daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Dashboard Content Enhancements (#5077) 

Dashboard Content Enhancements
patch-1
MostInterestingBotInTheWorld 2022-08-11 20:45:50 -04:00 committed by GitHub
parent fe0f40b7ed
commit 73a57ca222
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
27 changed files with 123 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cves/2014/CVE-2014-4942.yaml
View File

@ -11,6 +11,8 @@ info:
- https://codevigilant.com/disclosure/wp-plugin-wp-easycart-information-disclosure
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4942
- https://nvd.nist.gov/vuln/detail/CVE-2014-4942
classification:
cve-id: CVE-2014-4942
tags: cve,cve2014,wordpress,wp-plugin,wp,phpinfo,disclosure
requests:

8
cves/2016/CVE-2016-1000127.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2016-1000127
info:
name: AJAX Random Post <= 2.00 - Reflected Cross-Site Scripting (XSS)
name: WordPress AJAX Random Post <=2.00 - Cross-Site Scripting
author: daffainfo
severity: medium
description: Reflected XSS in wordpress plugin ajax-random-post v2.00
description: WordPress AJAX Random Post 2.00 is vulnerable to reflected cross-site scripting.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000127
- http://www.vapidlabs.com/wp/wp_advisory.php?v=494
- https://wordpress.org/plugins/ajax-random-post
- http://web.archive.org/web/20210614214105/https://www.securityfocus.com/bid/93895
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000127
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -37,3 +37,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/05

7
cves/2016/CVE-2016-1000128.yaml
View File

@ -1,13 +1,14 @@
id: CVE-2016-1000128
info:
name: anti-plagiarism <= 3.60 - Reflected Cross-Site Scripting (XSS)
name: WordPress anti-plagiarism <=3.60 - Cross-Site Scripting
author: daffainfo
severity: medium
description: Reflected XSS in wordpress plugin anti-plagiarism v3.60
description: WordPress anti-plagiarism 3.6.0 and prior are vulnerable to reflected cross-site scripting.
reference:
- http://www.vapidlabs.com/wp/wp_advisory.php?v=161
- https://wordpress.org/plugins/anti-plagiarism
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000128
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -37,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/05

6
cves/2018/CVE-2018-19915.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2018-19915
info:
name: DomainMOD 4.11.01 - Cross-Site Scripting
name: DomainMOD <=4.11.01 - Cross-Site Scripting
author: arafatansari
severity: medium
description: |
DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field.
DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the assets/edit/host.php Web Host Name or Web Host URL field.
reference:
- https://github.com/domainmod/domainmod/issues/87
- https://www.exploit-db.com/exploits/46376/
@ -50,3 +50,5 @@ requests:
- 'contains(all_headers_3, "text/html")'
- 'contains(body_3, "><script>alert(document.domain)</script></a>")'
condition: and
# Enhanced by mp on 2022/08/10

6
cves/2018/CVE-2018-20009.yaml
View File

@ -5,11 +5,11 @@ info:
author: arafatansari
severity: medium
description: |
DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via /assets/add/ssl-provider.php ssl-provider-name, ssl-provider's-url parameters.
DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/ssl-provider.php ssl-provider-name and ssl-provider's-url parameters.
reference:
- https://github.com/domainmod/domainmod/issues/88
- https://nvd.nist.gov/vuln/detail/CVE-2018-20009
- https://www.exploit-db.com/exploits/46372/
- https://nvd.nist.gov/vuln/detail/CVE-2018-20009
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
cvss-score: 4.8
@ -50,3 +50,5 @@ requests:
- 'contains(all_headers_3, "text/html")'
- 'contains(body_3, "><script>alert(document.domain)</script></a>")'
condition: and
# Enhanced by mp on 2022/08/10

6
cves/2018/CVE-2018-20010.yaml
View File

@ -5,11 +5,11 @@ info:
author: arafatansari
severity: medium
description: |
DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via /assets/add/ssl-provider-account.php Username field.
DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/ssl-provider-account.php Username field.
reference:
- https://www.exploit-db.com/exploits/46373/
- https://nvd.nist.gov/vuln/detail/CVE-2018-20010
- https://github.com/domainmod/domainmod/issues/88
- https://nvd.nist.gov/vuln/detail/CVE-2018-20010
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
cvss-score: 4.8
@ -50,3 +50,5 @@ requests:
- 'contains(all_headers_3, "text/html")'
- 'contains(body_3, "><script>alert(document.domain)</script></a>")'
condition: and
# Enhanced by mp on 2022/08/10

4
cves/2018/CVE-2018-20011.yaml
View File

@ -5,7 +5,7 @@ info:
author: arafatansari
severity: medium
description: |
DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via /assets/add/category.php CatagoryName, StakeHolder parameters.
DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/category.php CatagoryName and StakeHolder parameters.
reference:
- https://www.exploit-db.com/exploits/46374/
- https://github.com/domainmod/domainmod/issues/88
@ -50,3 +50,5 @@ requests:
- 'contains(all_headers_3, "text/html")'
- 'contains(body_3, "><script>alert(document.domain)</script></a>")'
condition: and
# Enhanced by mp on 2022/08/10

8
cves/2018/CVE-2018-20462.yaml
View File

@ -1,14 +1,14 @@
id: CVE-2018-20462
info:
name: JSmol2WP <= 1.07 - Reflected Cross-Site Scripting (XSS)
name: WordPress JSmol2WP <=1.07 - Cross-Site Scripting
author: daffainfo
severity: medium
description: An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter.
description: WordPress JSmol2WP version 1.07 and earlier is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2018-20462
- https://www.cbiu.cc/2018/12/WordPress%E6%8F%92%E4%BB%B6jsmol2wp%E6%BC%8F%E6%B4%9E/#%E5%8F%8D%E5%B0%84%E6%80%A7XSS
- https://wpvulndb.com/vulnerabilities/9196
- https://nvd.nist.gov/vuln/detail/CVE-2018-20462
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -36,3 +36,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/11

7
cves/2018/CVE-2018-20824.yaml
View File

@ -1,12 +1,13 @@
id: CVE-2018-20824
info:
name: Atlassian Jira WallboardServlet XSS
name: Atlassian Jira WallboardServlet <7.13.1 - Cross-Site Scripting
author: madrobot,dwisiswant0
severity: medium
description: The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter.
description: The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the cyclePeriod parameter.
reference:
- https://jira.atlassian.com/browse/JRASERVER-69238
- https://nvd.nist.gov/vuln/detail/CVE-2018-20824
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -29,3 +30,5 @@ requests:
regex:
- (?mi)timeout:\salert\(document\.domain\)
part: body
# Enhanced by mp on 2022/08/10

9
cves/2018/CVE-2018-5230.yaml
View File

@ -1,13 +1,14 @@
id: CVE-2018-5230
info:
name: Atlassian Confluence Status-List XSS
name: Atlassian Jira Confluence - Cross-Site Scripting
author: madrobot
severity: medium
description: |
The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified.
Atlassian Jira Confluence before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4, and from version 7.9.0 before version 7.9.2, allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the error message of custom fields when an invalid value is specified.
reference:
- https://jira.atlassian.com/browse/JRASERVER-67289
- https://nvd.nist.gov/vuln/detail/CVE-2018-5230
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -38,4 +39,6 @@ requests:
- type: word
part: header
words:
- 'text/html'
- 'text/html'
# Enhanced by mp on 2022/08/11

8
cves/2018/CVE-2018-5233.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2018-5233
info:
name: Grav CMS before 1.3.0 allows XSS.
name: Grav CMS <1.3.0 - Cross-Site Scripting
author: pikpikcu
severity: medium
description: |
Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/tools.
Grav CMS before 1.3.0 is vulnerable to cross-site scripting via system/src/Grav/Common/Twig/Twig.php and allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/tools.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2018-5233
- https://sysdream.com/news/lab/2018-03-15-cve-2018-5233-grav-cms-admin-plugin-reflected-cross-site-scripting-xss-vulnerability/
- http://www.openwall.com/lists/oss-security/2018/03/15/1
- https://nvd.nist.gov/vuln/detail/CVE-2018-5233
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -37,3 +37,5 @@ requests:
part: header
words:
- text/html
# Enhanced by mp on 2022/08/10

