From b65c24c45ec7826dbd9ba73b3db6b85727ab5514 Mon Sep 17 00:00:00 2001 From: sullo Date: Fri, 9 Sep 2022 13:34:37 -0400 Subject: [PATCH] Normalization of Cross-Site Scripting names (#5329) --- cves/2011/CVE-2011-4618.yaml | 2 +- cves/2011/CVE-2011-4624.yaml | 2 +- cves/2011/CVE-2011-4926.yaml | 2 +- cves/2011/CVE-2011-5106.yaml | 2 +- cves/2011/CVE-2011-5107.yaml | 2 +- cves/2011/CVE-2011-5179.yaml | 2 +- cves/2011/CVE-2011-5181.yaml | 2 +- cves/2011/CVE-2011-5265.yaml | 2 +- cves/2012/CVE-2012-0901.yaml | 2 +- cves/2012/CVE-2012-1835.yaml | 2 +- cves/2012/CVE-2012-2371.yaml | 2 +- cves/2012/CVE-2012-4242.yaml | 2 +- cves/2012/CVE-2012-4273.yaml | 2 +- cves/2012/CVE-2012-4768.yaml | 2 +- cves/2012/CVE-2012-4889.yaml | 2 +- cves/2012/CVE-2012-5913.yaml | 2 +- cves/2013/CVE-2013-2287.yaml | 2 +- cves/2013/CVE-2013-3526.yaml | 2 +- cves/2013/CVE-2013-4117.yaml | 2 +- cves/2013/CVE-2013-4625.yaml | 2 +- cves/2014/CVE-2014-4513.yaml | 2 +- cves/2014/CVE-2014-4535.yaml | 4 ++-- cves/2014/CVE-2014-4536.yaml | 4 ++-- cves/2014/CVE-2014-4539.yaml | 4 ++-- cves/2014/CVE-2014-4544.yaml | 4 ++-- cves/2014/CVE-2014-4550.yaml | 4 ++-- cves/2014/CVE-2014-4558.yaml | 4 ++-- cves/2014/CVE-2014-4561.yaml | 4 ++-- cves/2014/CVE-2014-4592.yaml | 4 ++-- cves/2014/CVE-2014-9094.yaml | 2 +- cves/2014/CVE-2014-9444.yaml | 4 ++-- cves/2016/CVE-2016-1000141.yaml | 2 +- cves/2017/CVE-2017-14651.yaml | 2 +- cves/2018/CVE-2018-11709.yaml | 2 +- cves/2019/CVE-2019-7255.yaml | 2 +- cves/2020/CVE-2020-13258.yaml | 2 +- cves/2020/CVE-2020-13483.yaml | 2 +- cves/2020/CVE-2020-17362.yaml | 4 ++-- cves/2021/CVE-2021-24276.yaml | 2 +- cves/2021/CVE-2021-24291.yaml | 2 +- cves/2021/CVE-2021-24298.yaml | 2 +- cves/2021/CVE-2021-24746.yaml | 2 +- cves/2021/CVE-2021-25055.yaml | 2 +- cves/2021/CVE-2021-25085.yaml | 2 +- cves/2021/CVE-2021-25112.yaml | 2 +- cves/2021/CVE-2021-31682.yaml | 2 +- cves/2021/CVE-2021-35265.yaml | 2 +- cves/2021/CVE-2021-35488.yaml | 2 +- cves/2021/CVE-2021-37573.yaml | 2 +- cves/2021/CVE-2021-38704.yaml | 2 +- cves/2021/CVE-2021-39320.yaml | 2 +- cves/2021/CVE-2021-39322.yaml | 2 +- cves/2021/CVE-2021-39350.yaml | 2 +- cves/2021/CVE-2021-40542.yaml | 2 +- cves/2021/CVE-2021-41349.yaml | 2 +- cves/2021/CVE-2021-41467.yaml | 2 +- cves/2021/CVE-2021-41878.yaml | 2 +- cves/2021/CVE-2021-41951.yaml | 2 +- cves/2021/CVE-2021-42551.yaml | 2 +- cves/2021/CVE-2021-42565.yaml | 2 +- cves/2021/CVE-2021-42566.yaml | 2 +- cves/2021/CVE-2021-42567.yaml | 2 +- cves/2021/CVE-2021-42663.yaml | 2 +- cves/2021/CVE-2021-43062.yaml | 2 +- cves/2021/CVE-2021-43574.yaml | 2 +- cves/2021/CVE-2021-43810.yaml | 2 +- cves/2021/CVE-2021-45380.yaml | 2 +- cves/2021/CVE-2021-46068.yaml | 2 +- cves/2021/CVE-2021-46069.yaml | 2 +- cves/2021/CVE-2021-46071.yaml | 2 +- cves/2021/CVE-2021-46073.yaml | 2 +- cves/2022/CVE-2022-0149.yaml | 2 +- cves/2022/CVE-2022-0150.yaml | 2 +- cves/2022/CVE-2022-0189.yaml | 2 +- cves/2022/CVE-2022-0201.yaml | 2 +- cves/2022/CVE-2022-0208.yaml | 2 +- cves/2022/CVE-2022-0220.yaml | 4 ++-- cves/2022/CVE-2022-0271.yaml | 2 +- cves/2022/CVE-2022-0288.yaml | 2 +- cves/2022/CVE-2022-0378.yaml | 2 +- cves/2022/CVE-2022-0381.yaml | 2 +- cves/2022/CVE-2022-0422.yaml | 2 +- cves/2022/CVE-2022-0595.yaml | 4 ++-- cves/2022/CVE-2022-0599.yaml | 2 +- cves/2022/CVE-2022-0776.yaml | 2 +- cves/2022/CVE-2022-0928.yaml | 2 +- cves/2022/CVE-2022-0954.yaml | 2 +- cves/2022/CVE-2022-1221.yaml | 2 +- cves/2022/CVE-2022-1439.yaml | 2 +- cves/2022/CVE-2022-1597.yaml | 2 +- cves/2022/CVE-2022-1724.yaml | 2 +- cves/2022/CVE-2022-1904.yaml | 2 +- cves/2022/CVE-2022-1906.yaml | 2 +- cves/2022/CVE-2022-1937.yaml | 2 +- cves/2022/CVE-2022-1946.yaml | 2 +- cves/2022/CVE-2022-2187.yaml | 2 +- cves/2022/CVE-2022-24181.yaml | 2 +- cves/2022/CVE-2022-24681.yaml | 2 +- cves/2022/CVE-2022-24899.yaml | 2 +- cves/2022/CVE-2022-26564.yaml | 2 +- cves/2022/CVE-2022-28363.yaml | 2 +- cves/2022/CVE-2022-29301.yaml | 2 +- cves/2022/CVE-2022-29349.yaml | 2 +- cves/2022/CVE-2022-29455.yaml | 2 +- cves/2022/CVE-2022-29548.yaml | 2 +- cves/2022/CVE-2022-30489.yaml | 2 +- cves/2022/CVE-2022-30776.yaml | 2 +- cves/2022/CVE-2022-30777.yaml | 2 +- cves/2022/CVE-2022-31373.yaml | 2 +- cves/2022/CVE-2022-31798.yaml | 2 +- cves/2022/CVE-2022-32195.yaml | 2 +- cves/2022/CVE-2022-32770.yaml | 2 +- cves/2022/CVE-2022-32771.yaml | 2 +- cves/2022/CVE-2022-32772.yaml | 2 +- cves/2022/CVE-2022-34048.yaml | 2 +- cves/2022/CVE-2022-34328.yaml | 2 +- cves/2022/CVE-2022-35151.yaml | 2 +- cves/2022/CVE-2022-35416.yaml | 2 +- cves/2022/CVE-2022-35493.yaml | 2 +- cves/2022/CVE-2022-37153.yaml | 2 +- cves/2022/CVE-2022-38463.yaml | 2 +- vulnerabilities/dedecms/dedecms-config-xss.yaml | 2 +- vulnerabilities/drupal/drupal-avatar-xss.yaml | 2 +- vulnerabilities/gnuboard/gnuboard-sms-xss.yaml | 2 +- vulnerabilities/gnuboard/gnuboard5-rxss.yaml | 2 +- vulnerabilities/gnuboard/gnuboard5-xss.yaml | 2 +- vulnerabilities/httpbin/httpbin-xss.yaml | 2 +- vulnerabilities/ibm/eclipse-help-system-xss.yaml | 4 ++-- vulnerabilities/laravel/laravel-ignition-xss.yaml | 2 +- vulnerabilities/other/acme-xss.yaml | 2 +- vulnerabilities/other/avada-xss.yaml | 2 +- vulnerabilities/other/carrental-xss.yaml | 2 +- vulnerabilities/other/ckan-dom-based-xss.yaml | 2 +- vulnerabilities/other/coldfusion-debug-xss.yaml | 2 +- vulnerabilities/other/discourse-xss.yaml | 2 +- vulnerabilities/other/dzzoffice-xss.yaml | 2 +- vulnerabilities/other/empirecms-xss.yaml | 2 +- vulnerabilities/other/eris-xss.yaml | 2 +- vulnerabilities/other/global-domains-xss.yaml | 2 +- vulnerabilities/other/keycloak-xss.yaml | 4 ++-- vulnerabilities/other/lucee-xss.yaml | 4 ++-- vulnerabilities/other/mida-eframework-xss.yaml | 4 ++-- vulnerabilities/other/ms-exchange-server-reflected-xss.yaml | 2 +- vulnerabilities/other/parallels-hsphere-xss.yaml | 2 +- vulnerabilities/other/parentlink-xss.yaml | 2 +- vulnerabilities/other/php-timeclock-xss.yaml | 2 +- vulnerabilities/other/qcubed-xss.yaml | 2 +- vulnerabilities/other/reddittop-rss-xss.yaml | 2 +- vulnerabilities/other/rockmongo-xss.yaml | 2 +- vulnerabilities/other/sick-beard-xss.yaml | 2 +- vulnerabilities/other/siteminder-dom-xss.yaml | 2 +- vulnerabilities/other/solarview-compact-xss.yaml | 2 +- vulnerabilities/other/thruk-xss.yaml | 2 +- vulnerabilities/other/tikiwiki-reflected-xss.yaml | 2 +- vulnerabilities/other/turbocrm-xss.yaml | 2 +- vulnerabilities/other/yeswiki-stored-xss.yaml | 2 +- vulnerabilities/other/yeswiki-xss.yaml | 2 +- vulnerabilities/royalevent/royalevent-management-xss.yaml | 2 +- vulnerabilities/royalevent/royalevent-stored-xss.yaml | 2 +- vulnerabilities/samsung/samsung-wlan-ap-xss.yaml | 4 ++-- vulnerabilities/wordpress/elex-woocommerce-xss.yaml | 2 +- vulnerabilities/wordpress/my-chatbot-xss.yaml | 2 +- vulnerabilities/wordpress/wordpress-wordfence-xss.yaml | 2 +- vulnerabilities/wordpress/wp-adaptive-xss.yaml | 2 +- vulnerabilities/wordpress/wp-custom-tables-xss.yaml | 2 +- vulnerabilities/wordpress/wp-finder-xss.yaml | 2 +- vulnerabilities/wordpress/wp-flagem-xss.yaml | 2 +- vulnerabilities/wordpress/wp-insert-php-xss.yaml | 2 +- vulnerabilities/wordpress/wp-knews-xss.yaml | 2 +- vulnerabilities/wordpress/wp-nextgen-xss.yaml | 2 +- vulnerabilities/wordpress/wp-phpfreechat-xss.yaml | 2 +- vulnerabilities/wordpress/wp-securimage-xss.yaml | 2 +- vulnerabilities/wordpress/wp-slideshow-xss.yaml | 2 +- vulnerabilities/wordpress/wpify-woo-czech-xss.yaml | 2 +- 174 files changed, 191 insertions(+), 191 deletions(-) diff --git a/cves/2011/CVE-2011-4618.yaml b/cves/2011/CVE-2011-4618.yaml index c3749f0d5a..ff441dcef2 100644 --- a/cves/2011/CVE-2011-4618.yaml +++ b/cves/2011/CVE-2011-4618.yaml @@ -1,7 +1,7 @@ id: CVE-2011-4618 info: - name: Advanced Text Widget < 2.0.2 - Reflected Cross-Site Scripting + name: Advanced Text Widget < 2.0.2 - Cross-Site Scripting author: daffainfo severity: medium description: A cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. diff --git a/cves/2011/CVE-2011-4624.yaml b/cves/2011/CVE-2011-4624.yaml index 72828127c8..2df94565af 100644 --- a/cves/2011/CVE-2011-4624.yaml +++ b/cves/2011/CVE-2011-4624.yaml @@ -1,7 +1,7 @@ id: CVE-2011-4624 info: - name: GRAND FlAGallery 1.57 - Reflected Cross-Site Scripting + name: GRAND FlAGallery 1.57 - Cross-Site Scripting author: daffainfo severity: medium description: A cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter. diff --git a/cves/2011/CVE-2011-4926.yaml b/cves/2011/CVE-2011-4926.yaml index acf47fd5e3..decfdfeee6 100644 --- a/cves/2011/CVE-2011-4926.yaml +++ b/cves/2011/CVE-2011-4926.yaml @@ -1,7 +1,7 @@ id: CVE-2011-4926 info: - name: Adminimize 1.7.22 - Reflected Cross-Site Scripting + name: Adminimize 1.7.22 - Cross-Site Scripting author: daffainfo severity: medium description: A cross-site scripting vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. diff --git a/cves/2011/CVE-2011-5106.yaml b/cves/2011/CVE-2011-5106.yaml index 3e03b844e6..031d518512 100644 --- a/cves/2011/CVE-2011-5106.yaml +++ b/cves/2011/CVE-2011-5106.yaml @@ -1,7 +1,7 @@ id: CVE-2011-5106 info: - name: WordPress Plugin Flexible Custom Post Type < 0.1.7 - Reflected Cross-Site Scripting + name: WordPress Plugin Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting author: daffainfo severity: medium description: A cross-site scripting vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter. diff --git a/cves/2011/CVE-2011-5107.yaml b/cves/2011/CVE-2011-5107.yaml index 38adf69e48..12f1dd5f56 100644 --- a/cves/2011/CVE-2011-5107.yaml +++ b/cves/2011/CVE-2011-5107.yaml @@ -1,7 +1,7 @@ id: CVE-2011-5107 info: - name: Alert Before Your Post <= 0.1.1 - Reflected Cross-Site Scripting + name: Alert Before Your Post <= 0.1.1 - Cross-Site Scripting author: daffainfo severity: medium description: A cross-site scripting vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter. diff --git a/cves/2011/CVE-2011-5179.yaml b/cves/2011/CVE-2011-5179.yaml index 11c727ba6e..b5cb25da6d 100644 --- a/cves/2011/CVE-2011-5179.yaml +++ b/cves/2011/CVE-2011-5179.yaml @@ -1,7 +1,7 @@ id: CVE-2011-5179 info: - name: Skysa App Bar 1.04 - Reflected Cross-Site Scripting + name: Skysa App Bar 1.04 - Cross-Site Scripting author: daffainfo severity: medium description: A cross-site scripting vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. diff --git a/cves/2011/CVE-2011-5181.yaml b/cves/2011/CVE-2011-5181.yaml index 6195a52f30..91e39c5c91 100644 --- a/cves/2011/CVE-2011-5181.yaml +++ b/cves/2011/CVE-2011-5181.yaml @@ -1,7 +1,7 @@ id: CVE-2011-5181 info: - name: ClickDesk Live Support Live Chat 2.0 - Reflected Cross-Site Scripting + name: ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting author: daffainfo severity: medium description: A cross-site scripting vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. diff --git a/cves/2011/CVE-2011-5265.yaml b/cves/2011/CVE-2011-5265.yaml index 015774e953..f3b3a24e05 100644 --- a/cves/2011/CVE-2011-5265.yaml +++ b/cves/2011/CVE-2011-5265.yaml @@ -1,7 +1,7 @@ id: CVE-2011-5265 info: - name: Featurific For WordPress 1.6.2 - Reflected Cross-Site Scripting + name: Featurific For WordPress 1.6.2 - Cross-Site Scripting author: daffainfo severity: medium description: A cross-site scripting vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter. diff --git a/cves/2012/CVE-2012-0901.yaml b/cves/2012/CVE-2012-0901.yaml index d4a41a2639..a8ca09950e 100644 --- a/cves/2012/CVE-2012-0901.yaml +++ b/cves/2012/CVE-2012-0901.yaml @@ -1,7 +1,7 @@ id: CVE-2012-0901 info: - name: YouSayToo auto-publishing 1.0 - Reflected Cross-Site Scripting + name: YouSayToo auto-publishing 1.0 - Cross-Site Scripting author: daffainfo severity: medium description: A cross-site scripting vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. diff --git a/cves/2012/CVE-2012-1835.yaml b/cves/2012/CVE-2012-1835.yaml index 8b03944d19..dd6dc50478 100644 --- a/cves/2012/CVE-2012-1835.yaml +++ b/cves/2012/CVE-2012-1835.yaml @@ -1,7 +1,7 @@ id: CVE-2012-1835 info: - name: WordPress Plugin All-in-One Event Calendar 1.4 - Reflected Cross-Site Scripting + name: WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting author: daffainfo severity: medium description: Multiple cross-site scripting vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php. diff --git a/cves/2012/CVE-2012-2371.yaml b/cves/2012/CVE-2012-2371.yaml index 336b9b3b9e..5cf4afa804 100644 --- a/cves/2012/CVE-2012-2371.yaml +++ b/cves/2012/CVE-2012-2371.yaml @@ -1,7 +1,7 @@ id: CVE-2012-2371 info: - name: WP-FaceThumb 0.1 - Reflected Cross-Site Scripting + name: WP-FaceThumb 0.1 - Cross-Site Scripting author: daffainfo severity: medium description: A cross-site scripting vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter. diff --git a/cves/2012/CVE-2012-4242.yaml b/cves/2012/CVE-2012-4242.yaml index e64ad9df3c..75a75271c1 100644 --- a/cves/2012/CVE-2012-4242.yaml +++ b/cves/2012/CVE-2012-4242.yaml @@ -1,7 +1,7 @@ id: CVE-2012-4242 info: - name: WordPress Plugin MF Gig Calendar 0.9.2 - Reflected Cross-Site Scripting + name: WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting author: daffainfo severity: medium description: A cross-site scripting vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page. diff --git a/cves/2012/CVE-2012-4273.yaml b/cves/2012/CVE-2012-4273.yaml index 78c024dfd4..8143853716 100644 --- a/cves/2012/CVE-2012-4273.yaml +++ b/cves/2012/CVE-2012-4273.yaml @@ -1,7 +1,7 @@ id: CVE-2012-4273 info: - name: 2 Click Socialmedia Buttons < 0.34 - Reflected Cross Site Scripting + name: 2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting author: daffainfo severity: medium description: A cross-site scripting vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. diff --git a/cves/2012/CVE-2012-4768.yaml b/cves/2012/CVE-2012-4768.yaml index a82f0d6a69..0e320533e6 100644 --- a/cves/2012/CVE-2012-4768.yaml +++ b/cves/2012/CVE-2012-4768.yaml @@ -1,7 +1,7 @@ id: CVE-2012-4768 info: - name: WordPress Plugin Download Monitor < 3.3.5.9 - Reflected Cross-Site Scripting + name: WordPress Plugin Download Monitor < 3.3.5.9 - Cross-Site Scripting author: daffainfo severity: medium description: A cross-site scripting vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI. diff --git a/cves/2012/CVE-2012-4889.yaml b/cves/2012/CVE-2012-4889.yaml index 1240231752..2162408cda 100644 --- a/cves/2012/CVE-2012-4889.yaml +++ b/cves/2012/CVE-2012-4889.yaml @@ -1,7 +1,7 @@ id: CVE-2012-4889 info: - name: ManageEngine Firewall Analyzer 7.2 - Reflected Cross Site Scripting + name: ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting author: daffainfo severity: medium description: Multiple cross-site scripting vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do. diff --git a/cves/2012/CVE-2012-5913.yaml b/cves/2012/CVE-2012-5913.yaml index 8ee8c216c7..d4fe46fa32 100644 --- a/cves/2012/CVE-2012-5913.yaml +++ b/cves/2012/CVE-2012-5913.yaml @@ -1,7 +1,7 @@ id: CVE-2012-5913 info: - name: WordPress Integrator 1.32 - Reflected Cross-Site Scripting + name: WordPress Integrator 1.32 - Cross-Site Scripting author: daffainfo severity: medium description: A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php. diff --git a/cves/2013/CVE-2013-2287.yaml b/cves/2013/CVE-2013-2287.yaml index 9d2e681a37..bb925ae363 100644 --- a/cves/2013/CVE-2013-2287.yaml +++ b/cves/2013/CVE-2013-2287.yaml @@ -1,7 +1,7 @@ id: CVE-2013-2287 info: - name: WordPress Plugin Uploader 1.0.4 - Reflected Cross-Site Scripting + name: WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting author: daffainfo severity: medium description: Multiple cross-site scripting vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter. diff --git a/cves/2013/CVE-2013-3526.yaml b/cves/2013/CVE-2013-3526.yaml index 844ec4aca0..3e3a9b5aa2 100644 --- a/cves/2013/CVE-2013-3526.yaml +++ b/cves/2013/CVE-2013-3526.yaml @@ -1,7 +1,7 @@ id: CVE-2013-3526 info: - name: WordPress Plugin Traffic Analyzer - 'aoid' Reflected Cross-Site Scripting + name: WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting author: daffainfo severity: medium description: A cross-site scripting vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter." diff --git a/cves/2013/CVE-2013-4117.yaml b/cves/2013/CVE-2013-4117.yaml index fd7b3fdb0d..1d687a148e 100644 --- a/cves/2013/CVE-2013-4117.yaml +++ b/cves/2013/CVE-2013-4117.yaml @@ -1,7 +1,7 @@ id: CVE-2013-4117 info: - name: WordPress Plugin Category Grid View Gallery 2.3.1 - Reflected Cross-Site Scripting + name: WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting author: daffainfo severity: medium description: A cross-site scripting vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter. diff --git a/cves/2013/CVE-2013-4625.yaml b/cves/2013/CVE-2013-4625.yaml index 4d9ceaff95..db3dc3261f 100644 --- a/cves/2013/CVE-2013-4625.yaml +++ b/cves/2013/CVE-2013-4625.yaml @@ -1,7 +1,7 @@ id: CVE-2013-4625 info: - name: WordPress Plugin Duplicator < 0.4.5 - Reflected Cross-Site Scripting + name: WordPress Plugin Duplicator < 0.4.5 - Cross-Site Scripting author: daffainfo severity: medium description: A cross-site scripting vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter. diff --git a/cves/2014/CVE-2014-4513.yaml b/cves/2014/CVE-2014-4513.yaml index 96a706f261..cda22cdb15 100644 --- a/cves/2014/CVE-2014-4513.yaml +++ b/cves/2014/CVE-2014-4513.yaml @@ -1,7 +1,7 @@ id: CVE-2014-4513 info: - name: ActiveHelper LiveHelp Server 3.1.0 - Reflected Cross-Site Scripting + name: ActiveHelper LiveHelp Server 3.1.0 - Cross-Site Scripting author: daffainfo severity: medium description: Multiple cross-site scripting vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter. diff --git a/cves/2014/CVE-2014-4535.yaml b/cves/2014/CVE-2014-4535.yaml index 9f511ac281..292351960a 100644 --- a/cves/2014/CVE-2014-4535.yaml +++ b/cves/2014/CVE-2014-4535.yaml @@ -1,7 +1,7 @@ id: CVE-2014-4535 info: - name: Import Legacy Media <= 0.1 - Unauthenticated Reflected Cross-Site Scripting + name: Import Legacy Media <= 0.1 - Cross-Site Scripting author: daffainfo severity: medium description: A cross-site scripting vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. @@ -14,7 +14,7 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4535 cwe-id: CWE-79 - tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss + tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth requests: - method: GET diff --git a/cves/2014/CVE-2014-4536.yaml b/cves/2014/CVE-2014-4536.yaml index 08c92acd7f..3bc8f45b92 100644 --- a/cves/2014/CVE-2014-4536.yaml +++ b/cves/2014/CVE-2014-4536.yaml @@ -1,7 +1,7 @@ id: CVE-2014-4536 info: - name: Infusionsoft Gravity Forms Add-on < 1.5.7 - Unauthenticated Reflected Cross-Site Scripting + name: Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting author: daffainfo severity: medium description: Multiple cross-site scripting vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter. @@ -17,7 +17,7 @@ info: cwe-id: CWE-79 metadata: google-query: inurl:"/wp-content/plugins/infusionsoft/Infusionsoft/" - tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss + tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth requests: - method: GET diff --git a/cves/2014/CVE-2014-4539.yaml b/cves/2014/CVE-2014-4539.yaml index d0f675dbe7..94b663a884 100644 --- a/cves/2014/CVE-2014-4539.yaml +++ b/cves/2014/CVE-2014-4539.yaml @@ -1,7 +1,7 @@ id: CVE-2014-4539 info: - name: Movies <= 0.6 - Unauthenticated Reflected Cross-Site Scripting + name: Movies <= 0.6 - Cross-Site Scripting author: daffainfo severity: medium description: A cross-site scripting vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. @@ -14,7 +14,7 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4539 cwe-id: CWE-79 - tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014 + tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014,unauth requests: - method: GET diff --git a/cves/2014/CVE-2014-4544.yaml b/cves/2014/CVE-2014-4544.yaml index 9736f2741c..939d1ca226 100644 --- a/cves/2014/CVE-2014-4544.yaml +++ b/cves/2014/CVE-2014-4544.yaml @@ -1,7 +1,7 @@ id: CVE-2014-4544 info: - name: Podcast Channels < 0.28 - Unauthenticated Reflected Cross-Site Scripting + name: Podcast Channels < 0.28 - Cross-Site Scripting author: daffainfo severity: medium description: The Podcast Channels WordPress plugin was affected by an unauthenticated reflected cross-site scripting security vulnerability. @@ -14,7 +14,7 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4544 cwe-id: CWE-79 - tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss + tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth requests: - method: GET diff --git a/cves/2014/CVE-2014-4550.yaml b/cves/2014/CVE-2014-4550.yaml index 0a91783d69..e9a6830b42 100644 --- a/cves/2014/CVE-2014-4550.yaml +++ b/cves/2014/CVE-2014-4550.yaml @@ -1,7 +1,7 @@ id: CVE-2014-4550 info: - name: Shortcode Ninja <= 1.4 - Unauthenticated Reflected Cross-Site Scripting + name: Shortcode Ninja <= 1.4 - Cross-Site Scripting author: daffainfo severity: medium description: A cross-site scripting vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter. @@ -16,7 +16,7 @@ info: cwe-id: CWE-79 metadata: google-query: inurl:"/wp-content/plugins/shortcode-ninja" - tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014 + tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014,unauth requests: - method: GET diff --git a/cves/2014/CVE-2014-4558.yaml b/cves/2014/CVE-2014-4558.yaml index 280f1137be..1566035c02 100644 --- a/cves/2014/CVE-2014-4558.yaml +++ b/cves/2014/CVE-2014-4558.yaml @@ -1,7 +1,7 @@ id: CVE-2014-4558 info: - name: WooCommerce Swipe <= 2.7.1 - Unauthenticated Reflected Cross-Site Scripting + name: WooCommerce Swipe <= 2.7.1 - Cross-Site Scripting author: daffainfo severity: medium description: A cross-site scripting vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter. @@ -14,7 +14,7 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4558 cwe-id: CWE-79 - tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,woocommerce + tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,woocommerce,unauth requests: - method: GET diff --git a/cves/2014/CVE-2014-4561.yaml b/cves/2014/CVE-2014-4561.yaml index 17da9ecfca..878abafb7a 100644 --- a/cves/2014/CVE-2014-4561.yaml +++ b/cves/2014/CVE-2014-4561.yaml @@ -1,7 +1,7 @@ id: CVE-2014-4561 info: - name: Ultimate Weather Plugin <= 1.0 - Unauthenticated Reflected Cross-Site Scripting + name: Ultimate Weather Plugin <= 1.0 - Cross-Site Scripting author: daffainfo severity: medium description: The ultimate-weather plugin 1.0 for WordPress contains a cross-site scripting vulnerability. @@ -14,7 +14,7 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4561 cwe-id: CWE-79 - tags: cve,cve2014,wordpress,wp-plugin,xss,weather,wpscan + tags: cve,cve2014,wordpress,wp-plugin,xss,weather,wpscan,unauth requests: - method: GET diff --git a/cves/2014/CVE-2014-4592.yaml b/cves/2014/CVE-2014-4592.yaml index 462d1ba751..35eb2a7082 100644 --- a/cves/2014/CVE-2014-4592.yaml +++ b/cves/2014/CVE-2014-4592.yaml @@ -1,7 +1,7 @@ id: CVE-2014-4592 info: - name: WP Planet <= 0.1 - Unauthenticated Reflected Cross-Site Scripting + name: WP Planet <= 0.1 - Cross-Site Scripting author: daffainfo severity: medium description: A cross-site scripting vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. @@ -16,7 +16,7 @@ info: cwe-id: CWE-79 metadata: google-query: inurl:"/wp-content/plugins/wp-planet" - tags: cve2014,wordpress,wp-plugin,xss,wpscan,cve + tags: cve2014,wordpress,wp-plugin,xss,wpscan,cve,unauth requests: - method: GET diff --git a/cves/2014/CVE-2014-9094.yaml b/cves/2014/CVE-2014-9094.yaml index 4056b74a4b..a28b8785e1 100644 --- a/cves/2014/CVE-2014-9094.yaml +++ b/cves/2014/CVE-2014-9094.yaml @@ -1,7 +1,7 @@ id: CVE-2014-9094 info: - name: WordPress DZS-VideoGallery Plugin Reflected Cross-Site Scripting + name: WordPress DZS-VideoGallery Plugin Cross-Site Scripting author: daffainfo severity: medium description: Multiple cross-site scripting vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter. diff --git a/cves/2014/CVE-2014-9444.yaml b/cves/2014/CVE-2014-9444.yaml index f84a8029e0..948b7d93e2 100644 --- a/cves/2014/CVE-2014-9444.yaml +++ b/cves/2014/CVE-2014-9444.yaml @@ -1,7 +1,7 @@ id: CVE-2014-9444 info: - name: Frontend Uploader <= 0.9.2 - Unauthenticated Cross-Site Scripting + name: Frontend Uploader <= 0.9.2 - Cross-Site Scripting author: daffainfo severity: medium description: The Frontend Uploader WordPress plugin prior to v.0.9.2 was affected by an unauthenticated Cross-Site Scripting security vulnerability. @@ -12,7 +12,7 @@ info: - http://web.archive.org/web/20210122092924/https://www.securityfocus.com/bid/71808/ classification: cve-id: CVE-2014-9444 - tags: wp-plugin,xss,wpscan,packetstorm,cve,cve2014,wordpress + tags: wp-plugin,xss,wpscan,packetstorm,cve,cve2014,wordpress,unauth requests: - method: GET diff --git a/cves/2016/CVE-2016-1000141.yaml b/cves/2016/CVE-2016-1000141.yaml index f8ea329515..27b9bd4027 100644 --- a/cves/2016/CVE-2016-1000141.yaml +++ b/cves/2016/CVE-2016-1000141.yaml @@ -1,7 +1,7 @@ id: CVE-2016-1000141 info: - name: WordPress Page Layout builder v1.9.3 - Reflected Cross-Site Scripting + name: WordPress Page Layout builder v1.9.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress plugin Page-layout-builder v1.9.3 contains a cross-site scripting vulnerability. diff --git a/cves/2017/CVE-2017-14651.yaml b/cves/2017/CVE-2017-14651.yaml index 401d1e3040..c4f88c893d 100644 --- a/cves/2017/CVE-2017-14651.yaml +++ b/cves/2017/CVE-2017-14651.yaml @@ -1,7 +1,7 @@ id: CVE-2017-14651 info: - name: WSO2 Data Analytics Server 3.1.0 - Reflected Cross-Site Scripting + name: WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting author: mass0ma severity: medium description: WSO2 Data Analytics Server 3.1.0 is susceptible to cross-site scripting in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. diff --git a/cves/2018/CVE-2018-11709.yaml b/cves/2018/CVE-2018-11709.yaml index fc3353a738..75ba0bc4e5 100644 --- a/cves/2018/CVE-2018-11709.yaml +++ b/cves/2018/CVE-2018-11709.yaml @@ -1,7 +1,7 @@ id: CVE-2018-11709 info: - name: WordPress wpForo Forum <= 1.4.11 - Reflected Cross-Site Scripting + name: WordPress wpForo Forum <= 1.4.11 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress wpForo Forum plugin before 1.4.12 for WordPress allows unauthenticated reflected cross-site scripting via the URI. diff --git a/cves/2019/CVE-2019-7255.yaml b/cves/2019/CVE-2019-7255.yaml index 580935eb48..8d09e1e171 100644 --- a/cves/2019/CVE-2019-7255.yaml +++ b/cves/2019/CVE-2019-7255.yaml @@ -1,7 +1,7 @@ id: CVE-2019-7255 info: - name: Linear eMerge E3 - Cross Site Scripting + name: Linear eMerge E3 - Cross-Site Scripting author: arafatansari severity: medium description: | diff --git a/cves/2020/CVE-2020-13258.yaml b/cves/2020/CVE-2020-13258.yaml index b2b22fb318..b6a2df338a 100644 --- a/cves/2020/CVE-2020-13258.yaml +++ b/cves/2020/CVE-2020-13258.yaml @@ -1,7 +1,7 @@ id: CVE-2020-13258 info: - name: Contentful - Reflected XSS + name: Contentful - Cross-Site Scripting author: pikpikcu severity: medium description: | diff --git a/cves/2020/CVE-2020-13483.yaml b/cves/2020/CVE-2020-13483.yaml index 82a960c043..9b9c930456 100644 --- a/cves/2020/CVE-2020-13483.yaml +++ b/cves/2020/CVE-2020-13483.yaml @@ -1,7 +1,7 @@ id: CVE-2020-13483 info: - name: Bitrix24 through 20.0.0 allows XSS + name: Bitrix24 through 20.0.0 allows Cross-Site Scripting author: pikpikcu,3th1c_yuk1 severity: medium description: The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI. diff --git a/cves/2020/CVE-2020-17362.yaml b/cves/2020/CVE-2020-17362.yaml index 47dd6f957c..45e363b48f 100644 --- a/cves/2020/CVE-2020-17362.yaml +++ b/cves/2020/CVE-2020-17362.yaml @@ -1,7 +1,7 @@ id: CVE-2020-17362 info: - name: Nova Lite < 1.3.9 - Unauthenticated Reflected Cross-Site Scripting + name: Nova Lite < 1.3.9 - Cross-Site Scripting author: daffainfo severity: medium description: Nova Lite before 1.3.9 for WordPress is susceptible to reflected cross-site scripting via search.php. @@ -14,7 +14,7 @@ info: cvss-score: 6.1 cve-id: CVE-2020-17362 cwe-id: CWE-79 - tags: wordpress,xss,wp-plugin,wpscan,cve,cve2020 + tags: wordpress,xss,wp-plugin,wpscan,cve,cve2020,unauth requests: - method: GET diff --git a/cves/2021/CVE-2021-24276.yaml b/cves/2021/CVE-2021-24276.yaml index 0b8ad626a2..ec7218f3a6 100644 --- a/cves/2021/CVE-2021-24276.yaml +++ b/cves/2021/CVE-2021-24276.yaml @@ -1,7 +1,7 @@ id: CVE-2021-24276 info: - name: Contact Form by Supsystic < 1.7.15 - Reflected Cross-Site scripting (XSS) + name: Contact Form by Supsystic < 1.7.15 - Cross-Site Scripting author: dhiyaneshDK severity: medium description: The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue diff --git a/cves/2021/CVE-2021-24291.yaml b/cves/2021/CVE-2021-24291.yaml index 24a2882f42..68c1a0d8e6 100644 --- a/cves/2021/CVE-2021-24291.yaml +++ b/cves/2021/CVE-2021-24291.yaml @@ -1,7 +1,7 @@ id: CVE-2021-24291 info: - name: Photo Gallery < 1.5.69 - Multiple Reflected Cross-Site Scripting (XSS) + name: Photo Gallery < 1.5.69 - Multiple Cross-Site Scripting author: geeknik severity: medium description: The plugin was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and theme_id GET parameters passed to the bwg_frontend_data AJAX action (available to both unauthenticated and authenticated users) diff --git a/cves/2021/CVE-2021-24298.yaml b/cves/2021/CVE-2021-24298.yaml index 038018b3af..c6931cbcca 100644 --- a/cves/2021/CVE-2021-24298.yaml +++ b/cves/2021/CVE-2021-24298.yaml @@ -1,7 +1,7 @@ id: CVE-2021-24298 info: - name: Simple Giveaways < 2.36.2 - Reflected Cross-Site Scripting (XSS) + name: Simple Giveaways < 2.36.2 - Cross-Site Scripting author: daffainfo severity: medium description: The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS diff --git a/cves/2021/CVE-2021-24746.yaml b/cves/2021/CVE-2021-24746.yaml index b4e3fe166e..46fe96c882 100644 --- a/cves/2021/CVE-2021-24746.yaml +++ b/cves/2021/CVE-2021-24746.yaml @@ -1,7 +1,7 @@ id: CVE-2021-24746 info: - name: WordPress Sassy Social Share Plugin - Reflected XSS + name: WordPress Sassy Social Share Plugin - Cross-Site Scripting author: Supras severity: medium description: WP plugin Sassy Social Share < 3.3.40 - Reflected Cross-Site Scripting diff --git a/cves/2021/CVE-2021-25055.yaml b/cves/2021/CVE-2021-25055.yaml index f9c1230c60..981b00395a 100644 --- a/cves/2021/CVE-2021-25055.yaml +++ b/cves/2021/CVE-2021-25055.yaml @@ -1,7 +1,7 @@ id: CVE-2021-25055 info: - name: WordPress FeedWordPress < 2022.0123 - Authenticated Reflected Cross-Site Scripting + name: WordPress FeedWordPress < 2022.0123 - Authenticated Cross-Site Scripting author: DhiyaneshDK severity: medium description: | diff --git a/cves/2021/CVE-2021-25085.yaml b/cves/2021/CVE-2021-25085.yaml index 332e87d772..250ce81d36 100644 --- a/cves/2021/CVE-2021-25085.yaml +++ b/cves/2021/CVE-2021-25085.yaml @@ -1,7 +1,7 @@ id: CVE-2021-25085 info: - name: WOOF WordPress plugin - Reflected Cross-Site Scripting + name: WOOF WordPress plugin - Cross-Site Scripting author: Maximus Decimus severity: medium description: | diff --git a/cves/2021/CVE-2021-25112.yaml b/cves/2021/CVE-2021-25112.yaml index 4ab1f55643..e31827e4f3 100644 --- a/cves/2021/CVE-2021-25112.yaml +++ b/cves/2021/CVE-2021-25112.yaml @@ -1,7 +1,7 @@ id: CVE-2021-25112 info: - name: WHMCS Bridge < 6.4b - Cross-Site Scripting (XSS) + name: WHMCS Bridge < 6.4b - Cross-Site Scripting author: dhiyaneshDk severity: medium description: | diff --git a/cves/2021/CVE-2021-31682.yaml b/cves/2021/CVE-2021-31682.yaml index 84cf77c107..742659d2c8 100644 --- a/cves/2021/CVE-2021-31682.yaml +++ b/cves/2021/CVE-2021-31682.yaml @@ -1,7 +1,7 @@ id: CVE-2021-31682 info: - name: WebCTRL OEM <= 6.5 Reflected Cross-Site Scripting + name: WebCTRL OEM <= 6.5 Cross-Site Scripting author: gy741,dhiyaneshDk severity: medium description: WebCTRL OEM 6.5 and prior is susceptible to a cross-site scripting vulnerability because the login portal does not sanitize the operatorlocale GET parameter. diff --git a/cves/2021/CVE-2021-35265.yaml b/cves/2021/CVE-2021-35265.yaml index 4acd2368ef..b60202d0af 100644 --- a/cves/2021/CVE-2021-35265.yaml +++ b/cves/2021/CVE-2021-35265.yaml @@ -1,7 +1,7 @@ id: CVE-2021-35265 info: - name: MaxSite CMS XSS + name: MaxSite CMS Cross-Site Scripting author: pikpikcu severity: medium description: A reflected cross-site scripting vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page." diff --git a/cves/2021/CVE-2021-35488.yaml b/cves/2021/CVE-2021-35488.yaml index 47868b981c..34cafc6957 100644 --- a/cves/2021/CVE-2021-35488.yaml +++ b/cves/2021/CVE-2021-35488.yaml @@ -1,7 +1,7 @@ id: CVE-2021-35488 info: - name: Thruk 2.40-2 - Cross Site Scripting + name: Thruk 2.40-2 - Cross-Site Scripting author: arafatansari severity: medium description: | diff --git a/cves/2021/CVE-2021-37573.yaml b/cves/2021/CVE-2021-37573.yaml index 29b89b20ed..a94a5f346a 100644 --- a/cves/2021/CVE-2021-37573.yaml +++ b/cves/2021/CVE-2021-37573.yaml @@ -1,7 +1,7 @@ id: CVE-2021-37573 info: - name: Tiny Java Web Server - Reflected Cross-Site Scripting + name: Tiny Java Web Server - Cross-Site Scripting author: geeknik severity: medium description: A reflected cross-site scripting vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's "404 Page not Found" error page. diff --git a/cves/2021/CVE-2021-38704.yaml b/cves/2021/CVE-2021-38704.yaml index cfe5058168..2604758623 100644 --- a/cves/2021/CVE-2021-38704.yaml +++ b/cves/2021/CVE-2021-38704.yaml @@ -1,7 +1,7 @@ id: CVE-2021-38704 info: - name: ClinicCases 7.3.3 Reflected Cross-Site Scripting + name: ClinicCases 7.3.3 Cross-Site Scripting author: alph4byt3 severity: medium description: ClinicCases 7.3.3 is susceptible to multiple reflected cross-site scripting vulnerabilities that could allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft. diff --git a/cves/2021/CVE-2021-39320.yaml b/cves/2021/CVE-2021-39320.yaml index 9eb029ca6d..ee5d215641 100644 --- a/cves/2021/CVE-2021-39320.yaml +++ b/cves/2021/CVE-2021-39320.yaml @@ -1,7 +1,7 @@ id: CVE-2021-39320 info: - name: WordPress underConstruction Plugin< 1.19 - Reflected Cross-Site Scripting + name: WordPress underConstruction Plugin< 1.19 - Cross-Site Scripting author: dhiyaneshDK severity: medium description: The underConstruction plugin <= 1.18 for WordPress echoes out the raw value of `$GLOBALS['PHP_SELF']` in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected cross-site scripting attack by injecting malicious code in the request path. diff --git a/cves/2021/CVE-2021-39322.yaml b/cves/2021/CVE-2021-39322.yaml index fc508423ff..cfa84f8dad 100644 --- a/cves/2021/CVE-2021-39322.yaml +++ b/cves/2021/CVE-2021-39322.yaml @@ -1,7 +1,7 @@ id: CVE-2021-39322 info: - name: WordPress Easy Social Icons Plugin < 3.0.9 - Reflected Cross-Site Scripting + name: WordPress Easy Social Icons Plugin < 3.0.9 - Cross-Site Scripting author: dhiyaneshDK severity: medium description: The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw value of `$_SERVER['PHP_SELF']` in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected cross-site scripting attack by injecting malicious code in the request path. diff --git a/cves/2021/CVE-2021-39350.yaml b/cves/2021/CVE-2021-39350.yaml index c105bdb232..59733c6f05 100644 --- a/cves/2021/CVE-2021-39350.yaml +++ b/cves/2021/CVE-2021-39350.yaml @@ -1,7 +1,7 @@ id: CVE-2021-39350 info: - name: FV Flowplayer Video Player WordPress plugin - Authenticated Reflected Cross-Site Scripting + name: FV Flowplayer Video Player WordPress plugin - Authenticated Cross-Site Scripting author: gy741 severity: medium description: The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows attackers to inject arbitrary web scripts in versions 7.5.0.727 - 7.5.2.727. diff --git a/cves/2021/CVE-2021-40542.yaml b/cves/2021/CVE-2021-40542.yaml index c38b653514..2afe42ecd1 100644 --- a/cves/2021/CVE-2021-40542.yaml +++ b/cves/2021/CVE-2021-40542.yaml @@ -1,7 +1,7 @@ id: CVE-2021-40542 info: - name: Opensis-Classic 8.0 - Reflected Cross-Site Scripting + name: Opensis-Classic 8.0 - Cross-Site Scripting author: alph4byt3 severity: medium description: | diff --git a/cves/2021/CVE-2021-41349.yaml b/cves/2021/CVE-2021-41349.yaml index d45b5e686f..f64dfee974 100644 --- a/cves/2021/CVE-2021-41349.yaml +++ b/cves/2021/CVE-2021-41349.yaml @@ -1,7 +1,7 @@ id: CVE-2021-41349 info: - name: Microsoft Exchange Server Pre-Auth POST Based Reflected Cross-Site Scripting + name: Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting author: rootxharsh,iamnoooob severity: medium description: Microsoft Exchange Server is vulnerable to a spoofing vulnerability. Be aware this CVE ID is unique from CVE-2021-42305. diff --git a/cves/2021/CVE-2021-41467.yaml b/cves/2021/CVE-2021-41467.yaml index d82d191d05..616ba257a0 100644 --- a/cves/2021/CVE-2021-41467.yaml +++ b/cves/2021/CVE-2021-41467.yaml @@ -1,7 +1,7 @@ id: CVE-2021-41467 info: - name: JustWriting - Reflected Cross-Site Scripting + name: JustWriting - Cross-Site Scripting author: madrobot severity: medium description: A cross-site scripting vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter. diff --git a/cves/2021/CVE-2021-41878.yaml b/cves/2021/CVE-2021-41878.yaml index 5c1412624c..2dee76be4a 100644 --- a/cves/2021/CVE-2021-41878.yaml +++ b/cves/2021/CVE-2021-41878.yaml @@ -1,7 +1,7 @@ id: CVE-2021-41878 info: - name: i-Panel Administration System - Reflected Cross-Site Scripting + name: i-Panel Administration System - Cross-Site Scripting author: madrobot severity: medium description: A reflected cross-site scripting vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console. diff --git a/cves/2021/CVE-2021-41951.yaml b/cves/2021/CVE-2021-41951.yaml index 276e63651a..2e88f62361 100644 --- a/cves/2021/CVE-2021-41951.yaml +++ b/cves/2021/CVE-2021-41951.yaml @@ -1,7 +1,7 @@ id: CVE-2021-41951 info: - name: Resourcespace - Reflected Cross-Site Scripting + name: Resourcespace - Cross-Site Scripting author: coldfish severity: medium description: ResourceSpace before 9.6 rev 18290 is affected by a reflected cross-site scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. diff --git a/cves/2021/CVE-2021-42551.yaml b/cves/2021/CVE-2021-42551.yaml index 020ace78d8..b3d372976f 100644 --- a/cves/2021/CVE-2021-42551.yaml +++ b/cves/2021/CVE-2021-42551.yaml @@ -1,7 +1,7 @@ id: CVE-2021-42551 info: - name: NetBiblio WebOPAC - Reflected Cross-Site Scripting + name: NetBiblio WebOPAC - Cross-Site Scripting author: compr00t severity: medium description: NetBiblio WebOPAC before 4.0.0.320 is affected by a reflected cross-site scripting vulnerability in its Wikipedia module through /NetBiblio/search/shortview via the searchTerm parameter. diff --git a/cves/2021/CVE-2021-42565.yaml b/cves/2021/CVE-2021-42565.yaml index bd4c2bc4c6..e2eb25ff0b 100644 --- a/cves/2021/CVE-2021-42565.yaml +++ b/cves/2021/CVE-2021-42565.yaml @@ -1,7 +1,7 @@ id: CVE-2021-42565 info: - name: myfactory FMS - Reflected Cross-Site Scripting + name: myfactory FMS - Cross-Site Scripting author: madrobot severity: medium description: myfactory.FMS before 7.1-912 allows cross-site scripting via the UID parameter. diff --git a/cves/2021/CVE-2021-42566.yaml b/cves/2021/CVE-2021-42566.yaml index 2ba8f6ef60..cff2373649 100644 --- a/cves/2021/CVE-2021-42566.yaml +++ b/cves/2021/CVE-2021-42566.yaml @@ -1,7 +1,7 @@ id: CVE-2021-42566 info: - name: myfactory FMS - Reflected Cross-Site Scripting + name: myfactory FMS - Cross-Site Scripting author: madrobot severity: medium description: myfactory.FMS before 7.1-912 allows cross-site scripting via the Error parameter. diff --git a/cves/2021/CVE-2021-42567.yaml b/cves/2021/CVE-2021-42567.yaml index 3b77599b4c..2e849316d8 100644 --- a/cves/2021/CVE-2021-42567.yaml +++ b/cves/2021/CVE-2021-42567.yaml @@ -1,7 +1,7 @@ id: CVE-2021-42567 info: - name: Apereo CAS Reflected Cross-Site Scripting + name: Apereo CAS Cross-Site Scripting author: pdteam severity: medium description: Apereo CAS through 6.4.1 allows cross-site scripting via POST requests sent to the REST API endpoints. diff --git a/cves/2021/CVE-2021-42663.yaml b/cves/2021/CVE-2021-42663.yaml index ac83a50f03..a42cff3922 100644 --- a/cves/2021/CVE-2021-42663.yaml +++ b/cves/2021/CVE-2021-42663.yaml @@ -1,7 +1,7 @@ id: CVE-2021-42663 info: - name: Online Event Booking and Reservation System version 2.3.0 - Cross Site Scripting + name: Online Event Booking and Reservation System version 2.3.0 - Cross-Site Scripting author: fxploit severity: medium description: | diff --git a/cves/2021/CVE-2021-43062.yaml b/cves/2021/CVE-2021-43062.yaml index 3336b04453..e610c2d95c 100644 --- a/cves/2021/CVE-2021-43062.yaml +++ b/cves/2021/CVE-2021-43062.yaml @@ -1,7 +1,7 @@ id: CVE-2021-43062 info: - name: Fortinet FortiMail 7.0.1 - Reflected Cross-Site Scripting + name: Fortinet FortiMail 7.0.1 - Cross-Site Scripting author: ajaysenr severity: medium description: A cross-site scripting vulnerability in FortiMail may allow an unauthenticated attacker to perform an attack via specially crafted HTTP GET requests to the FortiGuard URI protection service. diff --git a/cves/2021/CVE-2021-43574.yaml b/cves/2021/CVE-2021-43574.yaml index dfdc249e10..ff848dc2e5 100644 --- a/cves/2021/CVE-2021-43574.yaml +++ b/cves/2021/CVE-2021-43574.yaml @@ -1,7 +1,7 @@ id: CVE-2021-43574 info: - name: Atmail Hosting Webserver 6.5.0 - Cross-site scripting + name: Atmail Hosting Webserver 6.5.0 - Cross-Site scripting author: arafatansari,ritikchaddha severity: medium description: | diff --git a/cves/2021/CVE-2021-43810.yaml b/cves/2021/CVE-2021-43810.yaml index df7e4382d6..27ab5a6bbf 100644 --- a/cves/2021/CVE-2021-43810.yaml +++ b/cves/2021/CVE-2021-43810.yaml @@ -1,7 +1,7 @@ id: CVE-2021-43810 info: - name: Admidio - Reflected Cross-Site Scripting + name: Admidio - Cross-Site Scripting author: gy741 severity: medium description: A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The reflected cross-site scripting vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts. diff --git a/cves/2021/CVE-2021-45380.yaml b/cves/2021/CVE-2021-45380.yaml index 0f52cd1b00..f02b9d272e 100644 --- a/cves/2021/CVE-2021-45380.yaml +++ b/cves/2021/CVE-2021-45380.yaml @@ -1,7 +1,7 @@ id: CVE-2021-45380 info: - name: AppCMS - Reflected Cross-Site Scripting + name: AppCMS - Cross-Site Scripting author: pikpikcu severity: medium description: AppCMS 2.0.101 has a cross-site scripting vulnerability in \templates\m\inc_head.php. diff --git a/cves/2021/CVE-2021-46068.yaml b/cves/2021/CVE-2021-46068.yaml index 7a775d927e..259a1727f4 100644 --- a/cves/2021/CVE-2021-46068.yaml +++ b/cves/2021/CVE-2021-46068.yaml @@ -1,7 +1,7 @@ id: CVE-2021-46068 info: - name: Vehicle Service Management System - Stored Cross Site Scripting + name: Vehicle Service Management System - Stored Cross-Site Scripting author: TenBird severity: medium description: | diff --git a/cves/2021/CVE-2021-46069.yaml b/cves/2021/CVE-2021-46069.yaml index 9943541cc8..3a81193200 100644 --- a/cves/2021/CVE-2021-46069.yaml +++ b/cves/2021/CVE-2021-46069.yaml @@ -1,7 +1,7 @@ id: CVE-2021-46069 info: - name: Vehicle Service Management System - Stored Cross Site Scripting + name: Vehicle Service Management System - Stored Cross-Site Scripting author: TenBird severity: medium description: | diff --git a/cves/2021/CVE-2021-46071.yaml b/cves/2021/CVE-2021-46071.yaml index ef8b1e2fd5..034ee1aa14 100644 --- a/cves/2021/CVE-2021-46071.yaml +++ b/cves/2021/CVE-2021-46071.yaml @@ -1,7 +1,7 @@ id: CVE-2021-46071 info: - name: Vehicle Service Management System - Stored Cross Site Scripting + name: Vehicle Service Management System - Stored Cross-Site Scripting author: TenBird severity: medium description: | diff --git a/cves/2021/CVE-2021-46073.yaml b/cves/2021/CVE-2021-46073.yaml index 97da2817df..1cebe3af22 100644 --- a/cves/2021/CVE-2021-46073.yaml +++ b/cves/2021/CVE-2021-46073.yaml @@ -1,7 +1,7 @@ id: CVE-2021-46073 info: - name: Vehicle Service Management System - Cross Site Scripting + name: Vehicle Service Management System - Cross-Site Scripting author: TenBird severity: medium description: | diff --git a/cves/2022/CVE-2022-0149.yaml b/cves/2022/CVE-2022-0149.yaml index e3abf14b01..edb49b7787 100644 --- a/cves/2022/CVE-2022-0149.yaml +++ b/cves/2022/CVE-2022-0149.yaml @@ -1,7 +1,7 @@ id: CVE-2022-0149 info: - name: WooCommerce Stored Exporter WordPress Plugin < 2.7.1 - Reflected Cross-Site Scripting + name: WooCommerce Stored Exporter WordPress Plugin < 2.7.1 - Cross-Site Scripting author: dhiyaneshDk severity: medium description: The plugin was affected by a reflected cross-site scripting vulnerability in the woo_ce admin page. diff --git a/cves/2022/CVE-2022-0150.yaml b/cves/2022/CVE-2022-0150.yaml index 362d79172a..2c67e25a34 100644 --- a/cves/2022/CVE-2022-0150.yaml +++ b/cves/2022/CVE-2022-0150.yaml @@ -1,7 +1,7 @@ id: CVE-2022-0150 info: - name: WP Accessibility Helper (WAH) < 0.6.0.7 - Cross-Site Scripting (XSS) + name: WP Accessibility Helper (WAH) < 0.6.0.7 - Cross-Site Scripting author: dhiyaneshDK severity: medium description: | diff --git a/cves/2022/CVE-2022-0189.yaml b/cves/2022/CVE-2022-0189.yaml index c5572542f3..bdf0f4db66 100644 --- a/cves/2022/CVE-2022-0189.yaml +++ b/cves/2022/CVE-2022-0189.yaml @@ -1,7 +1,7 @@ id: CVE-2022-0189 info: - name: WordPress RSS Aggregator < 4.20 - Authenticated Reflected Cross-Site Scripting + name: WordPress RSS Aggregator < 4.20 - Authenticated Cross-Site Scripting author: DhiyaneshDK severity: medium description: WordPress RSS Aggregator < 4.20 is susceptible to cross-site scripting. The plugin does not sanitize and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to reflected cross-site scripting. diff --git a/cves/2022/CVE-2022-0201.yaml b/cves/2022/CVE-2022-0201.yaml index 9aaf03e59b..8022b9e23a 100644 --- a/cves/2022/CVE-2022-0201.yaml +++ b/cves/2022/CVE-2022-0201.yaml @@ -1,7 +1,7 @@ id: CVE-2022-0201 info: - name: WordPress Permalink Manager < 2.2.15 - Reflected Cross-Site Scripting + name: WordPress Permalink Manager < 2.2.15 - Cross-Site Scripting author: Akincibor severity: medium description: The plugins do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue. diff --git a/cves/2022/CVE-2022-0208.yaml b/cves/2022/CVE-2022-0208.yaml index 2cb46066fb..c2a190bd8d 100644 --- a/cves/2022/CVE-2022-0208.yaml +++ b/cves/2022/CVE-2022-0208.yaml @@ -1,7 +1,7 @@ id: CVE-2022-0208 info: - name: WordPress Plugin MapPress < 2.73.4 - Reflected XSS + name: WordPress Plugin MapPress < 2.73.4 - Cross-Site Scripting author: edoardottt severity: medium description: The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting. diff --git a/cves/2022/CVE-2022-0220.yaml b/cves/2022/CVE-2022-0220.yaml index b3a8067ef3..5eb263afd0 100644 --- a/cves/2022/CVE-2022-0220.yaml +++ b/cves/2022/CVE-2022-0220.yaml @@ -1,7 +1,7 @@ id: CVE-2022-0220 info: - name: WordPress GDPR & CCPA < 1.9.27 - Unauthenticated Reflected Cross-Site Scripting + name: WordPress GDPR & CCPA < 1.9.27 - Cross-Site Scripting author: daffainfo severity: medium description: | @@ -14,7 +14,7 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0220 cwe-id: CWE-79 - tags: wpscan,cve,cve2022,wordpress,wp-plugin,wp,xss + tags: wpscan,cve,cve2022,wordpress,wp-plugin,wp,xss,unauth requests: - raw: diff --git a/cves/2022/CVE-2022-0271.yaml b/cves/2022/CVE-2022-0271.yaml index 6fbeb1785b..7ea62a5a67 100644 --- a/cves/2022/CVE-2022-0271.yaml +++ b/cves/2022/CVE-2022-0271.yaml @@ -1,7 +1,7 @@ id: CVE-2022-0271 info: - name: LearnPress < 4.1.6 - Reflected Cross-Site Scripting + name: LearnPress < 4.1.6 - Cross-Site Scripting author: Akincibor severity: medium description: The plugin does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting diff --git a/cves/2022/CVE-2022-0288.yaml b/cves/2022/CVE-2022-0288.yaml index b2ebd43bc2..a9a3e0e4c3 100644 --- a/cves/2022/CVE-2022-0288.yaml +++ b/cves/2022/CVE-2022-0288.yaml @@ -1,7 +1,7 @@ id: CVE-2022-0288 info: - name: Ad Inserter < 2.7.10 - Reflected Cross-Site Scripting + name: Ad Inserter < 2.7.10 - Cross-Site Scripting author: DhiyaneshDK severity: medium description: The plugins do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. diff --git a/cves/2022/CVE-2022-0378.yaml b/cves/2022/CVE-2022-0378.yaml index 06c037b536..9cce944e5f 100644 --- a/cves/2022/CVE-2022-0378.yaml +++ b/cves/2022/CVE-2022-0378.yaml @@ -1,7 +1,7 @@ id: CVE-2022-0378 info: - name: Microweber Reflected Cross-Site Scripting + name: Microweber Cross-Site Scripting author: pikpikcu severity: medium description: Microweber contains a reflected cross-site scripting in Packagist microweber/microweber prior to 1.2.11. diff --git a/cves/2022/CVE-2022-0381.yaml b/cves/2022/CVE-2022-0381.yaml index 218010d191..e73eadbacf 100644 --- a/cves/2022/CVE-2022-0381.yaml +++ b/cves/2022/CVE-2022-0381.yaml @@ -1,7 +1,7 @@ id: CVE-2022-0381 info: - name: WordPress Plugin Embed Swagger 1.0.0 - Reflected XSS + name: WordPress Plugin Embed Swagger 1.0.0 - Cross-Site Scripting author: edoardottt severity: medium description: The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping/sanitization and validation via the url parameter found in the ~/swagger-iframe.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and including 1.0.0. diff --git a/cves/2022/CVE-2022-0422.yaml b/cves/2022/CVE-2022-0422.yaml index f17abb7080..8376420ed3 100644 --- a/cves/2022/CVE-2022-0422.yaml +++ b/cves/2022/CVE-2022-0422.yaml @@ -1,7 +1,7 @@ id: CVE-2022-0422 info: - name: WordPress White Label MS < 2.2.9 - Reflected Cross-Site Scripting + name: WordPress White Label MS < 2.2.9 - Cross-Site Scripting author: random-robbie severity: medium description: The plugin does not sanitise and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting issue back in the response, leading to reflected cross-site scripting. diff --git a/cves/2022/CVE-2022-0595.yaml b/cves/2022/CVE-2022-0595.yaml index 63d5982452..13dc5319e6 100644 --- a/cves/2022/CVE-2022-0595.yaml +++ b/cves/2022/CVE-2022-0595.yaml @@ -1,7 +1,7 @@ id: CVE-2022-0595 info: - name: Drag and Drop Multiple File Upload - Contact Form 7 < 1.3.6.3 - Unauthenticated Stored XSS + name: Drag and Drop Multiple File Upload - Contact Form 7 < 1.3.6.3 - Stored Cross-Site Scripting author: akincibor severity: medium description: The plugin allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue. @@ -13,7 +13,7 @@ info: cvss-score: 5.4 cve-id: CVE-2022-0595 cwe-id: CWE-79 - tags: cve,cve2022,xss,wordpress,wp-plugin,wpscan,fileupload,intrusive + tags: cve,cve2022,xss,wordpress,wp-plugin,wpscan,fileupload,intrusive,unauth requests: - raw: diff --git a/cves/2022/CVE-2022-0599.yaml b/cves/2022/CVE-2022-0599.yaml index 811ed04212..b57db64855 100644 --- a/cves/2022/CVE-2022-0599.yaml +++ b/cves/2022/CVE-2022-0599.yaml @@ -1,7 +1,7 @@ id: CVE-2022-0599 info: - name: Mapping Multiple URLs Redirect Same Page <= 5.8 - Reflected Cross-Site Scripting + name: Mapping Multiple URLs Redirect Same Page <= 5.8 - Cross-Site Scripting author: scent2d severity: medium description: | diff --git a/cves/2022/CVE-2022-0776.yaml b/cves/2022/CVE-2022-0776.yaml index d7625fdd21..ccb342d206 100644 --- a/cves/2022/CVE-2022-0776.yaml +++ b/cves/2022/CVE-2022-0776.yaml @@ -1,7 +1,7 @@ id: CVE-2022-0776 info: - name: RevealJS postMessage XSS + name: RevealJS postMessage Cross-Site Scripting author: LogicalHunter severity: medium description: Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0. diff --git a/cves/2022/CVE-2022-0928.yaml b/cves/2022/CVE-2022-0928.yaml index 20801cafe8..2b0f7b1181 100644 --- a/cves/2022/CVE-2022-0928.yaml +++ b/cves/2022/CVE-2022-0928.yaml @@ -1,7 +1,7 @@ id: CVE-2022-0928 info: - name: Microweber - Cross-site Scripting + name: Microweber - Cross-Site Scripting author: amit-jd severity: medium description: | diff --git a/cves/2022/CVE-2022-0954.yaml b/cves/2022/CVE-2022-0954.yaml index 09542ab5a1..22fe60f897 100644 --- a/cves/2022/CVE-2022-0954.yaml +++ b/cves/2022/CVE-2022-0954.yaml @@ -1,7 +1,7 @@ id: CVE-2022-0954 info: - name: Microweber - Cross-site Scripting + name: Microweber - Cross-Site Scripting author: amit-jd severity: medium description: | diff --git a/cves/2022/CVE-2022-1221.yaml b/cves/2022/CVE-2022-1221.yaml index b2ddb555af..557595f1fe 100644 --- a/cves/2022/CVE-2022-1221.yaml +++ b/cves/2022/CVE-2022-1221.yaml @@ -1,7 +1,7 @@ id: CVE-2022-1221 info: - name: Gwyn's Imagemap Selector <= 0.3.3 - Reflected Cross-Site Scripting + name: Gwyn's Imagemap Selector <= 0.3.3 - Cross-Site Scripting author: veshraj severity: medium description: | diff --git a/cves/2022/CVE-2022-1439.yaml b/cves/2022/CVE-2022-1439.yaml index 43ac5740d7..3649501687 100644 --- a/cves/2022/CVE-2022-1439.yaml +++ b/cves/2022/CVE-2022-1439.yaml @@ -1,7 +1,7 @@ id: CVE-2022-1439 info: - name: Microweber Reflected Cross-Site Scripting + name: Microweber Cross-Site Scripting author: pikpikcu severity: medium description: Reflected XSS in microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction. diff --git a/cves/2022/CVE-2022-1597.yaml b/cves/2022/CVE-2022-1597.yaml index 9eecd68a9d..9af91af4fc 100644 --- a/cves/2022/CVE-2022-1597.yaml +++ b/cves/2022/CVE-2022-1597.yaml @@ -1,7 +1,7 @@ id: CVE-2022-1597 info: - name: WPQA < 5.4 - Reflected Cross-Site Scripting + name: WPQA < 5.4 - Cross-Site Scripting author: veshraj severity: medium description: | diff --git a/cves/2022/CVE-2022-1724.yaml b/cves/2022/CVE-2022-1724.yaml index 7bc6aee8f9..c07b3fa2bf 100644 --- a/cves/2022/CVE-2022-1724.yaml +++ b/cves/2022/CVE-2022-1724.yaml @@ -1,7 +1,7 @@ id: CVE-2022-1724 info: - name: Simple Membership < 4.1.1 - Reflected Cross-Site Scripting + name: Simple Membership < 4.1.1 - Cross-Site Scripting author: Akincibor severity: medium description: The plugin does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting. diff --git a/cves/2022/CVE-2022-1904.yaml b/cves/2022/CVE-2022-1904.yaml index 251aeceb46..2bd23f4c7e 100644 --- a/cves/2022/CVE-2022-1904.yaml +++ b/cves/2022/CVE-2022-1904.yaml @@ -1,7 +1,7 @@ id: CVE-2022-1904 info: - name: Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting + name: Easy Pricing Tables < 3.2.1 - Cross-Site-Scripting author: Akincibor severity: medium description: | diff --git a/cves/2022/CVE-2022-1906.yaml b/cves/2022/CVE-2022-1906.yaml index b3f4fa2e72..4832265683 100644 --- a/cves/2022/CVE-2022-1906.yaml +++ b/cves/2022/CVE-2022-1906.yaml @@ -1,7 +1,7 @@ id: CVE-2022-1906 info: - name: Copyright Proof <= 4.16 - Reflected Cross-Site-Scripting + name: Copyright Proof <= 4.16 - Cross-Site-Scripting author: random-robbie severity: medium description: | diff --git a/cves/2022/CVE-2022-1937.yaml b/cves/2022/CVE-2022-1937.yaml index 17184e75a4..185cf13123 100644 --- a/cves/2022/CVE-2022-1937.yaml +++ b/cves/2022/CVE-2022-1937.yaml @@ -1,7 +1,7 @@ id: CVE-2022-1937 info: - name: Awin Data Feed <= 1.6 - Reflected Cross-Site Scripting + name: Awin Data Feed <= 1.6 - Cross-Site Scripting author: Akincibor,DhiyaneshDK severity: medium description: | diff --git a/cves/2022/CVE-2022-1946.yaml b/cves/2022/CVE-2022-1946.yaml index 5a0757c182..ea30e250d9 100644 --- a/cves/2022/CVE-2022-1946.yaml +++ b/cves/2022/CVE-2022-1946.yaml @@ -1,7 +1,7 @@ id: CVE-2022-1946 info: - name: Gallery < 2.0.0 - Reflected Cross-Site Scripting + name: Gallery < 2.0.0 - Cross-Site Scripting author: Akincibor severity: medium description: The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue. diff --git a/cves/2022/CVE-2022-2187.yaml b/cves/2022/CVE-2022-2187.yaml index ce5e6cc7bf..e5a0b61f6a 100644 --- a/cves/2022/CVE-2022-2187.yaml +++ b/cves/2022/CVE-2022-2187.yaml @@ -1,7 +1,7 @@ id: CVE-2022-2187 info: - name: Contact Form 7 Captcha < 0.1.2 - Reflected Cross-Site Scripting + name: Contact Form 7 Captcha < 0.1.2 - Cross-Site Scripting author: For3stCo1d severity: medium description: | diff --git a/cves/2022/CVE-2022-24181.yaml b/cves/2022/CVE-2022-24181.yaml index 96ab81207f..74e3fe66ac 100644 --- a/cves/2022/CVE-2022-24181.yaml +++ b/cves/2022/CVE-2022-24181.yaml @@ -1,7 +1,7 @@ id: CVE-2022-24181 info: - name: PKP Open Journals System 3.3 - Cross-Site Scripting (XSS) + name: PKP Open Journals System 3.3 - Cross-Site Scripting author: lucasljm2001,ekrause severity: medium description: | diff --git a/cves/2022/CVE-2022-24681.yaml b/cves/2022/CVE-2022-24681.yaml index db42cf53de..23ac75d013 100644 --- a/cves/2022/CVE-2022-24681.yaml +++ b/cves/2022/CVE-2022-24681.yaml @@ -1,7 +1,7 @@ id: CVE-2022-24681 info: - name: ManageEngine ADSelfService - Stored XSS + name: ManageEngine ADSelfService - Stored Cross-Site Scripting author: Open-Sec severity: medium description: | diff --git a/cves/2022/CVE-2022-24899.yaml b/cves/2022/CVE-2022-24899.yaml index 5d0a6d8682..d3065ed150 100644 --- a/cves/2022/CVE-2022-24899.yaml +++ b/cves/2022/CVE-2022-24899.yaml @@ -1,7 +1,7 @@ id: CVE-2022-24899 info: - name: Contao 4.13.2 - Cross-Site Scripting (XSS) + name: Contao 4.13.2 - Cross-Site Scripting author: ritikchaddha severity: medium description: | diff --git a/cves/2022/CVE-2022-26564.yaml b/cves/2022/CVE-2022-26564.yaml index 0627775483..a156faf02e 100644 --- a/cves/2022/CVE-2022-26564.yaml +++ b/cves/2022/CVE-2022-26564.yaml @@ -1,7 +1,7 @@ id: CVE-2022-26564 info: - name: HotelDruid Hotel Management Software 3.0.3 XSS + name: HotelDruid Hotel Management Software 3.0.3 Cross-Site Scripting author: alexrydzak severity: medium description: | diff --git a/cves/2022/CVE-2022-28363.yaml b/cves/2022/CVE-2022-28363.yaml index 4f314695ac..fc2e62196f 100644 --- a/cves/2022/CVE-2022-28363.yaml +++ b/cves/2022/CVE-2022-28363.yaml @@ -1,7 +1,7 @@ id: CVE-2022-28363 info: - name: Reprise License Manager 14.2 - Reflected Cross-Site Scripting + name: Reprise License Manager 14.2 - Cross-Site Scripting author: Akincibor severity: medium description: | diff --git a/cves/2022/CVE-2022-29301.yaml b/cves/2022/CVE-2022-29301.yaml index e3fd56f9b9..d313b33940 100644 --- a/cves/2022/CVE-2022-29301.yaml +++ b/cves/2022/CVE-2022-29301.yaml @@ -1,7 +1,7 @@ id: CVE-2022-29301 info: - name: SolarView Compact 6.00 - 'pow' Cross-Site Scripting (XSS) + name: SolarView Compact 6.00 - 'pow' Cross-Site Scripting author: For3stCo1d severity: high description: | diff --git a/cves/2022/CVE-2022-29349.yaml b/cves/2022/CVE-2022-29349.yaml index 995ce7a728..0afba26701 100644 --- a/cves/2022/CVE-2022-29349.yaml +++ b/cves/2022/CVE-2022-29349.yaml @@ -1,7 +1,7 @@ id: CVE-2022-29349 info: - name: kkFileView v4.0.0 - Cross Site Scripting + name: kkFileView v4.0.0 - Cross-Site Scripting author: arafatansari severity: medium description: | diff --git a/cves/2022/CVE-2022-29455.yaml b/cves/2022/CVE-2022-29455.yaml index d0b66f992b..5352bde094 100644 --- a/cves/2022/CVE-2022-29455.yaml +++ b/cves/2022/CVE-2022-29455.yaml @@ -1,7 +1,7 @@ id: CVE-2022-29455 info: - name: Wordpress Elementor <= 3.5.5 - DOM-based Reflected Cross-Site Scripting + name: Wordpress Elementor <= 3.5.5 - DOM-based Cross-Site Scripting author: rotembar,daffainfo severity: medium description: | diff --git a/cves/2022/CVE-2022-29548.yaml b/cves/2022/CVE-2022-29548.yaml index f8b6f1304d..d77f5b79ce 100644 --- a/cves/2022/CVE-2022-29548.yaml +++ b/cves/2022/CVE-2022-29548.yaml @@ -1,7 +1,7 @@ id: CVE-2022-29548 info: - name: WSO2 Management Console - Reflected XSS + name: WSO2 Management Console - Cross-Site Scripting author: edoardottt severity: medium description: | diff --git a/cves/2022/CVE-2022-30489.yaml b/cves/2022/CVE-2022-30489.yaml index 723d69d081..4c5426d828 100644 --- a/cves/2022/CVE-2022-30489.yaml +++ b/cves/2022/CVE-2022-30489.yaml @@ -1,7 +1,7 @@ id: CVE-2022-30489 info: - name: Wavlink Wn535g3 - POST XSS + name: Wavlink Wn535g3 - POST Cross-Site Scripting author: For3stCo1d severity: medium description: | diff --git a/cves/2022/CVE-2022-30776.yaml b/cves/2022/CVE-2022-30776.yaml index a4c45b657b..10403b474a 100644 --- a/cves/2022/CVE-2022-30776.yaml +++ b/cves/2022/CVE-2022-30776.yaml @@ -1,7 +1,7 @@ id: CVE-2022-30776 info: - name: Atmail - Cross Site Scripting + name: Atmail - Cross-Site Scripting author: 3th1c_yuk1 severity: medium description: | diff --git a/cves/2022/CVE-2022-30777.yaml b/cves/2022/CVE-2022-30777.yaml index a4b787bfbc..f1a225dbee 100644 --- a/cves/2022/CVE-2022-30777.yaml +++ b/cves/2022/CVE-2022-30777.yaml @@ -1,7 +1,7 @@ id: CVE-2022-30777 info: - name: Parallels H-Sphere - Cross Site Scripting + name: Parallels H-Sphere - Cross-Site Scripting author: 3th1c_yuk1 severity: medium description: | diff --git a/cves/2022/CVE-2022-31373.yaml b/cves/2022/CVE-2022-31373.yaml index 19869a938c..b2ad77837e 100644 --- a/cves/2022/CVE-2022-31373.yaml +++ b/cves/2022/CVE-2022-31373.yaml @@ -1,7 +1,7 @@ id: CVE-2022-31373 info: - name: SolarView Compact 6.00 - Cross-Site Scripting(XSS) + name: SolarView Compact 6.00 - Cross-Site Scripting author: ritikchaddha severity: medium description: | diff --git a/cves/2022/CVE-2022-31798.yaml b/cves/2022/CVE-2022-31798.yaml index d77a145804..1556c42fa3 100644 --- a/cves/2022/CVE-2022-31798.yaml +++ b/cves/2022/CVE-2022-31798.yaml @@ -1,7 +1,7 @@ id: CVE-2022-31798 info: - name: Nortek Linear eMerge E3-Series - XSS + name: Nortek Linear eMerge E3-Series - Cross-Site Scripting author: ritikchaddha severity: medium description: | diff --git a/cves/2022/CVE-2022-32195.yaml b/cves/2022/CVE-2022-32195.yaml index ecfd9b9b5d..ad8a8817c4 100644 --- a/cves/2022/CVE-2022-32195.yaml +++ b/cves/2022/CVE-2022-32195.yaml @@ -1,7 +1,7 @@ id: CVE-2022-32195 info: - name: Open edX - Cross-site Scripting + name: Open edX - Cross-Site Scripting author: arafatansari severity: medium description: | diff --git a/cves/2022/CVE-2022-32770.yaml b/cves/2022/CVE-2022-32770.yaml index d2172ee7ec..bee623eabc 100644 --- a/cves/2022/CVE-2022-32770.yaml +++ b/cves/2022/CVE-2022-32770.yaml @@ -1,7 +1,7 @@ id: CVE-2022-32770 info: - name: WWBN AVideo 11.6 - Cross Site Scripting + name: WWBN AVideo 11.6 - Cross-Site Scripting author: arafatansari severity: medium description: | diff --git a/cves/2022/CVE-2022-32771.yaml b/cves/2022/CVE-2022-32771.yaml index 306e3d16ba..fb67c95f3c 100644 --- a/cves/2022/CVE-2022-32771.yaml +++ b/cves/2022/CVE-2022-32771.yaml @@ -1,7 +1,7 @@ id: CVE-2022-32771 info: - name: WWBN AVideo 11.6 - Cross Site Scripting + name: WWBN AVideo 11.6 - Cross-Site Scripting author: arafatansari severity: medium description: | diff --git a/cves/2022/CVE-2022-32772.yaml b/cves/2022/CVE-2022-32772.yaml index f22f7f660c..3092cbfd6c 100644 --- a/cves/2022/CVE-2022-32772.yaml +++ b/cves/2022/CVE-2022-32772.yaml @@ -1,7 +1,7 @@ id: CVE-2022-32772 info: - name: WWBN AVideo 11.6 - Cross Site Scripting + name: WWBN AVideo 11.6 - Cross-Site Scripting author: arafatansari severity: medium description: | diff --git a/cves/2022/CVE-2022-34048.yaml b/cves/2022/CVE-2022-34048.yaml index d95a55a5b1..8ede023429 100644 --- a/cves/2022/CVE-2022-34048.yaml +++ b/cves/2022/CVE-2022-34048.yaml @@ -1,7 +1,7 @@ id: CVE-2022-34048 info: - name: Wavlink WN533A8 - Cross-Site Scripting (XSS) + name: Wavlink WN533A8 - Cross-Site Scripting author: ritikchaddha severity: medium description: | diff --git a/cves/2022/CVE-2022-34328.yaml b/cves/2022/CVE-2022-34328.yaml index c1f035b7dd..0a03575c31 100644 --- a/cves/2022/CVE-2022-34328.yaml +++ b/cves/2022/CVE-2022-34328.yaml @@ -1,7 +1,7 @@ id: CVE-2022-34328 info: - name: PMB 7.3.10 - Cross Site Scripting + name: PMB 7.3.10 - Cross-Site Scripting author: edoardottt severity: medium description: | diff --git a/cves/2022/CVE-2022-35151.yaml b/cves/2022/CVE-2022-35151.yaml index 3f7bf9fe6f..e1636ce4eb 100644 --- a/cves/2022/CVE-2022-35151.yaml +++ b/cves/2022/CVE-2022-35151.yaml @@ -1,7 +1,7 @@ id: CVE-2022-35151 info: - name: kkFileView v4.1.0 - Cross Site Scripting + name: kkFileView v4.1.0 - Cross-Site Scripting author: arafatansari severity: medium description: | diff --git a/cves/2022/CVE-2022-35416.yaml b/cves/2022/CVE-2022-35416.yaml index aed4b8b573..e7524e8a37 100644 --- a/cves/2022/CVE-2022-35416.yaml +++ b/cves/2022/CVE-2022-35416.yaml @@ -1,7 +1,7 @@ id: CVE-2022-35416 info: - name: H3C SSL VPN through 2022-07-10 - Cookie Based XSS + name: H3C SSL VPN through 2022-07-10 - Cookie Based Cross-Site Scripting author: 0x240x23elu severity: medium description: | diff --git a/cves/2022/CVE-2022-35493.yaml b/cves/2022/CVE-2022-35493.yaml index 59094133b7..c4c73faba3 100644 --- a/cves/2022/CVE-2022-35493.yaml +++ b/cves/2022/CVE-2022-35493.yaml @@ -1,7 +1,7 @@ id: CVE-2022-35493 info: - name: eShop - Cross-site Scripting + name: eShop - Cross-Site Scripting author: arafatansari severity: medium description: | diff --git a/cves/2022/CVE-2022-37153.yaml b/cves/2022/CVE-2022-37153.yaml index 9fc012ea71..7bde99b1eb 100644 --- a/cves/2022/CVE-2022-37153.yaml +++ b/cves/2022/CVE-2022-37153.yaml @@ -1,7 +1,7 @@ id: CVE-2022-37153 info: - name: Artica Proxy - Cross Site Scripting + name: Artica Proxy - Cross-Site Scripting author: arafatansari severity: medium description: | diff --git a/cves/2022/CVE-2022-38463.yaml b/cves/2022/CVE-2022-38463.yaml index f1b13c4d99..bf4f73caf7 100644 --- a/cves/2022/CVE-2022-38463.yaml +++ b/cves/2022/CVE-2022-38463.yaml @@ -1,7 +1,7 @@ id: CVE-2022-38463 info: - name: ServiceNow - Cross Site Scripting + name: ServiceNow - Cross-Site Scripting author: amanrawat severity: medium description: | diff --git a/vulnerabilities/dedecms/dedecms-config-xss.yaml b/vulnerabilities/dedecms/dedecms-config-xss.yaml index c8febfe542..59f32da943 100644 --- a/vulnerabilities/dedecms/dedecms-config-xss.yaml +++ b/vulnerabilities/dedecms/dedecms-config-xss.yaml @@ -1,7 +1,7 @@ id: dedecms-config-xss info: - name: DedeCMS V5.7 config.php XSS + name: DedeCMS V5.7 config.php Cross-Site Scripting author: ritikchaddha severity: medium description: | diff --git a/vulnerabilities/drupal/drupal-avatar-xss.yaml b/vulnerabilities/drupal/drupal-avatar-xss.yaml index 95dd7d44bf..a61b33b016 100644 --- a/vulnerabilities/drupal/drupal-avatar-xss.yaml +++ b/vulnerabilities/drupal/drupal-avatar-xss.yaml @@ -1,7 +1,7 @@ id: drupal-avatar-xss info: - name: Drupal avatar_uploader v7.x-1.0-beta8 - Cross-Site Scripting(XSS) + name: Drupal avatar_uploader v7.x-1.0-beta8 - Cross-Site Scripting author: bywalks severity: medium description: | diff --git a/vulnerabilities/gnuboard/gnuboard-sms-xss.yaml b/vulnerabilities/gnuboard/gnuboard-sms-xss.yaml index 155dea7f7d..ac13726778 100644 --- a/vulnerabilities/gnuboard/gnuboard-sms-xss.yaml +++ b/vulnerabilities/gnuboard/gnuboard-sms-xss.yaml @@ -1,7 +1,7 @@ id: gnuboard-sms-xss info: - name: Gnuboard CMS - SMS Emoticon XSS + name: Gnuboard CMS - SMS Emoticon Cross-Site Scripting author: gy741 severity: medium description: A vulnerability in Gnuboard CMS allows remote attackers to inject arbitrary Javascript into the responses returned by the server. diff --git a/vulnerabilities/gnuboard/gnuboard5-rxss.yaml b/vulnerabilities/gnuboard/gnuboard5-rxss.yaml index bae2c8ef9f..383d3f0720 100644 --- a/vulnerabilities/gnuboard/gnuboard5-rxss.yaml +++ b/vulnerabilities/gnuboard/gnuboard5-rxss.yaml @@ -1,7 +1,7 @@ id: gnuboard5-rxss info: - name: Gnuboard5 - Cross Site Scripting + name: Gnuboard5 - Cross-Site Scripting author: arafatansari severity: medium description: | diff --git a/vulnerabilities/gnuboard/gnuboard5-xss.yaml b/vulnerabilities/gnuboard/gnuboard5-xss.yaml index 31c2d511dd..7d6a45de35 100644 --- a/vulnerabilities/gnuboard/gnuboard5-xss.yaml +++ b/vulnerabilities/gnuboard/gnuboard5-xss.yaml @@ -1,7 +1,7 @@ id: gnuboard5-xss info: - name: Gnuboard5 - Cross Site Scripting + name: Gnuboard5 - Cross-Site Scripting author: arafatansari severity: medium description: | diff --git a/vulnerabilities/httpbin/httpbin-xss.yaml b/vulnerabilities/httpbin/httpbin-xss.yaml index e384b8cb83..7282471d26 100644 --- a/vulnerabilities/httpbin/httpbin-xss.yaml +++ b/vulnerabilities/httpbin/httpbin-xss.yaml @@ -1,7 +1,7 @@ id: httpbin-xss info: - name: HTTPBin - Cross Site Scripting + name: HTTPBin - Cross-Site Scripting author: Adam Crosser severity: medium reference: diff --git a/vulnerabilities/ibm/eclipse-help-system-xss.yaml b/vulnerabilities/ibm/eclipse-help-system-xss.yaml index 86194399fa..4581fcf647 100644 --- a/vulnerabilities/ibm/eclipse-help-system-xss.yaml +++ b/vulnerabilities/ibm/eclipse-help-system-xss.yaml @@ -1,7 +1,7 @@ id: eclipse-help-system-xss info: - name: Eclipse Help System RXSS vulnerability + name: Eclipse Help System Cross-Site Scripting author: pikpikcu severity: medium tags: ibm,xss @@ -22,4 +22,4 @@ requests: - type: word words: - "text/html" - part: header \ No newline at end of file + part: header diff --git a/vulnerabilities/laravel/laravel-ignition-xss.yaml b/vulnerabilities/laravel/laravel-ignition-xss.yaml index 62ea4ee259..ba60d9239a 100644 --- a/vulnerabilities/laravel/laravel-ignition-xss.yaml +++ b/vulnerabilities/laravel/laravel-ignition-xss.yaml @@ -1,7 +1,7 @@ id: laravel-ignition-xss info: - name: Laravel Ignition XSS + name: Laravel Ignition Cross-Site Scripting author: 0x_Akoko severity: medium description: | diff --git a/vulnerabilities/other/acme-xss.yaml b/vulnerabilities/other/acme-xss.yaml index 3b4de118e0..8c6428f53a 100644 --- a/vulnerabilities/other/acme-xss.yaml +++ b/vulnerabilities/other/acme-xss.yaml @@ -1,7 +1,7 @@ id: acme-xss info: - name: ACME / Let's Encrypt Reflected XSS + name: ACME / Let's Encrypt Cross-Site Scripting author: pdteam severity: medium tags: xss,acme diff --git a/vulnerabilities/other/avada-xss.yaml b/vulnerabilities/other/avada-xss.yaml index feaf360dae..ccfb12bf6f 100644 --- a/vulnerabilities/other/avada-xss.yaml +++ b/vulnerabilities/other/avada-xss.yaml @@ -1,7 +1,7 @@ id: avada-xss info: - name: Avada < 7.4.2 - Reflected Cross-Site Scripting + name: Avada < 7.4.2 - Cross-Site Scripting author: Akincibor severity: medium description: The theme does not properly escape bbPress searches before outputting them back as breadcrumbs, leading to a Reflected Cross-Site Scripting issue. diff --git a/vulnerabilities/other/carrental-xss.yaml b/vulnerabilities/other/carrental-xss.yaml index 5d00990965..c9625edd14 100644 --- a/vulnerabilities/other/carrental-xss.yaml +++ b/vulnerabilities/other/carrental-xss.yaml @@ -1,7 +1,7 @@ id: carrental-xss info: - name: Car Rental Management System v1.0 - Stored Cross Site Scripting + name: Car Rental Management System v1.0 - Stored Cross-Site Scripting author: arafatansari severity: medium description: | diff --git a/vulnerabilities/other/ckan-dom-based-xss.yaml b/vulnerabilities/other/ckan-dom-based-xss.yaml index 7cc02f4bf3..75408652e9 100644 --- a/vulnerabilities/other/ckan-dom-based-xss.yaml +++ b/vulnerabilities/other/ckan-dom-based-xss.yaml @@ -1,7 +1,7 @@ id: ckan-dom-based-xss info: - name: CKAN DOM Based XSS + name: CKAN DOM Based Cross-Site Scripting author: dhiyaneshDk severity: medium description: CKAN uses the old jQuery Sparkle library which is vulnerable to DOM Based XSS. diff --git a/vulnerabilities/other/coldfusion-debug-xss.yaml b/vulnerabilities/other/coldfusion-debug-xss.yaml index 4de60288e2..0aa70de503 100644 --- a/vulnerabilities/other/coldfusion-debug-xss.yaml +++ b/vulnerabilities/other/coldfusion-debug-xss.yaml @@ -1,7 +1,7 @@ id: coldfusion-debug-xss info: - name: Adobe ColdFusion Debug Page XSS + name: Adobe ColdFusion Debug Page Cross-Site Scripting author: dhiyaneshDK severity: medium description: The remote Adobe ColdFusion debug page has been left open to unauthenticated users, this could allow remote attackers to trigger a reflected cross site scripting against the visitors of the site. diff --git a/vulnerabilities/other/discourse-xss.yaml b/vulnerabilities/other/discourse-xss.yaml index 0fcfeaee88..27bf55e7c8 100644 --- a/vulnerabilities/other/discourse-xss.yaml +++ b/vulnerabilities/other/discourse-xss.yaml @@ -1,7 +1,7 @@ id: discourse-xss info: - name: Discourse CMS - XSS + name: Discourse CMS - Cross-Site Scripting author: madrobot severity: medium description: Cross-site scripting (XSS) on Discourse CMS diff --git a/vulnerabilities/other/dzzoffice-xss.yaml b/vulnerabilities/other/dzzoffice-xss.yaml index 05f10faaae..6d494d58e7 100644 --- a/vulnerabilities/other/dzzoffice-xss.yaml +++ b/vulnerabilities/other/dzzoffice-xss.yaml @@ -1,7 +1,7 @@ id: dzzoffice-xss info: - name: Dzzoffice 2.02.1_SC_UTF8 - Cross Site Scripting + name: Dzzoffice 2.02.1_SC_UTF8 - Cross-Site Scripting author: arafatansari severity: medium description: | diff --git a/vulnerabilities/other/empirecms-xss.yaml b/vulnerabilities/other/empirecms-xss.yaml index edc848b882..6fa8d62c0b 100644 --- a/vulnerabilities/other/empirecms-xss.yaml +++ b/vulnerabilities/other/empirecms-xss.yaml @@ -1,7 +1,7 @@ id: empirecms-xss info: - name: EmpireCMS v75 XSS + name: EmpireCMS v75 Cross-Site Scripting author: pikpikcu severity: medium reference: diff --git a/vulnerabilities/other/eris-xss.yaml b/vulnerabilities/other/eris-xss.yaml index a4f0af0459..29bf5c34c0 100644 --- a/vulnerabilities/other/eris-xss.yaml +++ b/vulnerabilities/other/eris-xss.yaml @@ -1,7 +1,7 @@ id: eris-xss info: - name: Complete Online Job Search System v1.0 - Reflected Cross Site Scripting + name: Complete Online Job Search System v1.0 - Cross-Site Scripting author: arafatansari severity: medium description: | diff --git a/vulnerabilities/other/global-domains-xss.yaml b/vulnerabilities/other/global-domains-xss.yaml index c842000e15..f6c4541b91 100644 --- a/vulnerabilities/other/global-domains-xss.yaml +++ b/vulnerabilities/other/global-domains-xss.yaml @@ -1,7 +1,7 @@ id: global-domains-xss info: - name: Global Domains International XSS + name: Global Domains International Cross-Site Scripting author: princechaddha severity: medium reference: diff --git a/vulnerabilities/other/keycloak-xss.yaml b/vulnerabilities/other/keycloak-xss.yaml index 6f73adfd83..73fbbb2424 100644 --- a/vulnerabilities/other/keycloak-xss.yaml +++ b/vulnerabilities/other/keycloak-xss.yaml @@ -1,7 +1,7 @@ id: keycloak-xss info: - name: Keycloak <= 8.0 - Cross Site Scripting + name: Keycloak <= 8.0 - Cross-Site Scripting author: incogbyte severity: info reference: @@ -25,4 +25,4 @@ requests: - type: word words: - - 'Unrecognized field ""' \ No newline at end of file + - 'Unrecognized field ""' diff --git a/vulnerabilities/other/lucee-xss.yaml b/vulnerabilities/other/lucee-xss.yaml index dea08e0297..dfe6e13eca 100644 --- a/vulnerabilities/other/lucee-xss.yaml +++ b/vulnerabilities/other/lucee-xss.yaml @@ -1,11 +1,11 @@ id: lucee-xss info: - name: Lucee Unauthenticated Reflected XSS + name: Lucee Cross-Site Scripting author: incogbyte severity: medium description: A vulnerability in Lucee allows remote attackers to inject arbitrary Javascript into the responses returned by the server. - tags: lucee,xss + tags: lucee,xss,unauth requests: - method: GET diff --git a/vulnerabilities/other/mida-eframework-xss.yaml b/vulnerabilities/other/mida-eframework-xss.yaml index 93bffe41df..bdfb28cfe4 100644 --- a/vulnerabilities/other/mida-eframework-xss.yaml +++ b/vulnerabilities/other/mida-eframework-xss.yaml @@ -1,7 +1,7 @@ id: mida-eframework-xss info: - name: Mida eFramework - Cross Site Scripting + name: Mida eFramework - Cross-Site Scripting author: pikpikcu severity: medium tags: mida,xss @@ -24,4 +24,4 @@ requests: - type: word words: - - '">' \ No newline at end of file + - '">' diff --git a/vulnerabilities/other/ms-exchange-server-reflected-xss.yaml b/vulnerabilities/other/ms-exchange-server-reflected-xss.yaml index f71659f3e8..f5ab52aee4 100644 --- a/vulnerabilities/other/ms-exchange-server-reflected-xss.yaml +++ b/vulnerabilities/other/ms-exchange-server-reflected-xss.yaml @@ -1,7 +1,7 @@ id: ms-exchange-server-reflected-xss info: - name: MS Exchange Server XSS + name: MS Exchange Server Cross-Site Scripting author: infosecsanyam severity: medium reference: diff --git a/vulnerabilities/other/parallels-hsphere-xss.yaml b/vulnerabilities/other/parallels-hsphere-xss.yaml index 5f2c2281ba..3aac9cc6fd 100644 --- a/vulnerabilities/other/parallels-hsphere-xss.yaml +++ b/vulnerabilities/other/parallels-hsphere-xss.yaml @@ -1,7 +1,7 @@ id: parallels-hsphere-xss info: - name: Parallels H-Sphere - Cross-Site Scripting(XSS) + name: Parallels H-Sphere - Cross-Site Scripting author: ritikchaddha severity: medium description: | diff --git a/vulnerabilities/other/parentlink-xss.yaml b/vulnerabilities/other/parentlink-xss.yaml index 9b9766f693..378cf228c6 100644 --- a/vulnerabilities/other/parentlink-xss.yaml +++ b/vulnerabilities/other/parentlink-xss.yaml @@ -1,7 +1,7 @@ id: parentlink-xss info: - name: Blackboard ParentLink Reflected XSS + name: Blackboard ParentLink Cross-Site Scripting author: r3naissance severity: medium reference: diff --git a/vulnerabilities/other/php-timeclock-xss.yaml b/vulnerabilities/other/php-timeclock-xss.yaml index 693a776d5a..2482f4030a 100644 --- a/vulnerabilities/other/php-timeclock-xss.yaml +++ b/vulnerabilities/other/php-timeclock-xss.yaml @@ -1,7 +1,7 @@ id: php-timeclock-xss info: - name: PHP Timeclock 1.04 XSS + name: PHP Timeclock 1.04 Cross-Site Scripting author: pikpikcu severity: medium description: PHP Timeclock version 1.04 (and prior) Cross-Site Scripting vulnerabilities diff --git a/vulnerabilities/other/qcubed-xss.yaml b/vulnerabilities/other/qcubed-xss.yaml index 288d0ba81d..5546f1ccce 100644 --- a/vulnerabilities/other/qcubed-xss.yaml +++ b/vulnerabilities/other/qcubed-xss.yaml @@ -1,7 +1,7 @@ id: qcubed-xss info: - name: Qcubed Reflected XSS + name: Qcubed Cross-Site Scripting author: pikpikcu severity: medium description: A vulnerability in Qcubed allows remote attackers to inject arbitrary Javascript via the '/assets/php/_devtools/installer/step_2.php' endpoint and the 'installation_path' parameter. diff --git a/vulnerabilities/other/reddittop-rss-xss.yaml b/vulnerabilities/other/reddittop-rss-xss.yaml index cc4833e34d..52f5716905 100644 --- a/vulnerabilities/other/reddittop-rss-xss.yaml +++ b/vulnerabilities/other/reddittop-rss-xss.yaml @@ -1,7 +1,7 @@ id: reddittop-rss-xss info: - name: Reddit Top RSS - Cross Site Scripting + name: Reddit Top RSS - Cross-Site Scripting author: arafatansari severity: medium description: | diff --git a/vulnerabilities/other/rockmongo-xss.yaml b/vulnerabilities/other/rockmongo-xss.yaml index cb1d33cc5f..642312426f 100644 --- a/vulnerabilities/other/rockmongo-xss.yaml +++ b/vulnerabilities/other/rockmongo-xss.yaml @@ -1,7 +1,7 @@ id: rockmongo-xss info: - name: RockMongo V1.1.8 XSS + name: RockMongo V1.1.8 Cross-Site Scripting author: pikpikcu severity: medium description: A vulnerability in RockMongo allows attackers to inject arbitrary javascript into the response returned by the application. diff --git a/vulnerabilities/other/sick-beard-xss.yaml b/vulnerabilities/other/sick-beard-xss.yaml index 5f0c2f5855..271e09dce1 100644 --- a/vulnerabilities/other/sick-beard-xss.yaml +++ b/vulnerabilities/other/sick-beard-xss.yaml @@ -1,7 +1,7 @@ id: sick-beard-xss info: - name: Sick Beard XSS + name: Sick Beard Cross-Site Scripting author: pikpikcu severity: medium reference: diff --git a/vulnerabilities/other/siteminder-dom-xss.yaml b/vulnerabilities/other/siteminder-dom-xss.yaml index adf0b5abd0..9dde49a481 100644 --- a/vulnerabilities/other/siteminder-dom-xss.yaml +++ b/vulnerabilities/other/siteminder-dom-xss.yaml @@ -1,7 +1,7 @@ id: siteminder-dom-xss info: - name: SiteMinder - DOM based XSS + name: SiteMinder - DOM based Cross-Site Scripting author: clarkvoss severity: medium description: SiteMinder DOM Based XSS. diff --git a/vulnerabilities/other/solarview-compact-xss.yaml b/vulnerabilities/other/solarview-compact-xss.yaml index 1ef86e1575..aa9b72ec3d 100644 --- a/vulnerabilities/other/solarview-compact-xss.yaml +++ b/vulnerabilities/other/solarview-compact-xss.yaml @@ -1,7 +1,7 @@ id: solarview-compact-xss info: - name: SolarView Compact 6.00 - Cross-Site Scripting(XSS) + name: SolarView Compact 6.00 - Cross-Site Scripting author: ritikchaddha severity: medium description: | diff --git a/vulnerabilities/other/thruk-xss.yaml b/vulnerabilities/other/thruk-xss.yaml index c1d890aeae..5716c8063e 100644 --- a/vulnerabilities/other/thruk-xss.yaml +++ b/vulnerabilities/other/thruk-xss.yaml @@ -1,7 +1,7 @@ id: thruk-xss info: - name: Thruk Monitoring Webinterface - Cross Site Scripting + name: Thruk Monitoring Webinterface - Cross-Site Scripting author: pikpikcu,ritikchaddha severity: medium description: | diff --git a/vulnerabilities/other/tikiwiki-reflected-xss.yaml b/vulnerabilities/other/tikiwiki-reflected-xss.yaml index 6283ecd6fd..fc44d20757 100644 --- a/vulnerabilities/other/tikiwiki-reflected-xss.yaml +++ b/vulnerabilities/other/tikiwiki-reflected-xss.yaml @@ -1,7 +1,7 @@ id: tikiwiki-reflected-xss info: - name: Tiki Wiki CMS Groupware 5.2 Reflected Cross-site Scripting + name: Tiki Wiki CMS Groupware 5.2 Cross-Site Scripting author: madrobot severity: medium tags: xss,tikiwiki diff --git a/vulnerabilities/other/turbocrm-xss.yaml b/vulnerabilities/other/turbocrm-xss.yaml index 2f99cb2f82..09e6ae5ba9 100644 --- a/vulnerabilities/other/turbocrm-xss.yaml +++ b/vulnerabilities/other/turbocrm-xss.yaml @@ -1,7 +1,7 @@ id: turbocrm-xss info: - name: TurboCRM XSS + name: TurboCRM Cross-Site Scripting author: pikpikcu severity: medium description: A vulnerability in TurboCRM allows remote attackers to inject arbitrary Javascript into the response returned by the application. diff --git a/vulnerabilities/other/yeswiki-stored-xss.yaml b/vulnerabilities/other/yeswiki-stored-xss.yaml index 40b9fe6543..12ecd2ed31 100644 --- a/vulnerabilities/other/yeswiki-stored-xss.yaml +++ b/vulnerabilities/other/yeswiki-stored-xss.yaml @@ -1,7 +1,7 @@ id: yeswiki-stored-xss info: - name: YesWiki - Cross-site Scripting (Stored) + name: YesWiki - Stored Cross-Site Scripting author: arafatansari severity: medium description: | diff --git a/vulnerabilities/other/yeswiki-xss.yaml b/vulnerabilities/other/yeswiki-xss.yaml index fe367a7cb6..a46b0a9f68 100644 --- a/vulnerabilities/other/yeswiki-xss.yaml +++ b/vulnerabilities/other/yeswiki-xss.yaml @@ -1,7 +1,7 @@ id: yeswiki-xss info: - name: yeswiki/yeswiki - Unauthenticated Cross Site Scripting - Reflected + name: yeswiki/yeswiki - Cross-Site Scripting author: arafatansari severity: medium description: | diff --git a/vulnerabilities/royalevent/royalevent-management-xss.yaml b/vulnerabilities/royalevent/royalevent-management-xss.yaml index dd51cf3f64..5a17561fa5 100644 --- a/vulnerabilities/royalevent/royalevent-management-xss.yaml +++ b/vulnerabilities/royalevent/royalevent-management-xss.yaml @@ -1,7 +1,7 @@ id: royalevent-management-xss info: - name: Royal Event - Cross-Site Scripting(XSS) + name: Royal Event - Cross-Site Scripting author: ritikchaddha severity: medium description: | diff --git a/vulnerabilities/royalevent/royalevent-stored-xss.yaml b/vulnerabilities/royalevent/royalevent-stored-xss.yaml index cbde243a63..2878bfff38 100644 --- a/vulnerabilities/royalevent/royalevent-stored-xss.yaml +++ b/vulnerabilities/royalevent/royalevent-stored-xss.yaml @@ -1,7 +1,7 @@ id: royalevent-stored-xss info: - name: Royale Event - Stored Cross-site Scripting (Unauthenticated) + name: Royale Event - Stored Cross-Site Scripting author: ritikchaddha severity: high description: | diff --git a/vulnerabilities/samsung/samsung-wlan-ap-xss.yaml b/vulnerabilities/samsung/samsung-wlan-ap-xss.yaml index c0f37838e7..260922acbf 100644 --- a/vulnerabilities/samsung/samsung-wlan-ap-xss.yaml +++ b/vulnerabilities/samsung/samsung-wlan-ap-xss.yaml @@ -1,7 +1,7 @@ id: samsung-wlan-ap-xss info: - name: Samsung Wlan AP (WEA453e) XSS + name: Samsung Wlan AP (WEA453e) - Cross-Site Scripting author: pikpikcu severity: medium reference: @@ -27,4 +27,4 @@ requests: - type: word words: - "text/html" - part: header \ No newline at end of file + part: header diff --git a/vulnerabilities/wordpress/elex-woocommerce-xss.yaml b/vulnerabilities/wordpress/elex-woocommerce-xss.yaml index 3503e7b278..e409cba5e8 100644 --- a/vulnerabilities/wordpress/elex-woocommerce-xss.yaml +++ b/vulnerabilities/wordpress/elex-woocommerce-xss.yaml @@ -1,7 +1,7 @@ id: elex-woocommerce-xss info: - name: WordPress WooCommerce Google Shopping < 1.2.4 - Reflected Cross-Site Scripting + name: WordPress WooCommerce Google Shopping < 1.2.4 - Cross-Site Scripting author: dhiyaneshDk severity: high description: WordPress WooCommerce Google Shopping < 1.2.4 is susceptible to cross-site scripting because the plugin does not sanitize or escape the search GET parameter before outputting it back in the page and diff --git a/vulnerabilities/wordpress/my-chatbot-xss.yaml b/vulnerabilities/wordpress/my-chatbot-xss.yaml index 07494846d3..11fc1cecab 100644 --- a/vulnerabilities/wordpress/my-chatbot-xss.yaml +++ b/vulnerabilities/wordpress/my-chatbot-xss.yaml @@ -1,7 +1,7 @@ id: my-chatbot-xss info: - name: WordPress My Chatbot <= 1.1 - Reflected Cross-Site Scripting + name: WordPress My Chatbot <= 1.1 - Cross-Site Scripting author: dhiyaneshDk severity: high description: WordPress My Chatbot <= 1.1 is susceptible to cross-site scripting. The plugin does not sanitize or escape its tab parameter in the Settings page before outputting it back in an attribute. diff --git a/vulnerabilities/wordpress/wordpress-wordfence-xss.yaml b/vulnerabilities/wordpress/wordpress-wordfence-xss.yaml index b2501e1cc3..9fc4199fee 100644 --- a/vulnerabilities/wordpress/wordpress-wordfence-xss.yaml +++ b/vulnerabilities/wordpress/wordpress-wordfence-xss.yaml @@ -1,7 +1,7 @@ id: wordpress-wordfence-xss info: - name: WordPress Wordfence 7.4.6 - Cross Site Scripting + name: WordPress Wordfence 7.4.6 - Cross0Site Scripting author: madrobot severity: medium description: WordPress Wordfence 7.4.6 is vulnerable to cross-site scripting. diff --git a/vulnerabilities/wordpress/wp-adaptive-xss.yaml b/vulnerabilities/wordpress/wp-adaptive-xss.yaml index b2e684a96a..ca94ad0d3d 100644 --- a/vulnerabilities/wordpress/wp-adaptive-xss.yaml +++ b/vulnerabilities/wordpress/wp-adaptive-xss.yaml @@ -1,7 +1,7 @@ id: wp-adaptive-xss info: - name: WordPress Adaptive Images < 0.6.69 - Reflected Cross-Site Scripting + name: WordPress Adaptive Images < 0.6.69 - Cross-Site Scripting author: dhiyaneshDK severity: high description: WordPress Adaptive Images < 0.6.69 is susceptible to cross-site scripting because the plugin does not sanitize and escape the REQUEST_URI before outputting it back in a page. diff --git a/vulnerabilities/wordpress/wp-custom-tables-xss.yaml b/vulnerabilities/wordpress/wp-custom-tables-xss.yaml index 622e4bcae9..043b58de41 100644 --- a/vulnerabilities/wordpress/wp-custom-tables-xss.yaml +++ b/vulnerabilities/wordpress/wp-custom-tables-xss.yaml @@ -1,7 +1,7 @@ id: wp-custom-tables-xss info: - name: WordPress Custom Tables Plugin 3.4.4 - Reflected Cross Site Scripting (XSS) + name: WordPress Custom Tables Plugin 3.4.4 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress custom tables Plugin 'key' Parameter Cross Site Scripting Vulnerability diff --git a/vulnerabilities/wordpress/wp-finder-xss.yaml b/vulnerabilities/wordpress/wp-finder-xss.yaml index 17a736c848..2ff57c78e0 100644 --- a/vulnerabilities/wordpress/wp-finder-xss.yaml +++ b/vulnerabilities/wordpress/wp-finder-xss.yaml @@ -1,7 +1,7 @@ id: wp-finder-xss info: - name: WordPress Plugin Finder - 'order' Reflected Cross-Site Scripting (XSS) + name: WordPress Plugin Finder - 'order' Cross-Site Scripting author: daffainfo severity: medium reference: diff --git a/vulnerabilities/wordpress/wp-flagem-xss.yaml b/vulnerabilities/wordpress/wp-flagem-xss.yaml index 9bbedc3cb3..7ea55c8caf 100644 --- a/vulnerabilities/wordpress/wp-flagem-xss.yaml +++ b/vulnerabilities/wordpress/wp-flagem-xss.yaml @@ -1,7 +1,7 @@ id: wp-flagem-xss info: - name: WordPress Plugin FlagEm - Reflected Cross-Site Scripting (XSS) + name: WordPress Plugin FlagEm - Cross-Site Scripting author: daffainfo severity: medium reference: diff --git a/vulnerabilities/wordpress/wp-insert-php-xss.yaml b/vulnerabilities/wordpress/wp-insert-php-xss.yaml index 87a1bcbdab..989775584e 100644 --- a/vulnerabilities/wordpress/wp-insert-php-xss.yaml +++ b/vulnerabilities/wordpress/wp-insert-php-xss.yaml @@ -1,7 +1,7 @@ id: wp-insert-php-xss info: - name: Woody Code Snippets < 2.4.6 - Reflected Cross-Site Scripting + name: Woody Code Snippets < 2.4.6 - Cross-Site Scripting author: Akincibor,DhiyaneshDk severity: medium description: The plugin does not escape a generated URLs before outputting them back in an attribute, leading to Reflected Cross-Site Scripting diff --git a/vulnerabilities/wordpress/wp-knews-xss.yaml b/vulnerabilities/wordpress/wp-knews-xss.yaml index 99bbb65c09..8a5caa4568 100644 --- a/vulnerabilities/wordpress/wp-knews-xss.yaml +++ b/vulnerabilities/wordpress/wp-knews-xss.yaml @@ -1,7 +1,7 @@ id: wp-knews-xss info: - name: WordPress Plugin Knews Multilingual Newsletters - Reflected Cross-Site Scripting (XSS) + name: WordPress Plugin Knews Multilingual Newsletters - Cross-Site Scripting author: daffainfo severity: medium reference: diff --git a/vulnerabilities/wordpress/wp-nextgen-xss.yaml b/vulnerabilities/wordpress/wp-nextgen-xss.yaml index 26930307d2..77898ef069 100644 --- a/vulnerabilities/wordpress/wp-nextgen-xss.yaml +++ b/vulnerabilities/wordpress/wp-nextgen-xss.yaml @@ -1,7 +1,7 @@ id: wp-nextgen-xss info: - name: WordPress Plugin NextGEN Gallery 1.9.10 - Reflected Cross-Site Scripting (XSS) + name: WordPress Plugin NextGEN Gallery 1.9.10 - Cross-Site Scripting author: daffainfo severity: medium reference: diff --git a/vulnerabilities/wordpress/wp-phpfreechat-xss.yaml b/vulnerabilities/wordpress/wp-phpfreechat-xss.yaml index f2e72f6d70..2d26b9e760 100644 --- a/vulnerabilities/wordpress/wp-phpfreechat-xss.yaml +++ b/vulnerabilities/wordpress/wp-phpfreechat-xss.yaml @@ -1,7 +1,7 @@ id: wp-phpfreechat-xss info: - name: WordPress Plugin PHPFreeChat - 'url' Reflected Cross-Site Scripting (XSS) + name: WordPress Plugin PHPFreeChat - 'url' Cross-Site Scripting author: daffainfo severity: medium reference: diff --git a/vulnerabilities/wordpress/wp-securimage-xss.yaml b/vulnerabilities/wordpress/wp-securimage-xss.yaml index 2369b8fa85..d60a1da844 100644 --- a/vulnerabilities/wordpress/wp-securimage-xss.yaml +++ b/vulnerabilities/wordpress/wp-securimage-xss.yaml @@ -1,7 +1,7 @@ id: wp-securimage-xss info: - name: WordPress Plugin Securimage-WP - 'siwp_test.php' Reflected Cross-Site Scripting (XSS) + name: WordPress Plugin Securimage-WP - 'siwp_test.php' Cross-Site Scripting author: daffainfo severity: medium reference: diff --git a/vulnerabilities/wordpress/wp-slideshow-xss.yaml b/vulnerabilities/wordpress/wp-slideshow-xss.yaml index c024114ccf..f6448d68dd 100644 --- a/vulnerabilities/wordpress/wp-slideshow-xss.yaml +++ b/vulnerabilities/wordpress/wp-slideshow-xss.yaml @@ -1,7 +1,7 @@ id: wp-slideshow-xss info: - name: WordPress Plugin Slideshow - Reflected Cross-Site Scripting (XSS) + name: WordPress Plugin Slideshow - Cross-Site Scripting author: daffainfo severity: medium reference: diff --git a/vulnerabilities/wordpress/wpify-woo-czech-xss.yaml b/vulnerabilities/wordpress/wpify-woo-czech-xss.yaml index db4d6a1992..8c7e74a2b2 100644 --- a/vulnerabilities/wordpress/wpify-woo-czech-xss.yaml +++ b/vulnerabilities/wordpress/wpify-woo-czech-xss.yaml @@ -1,7 +1,7 @@ id: wpify-woo-czech-xss info: - name: WPify Woo Czech < 3.5.7 - Reflected Cross-Site Scripting (XSS) + name: WPify Woo Czech < 3.5.7 - Cross-Site Scripting author: Akincibor severity: medium description: The plugin uses the Vies library v2.2.0, which has a sample file outputting $_SERVER['PHP_SELF'] in an attribute without being escaped first, leading to a Reflected Cross-Site Scripting. The issue is only exploitable when the web server has the PDO driver installed, and write access to the example directory (otherwise an exception will be raised before the payload is output)..