daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update mongodb-unauth.yaml (#3712) 

* Update mongodb-unauth.yaml

* Update CVE-2020-11110.yaml

* Update CVE-2020-11110.yaml
patch-1
Prince Chaddha 2022-02-16 18:03:09 +05:30 committed by GitHub
parent e5e0e1ebf4
commit 627ef6412e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cves/2020/CVE-2020-11110.yaml
View File

@ -5,7 +5,7 @@ info:
severity: medium
name: Grafana Unauthenticated Stored XSS
description: Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
tags: cve,cve2020,xss,grafana
remediation: This issue can be resolved by updating Grafana to the latest version.
reference:
- https://ctf-writeup.revers3c.com/challenges/web/CVE-2020-11110/index.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-11110
@ -14,6 +14,8 @@ info:
cvss-score: 6.10
cve-id: CVE-2020-11110
cwe-id: CWE-79
tags: cve,cve2020,xss,grafana
requests:
- raw:
- |

6
network/mongodb-unauth.yaml
View File

@ -4,7 +4,11 @@ info:
name: Unauth MongoDB Disclosure
author: pdteam
severity: high
reference: https://github.com/orleven/Tentacle
reference:
- https://github.com/orleven/Tentacle
- https://book.hacktricks.xyz/pentesting/27017-27018-mongodb
- https://www.mongodb.com/features/mongodb-authentication
remediation: Enable Authentication in MongoDB
tags: network,mongodb,unauth
network: