diff --git a/cves/2021/CVE-2021-24300.yaml b/cves/2021/CVE-2021-24300.yaml index 69c60738d0..109f93ea66 100644 --- a/cves/2021/CVE-2021-24300.yaml +++ b/cves/2021/CVE-2021-24300.yaml @@ -1,10 +1,10 @@ id: CVE-2021-24300 info: - name: PickPlugins Product Slider for WooCommerce < 1.13.22 - XSS + name: WordPress WooCommerce <1.13.22 - Cross-Site Scripting author: cckuailong severity: medium - description: The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin before 1.13.22 did not properly sanitised the keyword GET parameter, leading to reflected Cross-Site Scripting issue. + description: WordPress WooCommerce before 1.13.22 contains a reflected cross-site scripting vulnerability via the slider import search feature because it does not properly sanitize the keyword GET parameter. reference: - https://wpscan.com/vulnerability/5fbbc7ad-3f1a-48a1-b2eb-e57f153eb837 - https://nvd.nist.gov/vuln/detail/CVE-2021-24300 @@ -47,3 +47,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-24316.yaml b/cves/2021/CVE-2021-24316.yaml index ccc8696c41..a08a2f007e 100644 --- a/cves/2021/CVE-2021-24316.yaml +++ b/cves/2021/CVE-2021-24316.yaml @@ -1,14 +1,15 @@ id: CVE-2021-24316 info: - name: An Unauthenticated Reflected XSS & XFS Mediumish theme through 1.0.47 for WordPress + name: WordPress Mediumish Theme <=1.0.47 - Cross-Site Scripting author: 0x_Akoko severity: medium - description: Mediumish WordPress Theme <= 1.0.47 - Unauthenticated Reflected XSS & XFS. + description: WordPress Mediumish theme 1.0.47 and prior contains an unauthenticated reflected cross-site scripting vulnerability. The 's' GET parameter is not properly sanitized by the search feature before it is output back on the page. reference: - https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e - https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txt - https://www.wowthemes.net/themes/mediumish-wordpress/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-24316 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -38,3 +39,5 @@ requests: words: - "text/html" part: header + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-24320.yaml b/cves/2021/CVE-2021-24320.yaml index 070cdcbf79..97f0a00ae9 100644 --- a/cves/2021/CVE-2021-24320.yaml +++ b/cves/2021/CVE-2021-24320.yaml @@ -1,15 +1,16 @@ id: CVE-2021-24320 info: - name: Bello WordPress Theme < 1.6.0 - Reflected Cross-Site Scripting (XSS) + name: WordPress Bello Directory & Listing Theme <1.6.0 - Cross-Site Scripting author: daffainfo severity: medium - description: The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, - bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameter in ints listing - page, leading to reflected Cross-Site Scripting issues. + description: WordPress Bello Directory & Listing theme before 1.6.0 contains a reflected cross-site scripting vulnerability. It does not properly sanitize and escape the listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, + bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameters in the ints listing + page. reference: - https://m0ze.ru/vulnerability/%5B2021-03-21%5D-%5BWordPress%5D-%5BCWE-79%5D-Bello-WordPress-Theme-v1.5.9.txt - https://wpscan.com/vulnerability/6b5b42fd-028a-4405-b027-3266058029bb + - https://nvd.nist.gov/vuln/detail/CVE-2021-24320 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -37,3 +38,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-24335.yaml b/cves/2021/CVE-2021-24335.yaml index 597de3769c..60e83be043 100644 --- a/cves/2021/CVE-2021-24335.yaml +++ b/cves/2021/CVE-2021-24335.yaml @@ -1,15 +1,15 @@ id: CVE-2021-24335 info: - name: Car Repair Services < 4.0 - Reflected Cross-Site Scripting (XSS) + name: WordPress Car Repair Services & Auto Mechanic Theme <4.0 - Cross-Site Scripting author: daffainfo severity: medium - description: The Car Repair Services & Auto Mechanic WordPress theme before 4.0 did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue + description: WordPress Car Repair Services & Auto Mechanic before 4.0 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the serviceestimatekey parameter before outputting it back in the page. reference: - - https://nvd.nist.gov/vuln/detail/CVE-2021-24335 - https://themeforest.net/item/car-repair-services-auto-mechanic-wordpress-theme/19823557 - https://m0ze.ru/vulnerability/[2021-02-12]-[WordPress]-[CWE-79]-Car-Repair-Services-WordPress-Theme-v3.9.txt - https://wpscan.com/vulnerability/39258aba-2449-4214-a490-b8e46945117d + - https://nvd.nist.gov/vuln/detail/CVE-2021-24335 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -37,3 +37,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-24342.yaml b/cves/2021/CVE-2021-24342.yaml index 96eb726f98..08481d2f5f 100644 --- a/cves/2021/CVE-2021-24342.yaml +++ b/cves/2021/CVE-2021-24342.yaml @@ -1,10 +1,10 @@ id: CVE-2021-24342 info: - name: JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS) + name: WordPress JNews Theme <8.0.6 - Cross-Site Scripting author: pikpikcu severity: medium - description: JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue. + description: WordPress JNews theme before 8.0.6 contains a reflected cross-site scripting vulnerability. It does not sanitize the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*). reference: - https://wpscan.com/vulnerability/415ca763-fe65-48cb-acd3-b375a400217e - https://nvd.nist.gov/vuln/detail/CVE-2021-24342 @@ -41,3 +41,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-24364.yaml b/cves/2021/CVE-2021-24364.yaml index 6babd75b3d..a361b30189 100644 --- a/cves/2021/CVE-2021-24364.yaml +++ b/cves/2021/CVE-2021-24364.yaml @@ -1,11 +1,10 @@ id: CVE-2021-24364 info: - name: Jannah < 5.4.4 (XSS) + name: WordPress Jannah Theme <5.4.4 - Cross-Site Scripting author: pikpikcu severity: medium - description: The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site - Scripting (XSS) vulnerability. + description: WordPress Jannah theme before 5.4.4 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page. reference: - https://wpscan.com/vulnerability/1d53fbe5-a879-42ca-a9d3-768a80018382 - https://nvd.nist.gov/vuln/detail/CVE-2021-24364 @@ -37,3 +36,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-24387.yaml b/cves/2021/CVE-2021-24387.yaml index 24f5b56847..53743717b6 100644 --- a/cves/2021/CVE-2021-24387.yaml +++ b/cves/2021/CVE-2021-24387.yaml @@ -1,17 +1,16 @@ id: CVE-2021-24387 info: - name: Real Estate 7 WordPress Theme < 3.1.1 - Unauthenticated Reflected XSS + name: WordPress Pro Real Estate 7 Theme <3.1.1 - Cross-Site Scripting author: suman_kar severity: medium description: | - The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly sanitise the ct_community parameter - in its search listing page before outputting it back in it, leading to a reflected Cross-Site Scripting which - can be triggered in both unauthenticated or authenticated user context + WordPress Pro Real Estate 7 theme before 3.1.1 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the ct_community parameter in its search listing page before outputting it back. reference: - https://cxsecurity.com/issue/WLB-2021070041 - https://wpscan.com/vulnerability/27264f30-71d5-4d2b-8f36-4009a2be6745 - https://contempothemes.com/wp-real-estate-7/changelog/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-24387 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -40,3 +39,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-24389.yaml b/cves/2021/CVE-2021-24389.yaml index a5e827b6ba..ec9ed88d0d 100644 --- a/cves/2021/CVE-2021-24389.yaml +++ b/cves/2021/CVE-2021-24389.yaml @@ -1,13 +1,13 @@ id: CVE-2021-24389 info: - name: FoodBakery < 2.2 - Reflected Cross-Site Scripting (XSS) + name: WordPress FoodBakery <2.2 - Cross-Site Scripting author: daffainfo severity: medium - description: The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery WordPress theme before 2.2 did not properly sanitize the foodbakery_radius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability. + description: WordPress FoodBakery before 2.2 contains an unauthenticated reflected cross-site scripting vulnerability. It does not properly sanitize the foodbakery_radius parameter before outputting it back in the response. reference: - - https://nvd.nist.gov/vuln/detail/CVE-2021-24389 - https://wpscan.com/vulnerability/23b8b8c4-cded-4887-a021-5f3ea610213b + - https://nvd.nist.gov/vuln/detail/CVE-2021-24389 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -35,3 +35,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-24407.yaml b/cves/2021/CVE-2021-24407.yaml index aeb1341ad8..35366bfbc6 100644 --- a/cves/2021/CVE-2021-24407.yaml +++ b/cves/2021/CVE-2021-24407.yaml @@ -1,10 +1,10 @@ id: CVE-2021-24407 info: - name: Jannah < 5.4.5 - Reflected Cross-Site Scripting (XSS) + name: WordPress Jannah Theme <5.4.5 - Cross-Site Scripting author: pikpikcu severity: medium - description: The Jannah WordPress theme before 5.4.5 did not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action, leading to a Reflected Cross-site Scripting (XSS) vulnerability. + description: WordPress Jannah theme before 5.4.5 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action. reference: - https://wpscan.com/vulnerability/fba9f010-1202-4eea-a6f5-78865c084153 - https://nvd.nist.gov/vuln/detail/CVE-2021-24407 @@ -41,3 +41,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-24488.yaml b/cves/2021/CVE-2021-24488.yaml index a58a2e079f..6ab0297b25 100644 --- a/cves/2021/CVE-2021-24488.yaml +++ b/cves/2021/CVE-2021-24488.yaml @@ -1,10 +1,10 @@ id: CVE-2021-24488 info: - name: WordPress Plugin Post Grid < 2.1.8 - XSS + name: WordPress Post Grid <2.1.8 - Cross-Site Scripting author: cckuailong severity: medium - description: The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly sanitised before being output back in the pages, leading to Reflected Cross-Site Scripting issues + description: WordPress Post Grid plugin before 2.1.8 contains a reflected cross-site scripting vulnerability. The slider import search feature and tab parameter of thesettings are not properly sanitized before being output back in the pages, reference: - https://wpscan.com/vulnerability/1fc0aace-ba85-4939-9007-d150960add4a - https://nvd.nist.gov/vuln/detail/CVE-2021-24488 @@ -43,3 +43,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-24495.yaml b/cves/2021/CVE-2021-24495.yaml index 0141460b01..5205d9265c 100644 --- a/cves/2021/CVE-2021-24495.yaml +++ b/cves/2021/CVE-2021-24495.yaml @@ -1,14 +1,15 @@ id: CVE-2021-24495 info: - name: Wordpress Plugin Marmoset Viewer XSS + name: Wordpress Marmoset Viewer <1.9.3 - Cross-Site Scripting author: johnjhacking severity: medium - description: The Marmoset Viewer WordPress plugin before 1.9.3 does not property sanitize, validate or escape the 'id' parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue. + description: WordPress Marmoset Viewer plugin before 1.9.3 contains a cross-site scripting vulnerability. It does not property sanitize, validate, or escape the 'id' parameter before outputting back in the page. reference: - https://johnjhacking.com/blog/cve-2021-24495-improper-neutralization-of-input-during-web-page-generation-on-id-parameter-in-wordpress-marmoset-viewer-plugin-versions-1.9.3-leads-to-reflected-cross-site-scripting/ - https://wordpress.org/plugins/marmoset-viewer/#developers - https://wpscan.com/vulnerability/d11b79a3-f762-49ab-b7c8-3174624d7638 + - https://nvd.nist.gov/vuln/detail/CVE-2021-24495 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -38,3 +39,5 @@ requests: - type: word words: - "Marmoset Viewer" + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-24498.yaml