7.4 - Reflected Cross-Site Scripting
|
||||
name: WordPress SEO Redirection <7.4 - Cross-Site Scripting
|
||||
author: DhiyaneshDK
|
||||
severity: medium
|
||||
description: |
|
||||
The plugin does not escape the tab parameter before outputting it back in JavaScript code, leading to a Reflected Cross-Site Scripting issue.
|
||||
WordPress SEO Redirection 7.4 does not escape the tab parameter before outputting it back in JavaScript code, leading to a reflected cross-site scripting vulnerability.
|
||||
remediation: Fixed in version 7.4.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/b694b9c0-a367-468c-99c2-6ba35bcf21ea
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: wordpress,xss,wp-plugin,authenticated,wpscan
|
||||
|
||||
requests:
|
||||
|
@ -52,3 +56,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/07
|
||||
|
|
|
@ -1,15 +1,19 @@
|
|||
id: shortpixel-image-optimizer-xss
|
||||
|
||||
info:
|
||||
name: ShortPixel Image Optimizer < 4.22.10 - Reflected Cross-Site Scripting
|
||||
name: WordPress ShortPixel Image Optimizer <4.22.10 - Cross-Site Scripting
|
||||
author: Akincibor
|
||||
severity: medium
|
||||
description: The plugin does not escape a generated URLs before outputting them back in an attribute, leading to Reflected Cross-Site Scripting.
|
||||
description: WordPress ShortPixel Image Optimizer 4.22.10 does not escape generated URLs before outputting them back in an attribute, leading to reflected cross-site scripting.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/8a0ddd14-7260-4fb6-bb87-2916aa41ff01
|
||||
- https://wordpress.org/plugins/shortpixel-image-optimiser
|
||||
metadata:
|
||||
verified: true
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: shortpixel,authenticated,wpscan,xss,wp-plugin,wp,wordpress
|
||||
|
||||
requests:
|
||||
|
@ -42,3 +46,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/07
|
||||
|
|
|
@ -1,13 +1,17 @@
|
|||
id: woocommerce-pdf-invoices-xss
|
||||
|
||||
info:
|
||||
name: WooCommerce PDF Invoices & Packing Slips < 2.15.0 - Reflected Cross-Site Scripting
|
||||
name: WordPress WooCommerce PDF Invoices & Packing Slips <2.15.0 - Cross-Site Scripting
|
||||
author: Akincibor
|
||||
severity: medium
|
||||
description: The plugin does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.
|
||||
description: WordPress WooCommerce PDF Invoices & Packing Slips 2.15.0 does not escape some URLs before outputting them in attributes, leading to reflected cross-site scripting.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/bc05dde0-98a2-46e3-b2c8-7bdc8c32394b
|
||||
- https://wordpress.org/plugins/woocommerce-pdf-invoices-packing-slips/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: xss,wp,wordpress,woocommerce,authenticated,wpscan,wp-plugin
|
||||
|
||||
requests:
|
||||
|
@ -43,3 +47,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/07
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
id: wordpress-wordfence-waf-bypass-xss
|
||||
|
||||
info:
|
||||
name: Wordpress Wordfence WAF - Cross-Site Scripting
|
||||
name: Wordpress Wordfence - Cross-Site Scripting
|
||||
author: hackergautam
|
||||
severity: medium
|
||||
description: Wordpress Wordfence is vulnerable to cross-site scripting.
|
||||
reference:
|
||||
- https://twitter.com/naglinagli/status/1382082473744564226
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: wordpress,wordfence,xss,bypass
|
||||
|
||||
requests:
|
||||
|
@ -28,3 +33,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/07
|
||||
|
|
|
@ -1,9 +1,14 @@
|
|||
id: wordpress-wordfence-xss
|
||||
|
||||
info:
|
||||
name: WordPress Wordfence 7.4.6 Cross Site Scripting
|
||||
name: WordPress Wordfence 7.4.6 - Cross Site Scripting
|
||||
author: madrobot
|
||||
severity: medium
|
||||
description: WordPress Wordfence 7.4.6 is vulnerable to cross-site scripting.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: wordpress,wp-plugin,xss,wordfence
|
||||
|
||||
requests:
|
||||
|
@ -26,3 +31,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/07
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
id: wordpress-zebra-form-xss
|
||||
|
||||
info:
|
||||
name: Zebra_Form Library <= 2.9.8 - Cross-Site Scripting (XSS)
|
||||
name: Zebra_Form PHP Library <= 2.9.8 - Cross-Site Scripting
|
||||
author: madrobot
|
||||
severity: medium
|
||||
description: |
|
||||
The Zebra_Form PHP library v2.9.8 (latest) and below, used by some WordPress plugins, is affected by reflected Cross-Site Scripting issues in its process.php file.
|
||||
Zebra_Form PHP library 2.9.8 and prior (which is used by some WordPress plugins) is affected by reflected cross-site scripting vulnerabilities via process.php.
|
||||
reference:
|
||||
- https://blog.wpscan.com/2021/02/15/zebra-form-xss-wordpress-vulnerability-affects-multiple-plugins.html
|
||||
- https://wpscan.com/vulnerability/e4b796fa-3215-43ff-a6aa-71f6e1db25e5
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: wordpress,xss,wp,wpscan
|
||||
|
||||
requests:
|
||||
|
@ -41,3 +45,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/07
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
id: wp-all-export-xss
|
||||
|
||||
info:
|
||||
name: WP All Export < 1.3.6 - Reflected Cross-Site Scripting
|
||||
name: WordPress All Export <1.3.6 - Cross-Site Scripting
|
||||
author: Akincibor
|
||||
severity: medium
|
||||
description: The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting.
|
||||
description: WordPress All Export plugin before version 1.3.6 does not escape some URLs before outputting them back in attributes, leading to reflected cross-site scripting.
|
||||
metadata:
|
||||
verified: true
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/de330a59-d64d-40be-86df-98997949e5e4
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: wp-plugin,xss,wp,wordpress,authenticated,wpscan
|
||||
|
||||
requests:
|
||||
|
@ -44,3 +48,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/07
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
id: wp-ambience-xss
|
||||
|
||||
info:
|
||||
name: WordPress Theme Ambience <= 1.0 - Cross-Site Scripting (XSS)
|
||||
name: WordPress Ambience Theme <=1.0 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: |
|
||||
The ambience WordPress theme was affected by a Cross-Site Scripting (XSS) security vulnerability.
|
||||
WordPress Ambience Theme 1.0 and earlier was affected by a cross-site scripting vulnerability.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/38568
|
||||
- https://www.exploit-db.com/expl oits/38568
|
||||
- https://wpscan.com/vulnerability/c465e5c1-fe43-40e9-894a-97b8ac462381
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: wp-plugin,wp,edb,wpscan,wordpress,xss
|
||||
|
||||
requests:
|
||||
|
@ -31,3 +35,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/07
|
||||
|
|
|
@ -1,17 +1,21 @@
|
|||
id: wp-blogroll-fun-xss
|
||||
|
||||
info:
|
||||
name: WordPress Plugin Blogroll Fun-Show Last Post and Last Update Time (0.8.4) - Cross-Site Scripting
|
||||
name: WordPress Blogroll Fun-Show Last Post and Last Update Time 0.8.4 - Cross-Site Scripting
|
||||
author: DhiyaneshDK
|
||||
severity: medium
|
||||
severity: high
|
||||
description: |
|
||||
WordPress Plugin Blogroll Fun-Show Last Post and Last Update Time is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress Plugin Blogroll Fun-Show Last Post and Last Update Time version 0.8.4 is vulnerable; prior versions may also be affected.
|
||||
remediation: Update to plugin version 0.8.5 or latest
|
||||
WordPress Plugin Blogroll Fun-Show Last Post and Last Update Time 0.8.4 and possibly prior versions are prone to a cross-site scripting vulnerability because of a failure to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||
remediation: Update to plugin version 0.8.5 or later.
|
||||
reference:
|
||||
- https://codevigilant.com/disclosure/wp-plugin-blogroll-fun-a3-cross-site-scripting-xss/
|
||||
- https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-blogroll-fun-show-last-post-and-last-update-time-cross-site-scripting-0-8-4/
|
||||
metadata:
|
||||
verified: true
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: wordpress,wp-plugin,xss,unauth,wp
|
||||
|
||||
requests:
|
||||
|
@ -34,3 +38,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/09/07
|
||||
|
|
Loading…
Reference in New Issue