8
cves/2018/CVE-2018-5316.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2018-5316
info:
name: SagePay Server Gateway for WooCommerce <= 1.0.8 - Reflected Cross-Site Scripting (XSS)
name: WordPress SagePay Server Gateway for WooCommerce <1.0.9 - Cross-Site Scripting
author: daffainfo
severity: medium
description: The SagePay Server Gateway for WooCommerce plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter.
description: WordPress SagePay Server Gateway for WooCommerce before 1.0.9 is vulnerable to cross-site scripting via the includes/pages/redirect.php page parameter.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2018-5316
- https://wordpress.org/support/topic/sagepay-server-gateway-for-woocommerce-1-0-7-cross-site-scripting/#post-9792337
- https://wordpress.org/plugins/sagepay-server-gateway-for-woocommerce/#developers
- https://packetstormsecurity.com/files/145459/WordPress-Sagepay-Server-Gateway-For-WooCommerce-1.0.7-XSS.html
- https://nvd.nist.gov/vuln/detail/CVE-2018-5316
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -37,3 +37,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/10

8
cves/2018/CVE-2018-5715.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2018-5715
info:
name: SugarCRM 3.5.1 - Reflected XSS
name: SugarCRM 3.5.1 - Cross-Site Scripting
author: edoardottt
severity: medium
description: phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable).
description: SugarCRM 3.5.1 is vulnerable to cross-site scripting via phprint.php and a parameter name in the query string (aka a $key variable).
reference:
- https://www.exploit-db.com/exploits/43683
- https://nvd.nist.gov/vuln/detail/CVE-2018-5715
- https://m4k4br0.github.io/sugarcrm-xss/
- https://www.exploit-db.com/exploits/43683/
- https://nvd.nist.gov/vuln/detail/CVE-2018-5715
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -40,3 +40,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/11

7
cves/2018/CVE-2018-8006.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2018-8006
info:
name: Apache ActiveMQ XSS
name: Apache ActiveMQ <=5.15.5 - Cross-Site Scripting
author: pdteam
severity: medium
description: An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter.
description: Apache ActiveMQ versions 5.0.0 to 5.15.5 are vulnerable to cross-site scripting via the web based administration console on the queue.jsp page. The root cause of this issue is improper data filtering of the QueueFilter parameter.
reference:
- http://activemq.apache.org/security-advisories.data/CVE-2018-8006-announcement.txt
- http://web.archive.org/web/20210518135045/https://www.securityfocus.com/bid/105156
@ -16,6 +16,7 @@ info:
- https://lists.apache.org/thread.html/c0ec53b72b3240b187afb1cf67e4309a9e5f607282010aa196734814@%3Cgitbox.activemq.apache.org%3E
- https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d@%3Ccommits.activemq.apache.org%3E
- https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E
- https://nvd.nist.gov/vuln/detail/CVE-2018-8006
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -41,3 +42,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/11

10
cves/2019/CVE-2019-0221.yaml
View File

@ -1,19 +1,17 @@
id: CVE-2019-0221
info:
name: Apache Tomcat XSS
name: Apache Tomcat - Cross-Site Scripting
author: pikpikcu
severity: medium
description: |
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and
7.0.0 to 7.0.93 echoes user provided data without escaping and is,
therefore, vulnerable to XSS. SSI is disabled by default.
The printenv command is intended for debugging and is unlikely to be present in a production website.
Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 are vulnerable to cross-site scripting because the SSI printenv command echoes user provided data without escaping. Note: SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.
reference:
- https://seclists.org/fulldisclosure/2019/May/50
- https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/
- https://www.exploit-db.com/exploits/50119
- https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c@%3Cannounce.tomcat.apache.org%3E
- https://nvd.nist.gov/vuln/detail/CVE-2019-0221
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -44,3 +42,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/11

7
cves/2019/CVE-2019-10092.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2019-10092
info:
name: Apache mod_proxy HTML Injection / Partial XSS
name: Apache HTTP Server <=2.4.39 - HTML Injection/Partial Cross-Site Scripting
author: pdteam
severity: medium
description: In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
description: Apache HTTP Server versions 2.4.0 through 2.4.39 are vulnerable to a limited cross-site scripting issue affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
reference:
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html
- https://nvd.nist.gov/vuln/detail/CVE-2019-10092
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -24,3 +25,5 @@ requests:
- type: word
words:
- "<a href=\"/\\google.com/evil.html\">"
# Enhanced by mp on 2022/08/11

8
cves/2019/CVE-2019-1010287.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2019-1010287
info:
name: Timesheet 1.5.3 - Cross Site Scripting
name: Timesheet Next Gen <=1.5.3 - Cross-Site Scripting
author: pikpikcu
severity: medium
description: 'Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url.'
description: 'Timesheet Next Gen 1.5.3 and earlier is vulnerable to cross-site scripting that allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url.'
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2019-1010287
- http://www.mdh-tz.info/
- https://sourceforge.net/p/tsheetx/discussion/779083/thread/7fcb52f696/
- https://sourceforge.net/p/tsheetx/code/497/tree/branches/legacy/login.php#l40
- https://nvd.nist.gov/vuln/detail/CVE-2019-1010287
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -38,3 +38,5 @@ requests:
words:
- '><script>javascript:alert(document.domain)</script>'
part: body
# Enhanced by mp on 2022/08/11

7
cves/2019/CVE-2019-10475.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2019-10475
info:
name: Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting
name: Jenkins build-metrics 1.3 - Cross-Site Scripting
author: madrobot
severity: medium
description: A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.
description: Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides.
reference:
- https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1490
- http://www.openwall.com/lists/oss-security/2019/10/23/2
- http://packetstormsecurity.com/files/155200/Jenkins-Build-Metrics-1.3-Cross-Site-Scripting.html
- https://nvd.nist.gov/vuln/detail/CVE-2019-10475
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -34,3 +35,5 @@ requests:
words:
- "text/html"
part: header
# Enhanced by mp on 2022/08/11

6
cves/2019/CVE-2019-11370.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2019-11370
info:
name: Carel pCOWeb < B1.2.4 - Cross-Site Scripting
name: Carel pCOWeb <B1.2.4 - Cross-Site Scripting
author: arafatansari
severity: medium
description: |
Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field.
Carel pCOWeb prior to B1.2.4 is vulnerable to stored cross-site scripting, as demonstrated by the config/pw_snmp.html "System contact" field.
reference:
- https://www.exploit-db.com/exploits/46897
- https://github.com/nepenthe0320/cve_poc/blob/master/CVE-2019-11370
@ -41,3 +41,5 @@ requests:
- status_code_2 == 200
- contains(body_2, 'value=\"\"><script>alert(document.domain)</script>\"></td>')
condition: and
# Enhanced by mp on 2022/08/08

11
cves/2019/CVE-2019-11869.yaml
View File

@ -1,14 +1,14 @@
id: CVE-2019-11869
info:
name: Yuzo Related Posts plugin XSS
name: WordPress Yuzo <5.12.94 - Cross-Site Scripting
author: ganofins
severity: medium
description: |
The Yuzo Related Posts plugin before 5.12.94 for WordPress has XSS
WordPress Yuzo Related Posts plugin before 5.12.94 is vulnerable to cross-site scripting
because it mistakenly expects that is_admin() verifies that the
request comes from an admin user (it actually only verifies that the
request is for an admin page). An unauthenticated attacker can inject
request is for an admin page). An unauthenticated attacker can consequently inject
a payload into the plugin settings, such as the
yuzo_related_post_css_and_style setting.
reference:
@ -16,6 +16,7 @@ info:
- https://wpscan.com/vulnerability/9254
- https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild/
- https://wpvulndb.com/vulnerabilities/9254
- https://nvd.nist.gov/vuln/detail/CVE-2019-11869
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -45,4 +46,6 @@ requests:
- type: dsl
dsl:
- "contains(tolower(all_headers_2), 'text/html')"
- "contains(tolower(all_headers_2), 'text/html')"
# Enhanced by mp on 2022/08/11

9
cves/2019/CVE-2019-12461.yaml
View File

@ -1,15 +1,16 @@
id: CVE-2019-12461
info:
name: WebPort 1.19.1 - Reflected Cross-Site Scripting
name: WebPort 1.19.1 - Cross-Site Scripting
author: pikpikcu
severity: medium
description: Web Port 1.19.1 allows XSS via the /log type parameter.
description: Web Port 1.19.1 is vulnerable to cross-site scripting via the /log type parameter.
reference:
- https://github.com/EmreOvunc/WebPort-v1.19.1-Reflected-XSS
- https://webport.se/nedladdningar/
- https://github.com/EmreOvunc/WebPort-v1.19.1-Reflected-XSS/
- https://emreovunc.com/blog/en/WebPort-Reflected-XSS-02.png
- https://nvd.nist.gov/vuln/detail/CVE-2019-12461
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -34,4 +35,6 @@ requests:
- type: word
words:
- "text/html"
part: header
part: header
# Enhanced by mp on 2022/08/08

