diff --git a/cves/CVE-2018-16341.yaml b/cves/CVE-2018-16341.yaml index b13fe2f1f8..996c172ea6 100644 --- a/cves/CVE-2018-16341.yaml +++ b/cves/CVE-2018-16341.yaml @@ -4,7 +4,7 @@ info: name: Nuxeo Authentication Bypass Remote Code Execution author: madrobot severity: high - + description: Nuxeo Authentication Bypass Remote Code Execution < 103 using a SSTI requests: - method: GET path: diff --git a/cves/CVE-2018-18069.yaml b/cves/CVE-2018-18069.yaml index 5c589746f2..cd81dacb85 100644 --- a/cves/CVE-2018-18069.yaml +++ b/cves/CVE-2018-18069.yaml @@ -4,6 +4,7 @@ info: name: Wordpress unauthenticated stored xss author: nadino severity: medium + description: process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php. requests: - method: POST diff --git a/cves/CVE-2018-19439.yaml b/cves/CVE-2018-19439.yaml index 2952248760..8900edbb04 100644 --- a/cves/CVE-2018-19439.yaml +++ b/cves/CVE-2018-19439.yaml @@ -4,6 +4,7 @@ info: name: Cross Site Scripting in Oracle Secure Global Desktop Administration Console author: madrobot & dwisiswant0 severity: high + description: XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4) requests: - method: GET diff --git a/cves/CVE-2018-20824.yaml b/cves/CVE-2018-20824.yaml index 584891af68..2ff8052fbf 100644 --- a/cves/CVE-2018-20824.yaml +++ b/cves/CVE-2018-20824.yaml @@ -4,6 +4,7 @@ info: name: Atlassian Jira WallboardServlet XSS author: madrobot & dwisiswant0 severity: medium + description: The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter. requests: - method: GET diff --git a/cves/CVE-2018-2791.yaml b/cves/CVE-2018-2791.yaml index d3333051aa..8f26171ba7 100644 --- a/cves/CVE-2018-2791.yaml +++ b/cves/CVE-2018-2791.yaml @@ -4,7 +4,7 @@ info: name: Oracle WebCenter Sites XSS author: madrobot severity: medium - + description: Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware requests: - method: GET path: