daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Typo and language corrections

patch-1
sullo 2021-09-20 15:25:11 -04:00
parent ec05f1bf3b
commit b57620cce2
3 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cves/2017/CVE-2017-10075.yaml
View File

@ -4,7 +4,7 @@ info:
name: Oracle Content Server XSS
author: madrobot
severity: high
description: The vulnerability can be used to include HTML or JavaScript code to the affected web page. The code is executed in the browser of users if they visit the manipulated site.
description: The vulnerability can be used to include HTML or JavaScript code in the affected web page. The code is executed in the browser of users if they visit the manipulated site.
reference: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
tags: cve,cve2017,xss,oracle
classification:

4
cves/2021/CVE-2021-32820.yaml
View File

@ -7,13 +7,13 @@ info:
reference:
- https://securitylab.github.com/advisories/GHSL-2021-018-express-handlebars/
- https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/CVE-2021-32820.json
tags: cve,cve2021,expressjs,lfi
tags: cve,cve2021,expressjs,lfi,xxe
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.60
cve-id: CVE-2021-32820
cwe-id: CWE-200
description: "Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extentions (i.e. file.extension) can be included, files that lack an extension will have .handlebars appended to them. For complete details refer to the referenced GHSL-2021-018 report. Notes in documentation have been added to help users avoid this potential information exposure vulnerability."
description: "Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extensions (i.e., file.extension) can be included. Files that lack an extension will have .handlebars appended to them. For complete details refer to the referenced GHSL-2021-018 report. Notes in documentation have been added to help users avoid this potential information exposure vulnerability."
requests:
- method: GET

2
misconfiguration/rack-mini-profiler.yaml
View File

@ -1,7 +1,7 @@
id: rack-mini-profiler
info:
name: rack-mini-profiler environmnet information disclosure
name: rack-mini-profiler environment information disclosure
author: vzamanillo
severity: high
tags: config,debug