8
cves/2019/CVE-2019-12581.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2019-12581
info:
name: Zyxel ZyWall / USG / UAG - Reflected Cross-site scripting
name: Zyxel ZyWal/USG/UAG Devices - Cross-Site Scripting
author: n-thumann
severity: medium
description: A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter.
description: Zyxel ZyWall, USG, and UAG devices allow remote attackers to inject arbitrary web script or HTML via the err_msg parameter free_time_failed.cgi CGI program, aka reflective cross-site scripting.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2019-12581
- https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml
- https://sec-consult.com/vulnerability-lab/advisory/reflected-cross-site-scripting-in-zxel-zywall/
- https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/
- https://nvd.nist.gov/vuln/detail/CVE-2019-12581
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -41,3 +41,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/10

8
cves/2019/CVE-2019-12962.yaml
View File

@ -1,16 +1,16 @@
id: CVE-2019-12962
info:
name: LiveZilla Server 8.0.1.0 - Cross Site Scripting
name: LiveZilla Server 8.0.1.0 - Cross-Site Scripting
author: Clment Cruchet
severity: medium
description: |
LiveZilla Server 8.0.1.0 - Accept-Language Reflected XSS
LiveZilla Server 8.0.1.0 is vulnerable to reflected cross-site scripting.
reference:
- https://www.exploit-db.com/exploits/49669
- https://nvd.nist.gov/vuln/detail/CVE-2019-12962
- https://forums.livezilla.net/index.php?/topic/10984-fg-vd-19-083085087-livezilla-server-are-vulnerable-to-cross-site-scripting-in-admin-panel/
- http://packetstormsecurity.com/files/161867/LiveZilla-Server-8.0.1.0-Cross-Site-Scripting.html
- https://nvd.nist.gov/vuln/detail/CVE-2019-12962
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -45,3 +45,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/08

7
cves/2019/CVE-2019-14470.yaml
View File

@ -1,15 +1,16 @@
id: CVE-2019-14470
info:
name: WordPress Plugin UserPro 4.9.32 - Reflected Cross-Site Scripting (XSS)
name: WordPress UserPro 4.9.32 - Cross-Site Scripting
author: daffainfo
severity: medium
description: cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter.
description: WordPress UserPro 4.9.32 is vulnerable to reflected cross-site scripting because the Instagram PHP API (v2) it relies on allows it via the example/success.php error_description parameter.
reference:
- https://wpscan.com/vulnerability/9815
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14470
- http://packetstormsecurity.com/files/154206/WordPress-UserPro-4.9.32-Cross-Site-Scripting.html
- https://wpvulndb.com/vulnerabilities/9815
- https://nvd.nist.gov/vuln/detail/CVE-2019-14470
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -37,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/10

8
cves/2019/CVE-2019-14696.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2019-14696
info:
name: Open-Scool 3.0/Community Edition 2.3 - Cross Site Scripting
name: Open-Scool 3.0/Community Edition 2.3 - Cross-Site Scripting
author: pikpikcu
severity: medium
description: Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter.
description: Open-School 3.0, and Community Edition 2.3, allows cross-site scripting via the osv/index.php?r=students/guardians/create id parameter.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2019-14696
- https://open-school.org
- https://pastebin.com/AgxqdbAQ
- http://packetstormsecurity.com/files/153984/Open-School-3.0-Community-Edition-2.3-Cross-Site-Scripting.html
- https://nvd.nist.gov/vuln/detail/CVE-2019-14696
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -31,3 +31,5 @@ requests:
words:
- '<script>alert(document.domain)</script>'
part: body
# Enhanced by mp on 2022/08/08

1
cves/2022/CVE-2022-0660.yaml
View File

@ -12,6 +12,7 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2022-0660
- https://huntr.dev/bounties/01fd2e0d-b8cf-487f-a16c-7b088ef3a291
classification:
cve-id: CVE-2022-0660
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-209

3
cves/2022/CVE-2022-31793.yaml
View File

@ -10,7 +10,8 @@ info:
- https://derekabdine.com/blog/2022-arris-advisory.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31793
- https://nvd.nist.gov/vuln/detail/CVE-2022-31793
- https://derekabdine.com/blog/2022-arris-advisory
classification:
cve-id: CVE-2022-31793
metadata:
verified: "true"
tags: cve,cve2022,network,muhttpd,lfi,unauth