b/cves/2021/CVE-2021-24498.yaml index e261e95975..3d2b787f2b 100644 --- a/cves/2021/CVE-2021-24498.yaml +++ b/cves/2021/CVE-2021-24498.yaml @@ -1,12 +1,13 @@ id: CVE-2021-24498 info: - name: Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS) + name: WordPress Calendar Event Multi View <1.4.01 - Cross-Site Scripting author: suman_kar severity: medium - description: The plugin does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php), leading to a reflected Cross-Site Scripting issue. + description: WordPress Calendar Event Multi View plugin before 1.4.01 contains an unauthenticated reflected cross-site scripting vulnerability. It does not sanitize or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php). reference: - https://wpscan.com/vulnerability/3c5a5187-42b3-4f88-9b0e-4fdfa1c39e86 + - https://nvd.nist.gov/vuln/detail/CVE-2021-24498 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -40,3 +41,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-24510.yaml b/cves/2021/CVE-2021-24510.yaml index 79f424bd89..892c3a4d7f 100644 --- a/cves/2021/CVE-2021-24510.yaml +++ b/cves/2021/CVE-2021-24510.yaml @@ -1,10 +1,10 @@ id: CVE-2021-24510 info: - name: MF Gig Calendar <= 1.1 - Reflected Cross-Site Scripting (XSS) + name: WordPress MF Gig Calendar <=1.1 - Cross-Site Scripting author: dhiyaneshDK severity: medium - description: The MF Gig Calendar WordPress plugin through 1.1 does not sanitise or escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue + description: WordPress MF Gig Calendar plugin 1.1 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize or escape the id GET parameter before outputting back in the admin dashboard when editing an event. reference: - https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39 - https://nvd.nist.gov/vuln/detail/CVE-2021-24510 @@ -46,3 +46,5 @@ requests: part: header words: - "text/html" + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-24891.yaml b/cves/2021/CVE-2021-24891.yaml index 54ec603528..c312429522 100644 --- a/cves/2021/CVE-2021-24891.yaml +++ b/cves/2021/CVE-2021-24891.yaml @@ -1,11 +1,11 @@ id: CVE-2021-24891 info: - name: Elementor < 3.1.4 - DOM Cross-Site-Scripting + name: WordPress Elementor Website Builder <3.1.4 - Cross-Site Scripting author: dhiyaneshDk severity: medium description: | - The Elementor Website Builder WordPress plugin before 3.1.4 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue. + WordPress Elementor Website Builder plugin before 3.1.4 contains a DOM cross-site scripting vulnerability. It does not sanitize or escape user input appended to the DOM via a malicious hash. reference: - https://www.jbelamor.com/xss-elementor-lightox.html - https://wpscan.com/vulnerability/fbed0daa-007d-4f91-8d87-4bca7781de2d @@ -45,4 +45,6 @@ requests: - type: dsl dsl: - - compare_versions(version, '> 1.5.0', '< 3.1.4') && status_code_1 == 200 && status_code_2 == 200 \ No newline at end of file + - compare_versions(version, '> 1.5.0', '< 3.1.4') && status_code_1 == 200 && status_code_2 == 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-24910.yaml b/cves/2021/CVE-2021-24910.yaml index e3afc69c65..f03f6719d6 100644 --- a/cves/2021/CVE-2021-24910.yaml +++ b/cves/2021/CVE-2021-24910.yaml @@ -1,24 +1,23 @@ id: CVE-2021-24910 info: - name: Transposh WordPress < 1.0.7 - Reflected Cross-Site Scripting (XSS) + name: WordPress Transposh Translation <1.0.8 - Cross-Site Scripting author: Screamy - severity: medium - description: | - The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue + severity: high + description: WordPress Transposh Translation plugin before 1.0.8 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response. reference: - https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/ - https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-24910.txt - https://wpscan.com/vulnerability/b5cbebf4-5749-41a0-8be3-3333853fca17 - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24910 + - https://nvd.nist.gov/vuln/detail/CVE-2021-24910 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N + cvss-score: 7.2 cve-id: CVE-2021-24910 cwe-id: CWE-79 metadata: - verified: "true" - tags: wp-plugin,xss,wp,wpscan,cve,cve2021,wordpress + verified: true + tags: cve,cve2021,wordpress,wp-plugin,xss,wp requests: - method: GET @@ -42,3 +41,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 \ No newline at end of file diff --git a/cves/2021/CVE-2021-24926.yaml b/cves/2021/CVE-2021-24926.yaml index 15e26e41e5..5b5dcc743e 100644 --- a/cves/2021/CVE-2021-24926.yaml +++ b/cves/2021/CVE-2021-24926.yaml @@ -1,10 +1,10 @@ id: CVE-2021-24926 info: - name: WordPress Plugin Domain Check < 1.0.17 - XSS + name: WordPress Domain Check <1.0.17 - Cross-Site Scripting author: cckuailong severity: medium - description: The Domain Check WordPress plugin before 1.0.17 does not sanitise and escape the domain parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue. + description: WordPress Domain Check plugin before 1.0.17 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the domain parameter before outputting it back in the page. reference: - https://wpscan.com/vulnerability/8cc7cbbd-f74f-4f30-9483-573641fea733 - https://nvd.nist.gov/vuln/detail/CVE-2021-24926 @@ -43,3 +43,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-24987.yaml b/cves/2021/CVE-2021-24987.yaml index 0a151af08a..1213f8e753 100644 --- a/cves/2021/CVE-2021-24987.yaml +++ b/cves/2021/CVE-2021-24987.yaml @@ -1,11 +1,10 @@ id: CVE-2021-24987 info: - name: Super Socializer < 7.13.30 - Reflected Cross-Site Scripting + name: WordPress Super Socializer <7.13.30 - Cross-Site Scripting author: Akincibor severity: medium - description: The plugin does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, - leading to a Reflected Cross-Site Scripting issue. + description: WordPress Super Socializer plugin before 7.13.30 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response. reference: - https://wpscan.com/vulnerability/a14b668f-812f-46ee-827e-0996b378f7f0 - https://nvd.nist.gov/vuln/detail/CVE-2021-24987 @@ -36,3 +35,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-25063.yaml b/cves/2021/CVE-2021-25063.yaml index 7626bad61b..bb9cde7acd 100644 --- a/cves/2021/CVE-2021-25063.yaml +++ b/cves/2021/CVE-2021-25063.yaml @@ -1,12 +1,13 @@ id: CVE-2021-25063 info: - name: Contact Form 7 Skins <= 2.5.0 - Reflected Cross-Site Scripting (XSS) + name: WordPress Contact Form 7 Skins <=2.5.0 - Cross-Site Scripting author: dhiyaneshDk severity: medium - description: The plugin does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting + description: WordPress Contact Form 7 Skins plugin 2.5.0 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the tab parameter before outputting it back in an admin page. reference: - https://wpscan.com/vulnerability/e2185887-3e53-4089-aa3f-981c944ee0bb + - https://nvd.nist.gov/vuln/detail/CVE-2021-25063 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -44,3 +45,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-25075.yaml b/cves/2021/CVE-2021-25075.yaml index 0a87e11633..60e56e87c7 100644 --- a/cves/2021/CVE-2021-25075.yaml +++ b/cves/2021/CVE-2021-25075.yaml @@ -1,15 +1,16 @@ id: CVE-2021-25075 info: - name: WordPress Duplicate Page or Post < 1.5.1 - Stored XSS + name: WordPress Duplicate Page or Post <1.5.1 - Cross-Site Scripting author: DhiyaneshDK severity: low description: | - The plugin does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings, or perform such attack via CSRF. Furthermore, due to the lack of escaping, this could lead to Stored Cross-Site Scripting issues. + WordPress Duplicate Page or Post plugin before 1.5.1 contains a stored cross-site scripting vulnerability. The plugin does not have any authorization and has a flawed cross-site request forgery check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing unauthenticated users to call it and change the plugin's settings, or perform such attack via cross-site request forgery. remediation: Fixed in version 1.5.1. reference: - https://wpscan.com/vulnerability/db5a0431-af4d-45b7-be4e-36b6c90a601b - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25075 + - https://nvd.nist.gov/vuln/detail/CVE-2021-25075 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N cvss-score: 3.50 @@ -58,3 +59,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-26247.yaml b/cves/2021/CVE-2021-26247.yaml index 3a51363f35..90ad608a46 100644 --- a/cves/2021/CVE-2021-26247.yaml +++ b/cves/2021/CVE-2021-26247.yaml @@ -1,13 +1,13 @@ id: CVE-2021-26247 info: - name: Unauthenticated XSS Cacti - auth_changepassword.php + name: Cacti - Cross-Site Scripting author: dhiyaneshDK severity: medium - description: As an unauthenticated remote user, visit "http:///auth_changepassword.php?ref=" to successfully execute the JavaScript payload present in the "ref" URL parameter. + description: Cacti contains a cross-site scripting vulnerability via "http:///auth_changepassword.php?ref=" which can successfully execute the JavaScript payload present in the "ref" URL parameter. reference: - - https://nvd.nist.gov/vuln/detail/CVE-2021-26247 - https://www.cacti.net/info/changelog + - https://nvd.nist.gov/vuln/detail/CVE-2021-26247 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -35,3 +35,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-26475.yaml b/cves/2021/CVE-2021-26475.yaml index 44ca42a8a2..9a3b05f436 100644 --- a/cves/2021/CVE-2021-26475.yaml +++ b/cves/2021/CVE-2021-26475.yaml @@ -1,13 +1,14 @@ id: CVE-2021-26475 info: - name: EPrints 3.4.2 XSS + name: EPrints 3.4.2 - Cross-Site Scripting author: geeknik severity: medium - description: EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI. + description: EPrints 3.4.2 contains a reflected cross-site scripting vulnerability via the cgi/cal URI. reference: - https://github.com/grymer/CVE/blob/master/eprints_security_review.pdf - https://files.eprints.org/2548/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-26475 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -34,3 +35,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-26702.yaml b/cves/2021/CVE-2021-26702.yaml index ec2c824ea8..a543bb5aa1 100644 --- a/cves/2021/CVE-2021-26702.yaml +++ b/cves/2021/CVE-2021-26702.yaml @@ -1,13 +1,14 @@ id: CVE-2021-26702 info: - name: EPrints 3.4.2 XSS + name: EPrints 3.4.2 - Cross-Site Scripting author: ritikchaddha severity: medium - description: EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to a cgi/dataset_ dictionary URI. + description: EPrints 3.4.2 contains a reflected cross-site scripting vulnerability in the dataset parameter to the cgi/dataset_ dictionary URI. reference: - https://github.com/grymer/CVE/blob/master/eprints_security_review.pdf - https://files.eprints.org/2548/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-26702 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -34,3 +35,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-26710.yaml b/cves/2021/CVE-2021-26710.yaml index 652ce11ad0..e1c9346116 100644 --- a/cves/2021/CVE-2021-26710.yaml +++ b/cves/2021/CVE-2021-26710.yaml @@ -1,13 +1,14 @@ id: CVE-2021-26710 info: - name: Redwood v4.3.4.5-v4.5.3 XSS + name: Redwood Report2Web 4.3.4.5 & 4.5.3 - Cross-Site Scripting author: pikpikcu severity: medium - description: A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter. + description: Redwood Report2Web 4.3.4.5 and 4.5.3 contains a cross-site scripting vulnerability in the login panel which allows remote attackers to inject JavaScript via the signIn.do urll parameter. reference: - https://vict0ni.me/report2web-xss-frame-injection.html - https://vict0ni.me/redwood-report2web-xss-and-frame-injection/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-26710 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -35,3 +36,5 @@ requests: words: - "text/html" part: header + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-26723.yaml b/cves/2021/CVE-2021-26723.yaml index 48a762b3f7..33fa476b73 100644 --- a/cves/2021/CVE-2021-26723.yaml +++ b/cves/2021/CVE-2021-26723.yaml @@ -1,15 +1,16 @@ id: CVE-2021-26723 info: - name: Jenzabar v9.20-v9.2.2 XSS + name: Jenzabar 9.2x-9.2.2 - Cross-Site Scripting author: pikpikcu severity: medium - description: Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS. + description: Jenzabar 9.2.x through 9.2.2 contains a cross-site scripting vulnerability. It allows /ics?tool=search&query. reference: - http://packetstormsecurity.com/files/161303/Jenzabar-9.2.2-Cross-Site-Scripting.html - https://gist.github.com/Y0ung-DST/d1b6b65be6248b0ffc2b2f2120deb205 - https://jenzabar.com/blog - https://y0ungdst.medium.com/xss-in-jenzabar-cve-2021-26723-a0749231328 + - https://nvd.nist.gov/vuln/detail/CVE-2021-26723 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -36,4 +37,6 @@ requests: - type: word words: - "text/html" - part: header \ No newline at end of file + part: header + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-26812.yaml b/cves/2021/CVE-2021-26812.yaml index e5378cec02..ddf8e9f797 100644 --- a/cves/2021/CVE-2021-26812.yaml +++ b/cves/2021/CVE-2021-26812.yaml @@ -1,11 +1,10 @@ id: CVE-2021-26812 info: - name: Moodle jitsi plugin XSS + name: Moodle Jitsi Meet 2.7-2.8.3 - Cross-Site Scripting author: aceseven (digisec360) severity: medium - description: Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can - inject javascript code to be run by the application. + description: Moodle Jitsi Meet 2.7 through 2.8.3 plugin contains a cross-site scripting vulnerability via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject JavaScript code to be run by the application. reference: - https://github.com/udima-university/moodle-mod_jitsi/issues/67 - https://nvd.nist.gov/vuln/detail/CVE-2021-26812 @@ -36,3 +35,5 @@ requests: part: header words: - "MoodleSession" + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-27309.yaml b/cves/2021/CVE-2021-27309.yaml index e2a0c2e566..ddfc1caa7d 100644 --- a/cves/2021/CVE-2021-27309.yaml +++ b/cves/2021/CVE-2021-27309.yaml @@ -1,15 +1,15 @@ id: CVE-2021-27309 info: - name: Clansphere CMS 2011.4 - Reflected XSS + name: Clansphere CMS 2011.4 - Cross-Site Scripting author: edoardottt severity: medium description: | - Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter. + Clansphere CMS 2011.4 contains an unauthenticated reflected cross-site scripting vulnerability via the "module" parameter. reference: - https://github.com/xoffense/POC/blob/main/Clansphere%202011.4%20%22module%22%20xss.md - - https://nvd.nist.gov/vuln/detail/CVE-2021-27309 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27309 + - https://nvd.nist.gov/vuln/detail/CVE-2021-27309 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -40,3 +40,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-27310.yaml b/cves/2021/CVE-2021-27310.yaml index dc3d8e65cd..c393e5c50f 100644 --- a/cves/2021/CVE-2021-27310.yaml +++ b/cves/2021/CVE-2021-27310.yaml @@ -1,13 +1,14 @@ id: CVE-2021-27310 info: - name: Clansphere CMS 2011.4 - Reflected Cross-Site Scripting (XSS) + name: Clansphere CMS 2011.4 - Cross-Site Scripting author: alph4byt3 severity: medium - description: Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "language" parameter. + description: Clansphere CMS 2011.4 contains an unauthenticated reflected cross-site scripting vulnerability via the "language" parameter. reference: - https://github.com/xoffense/POC/blob/main/Clansphere%202011.4%20%22language%22%20xss.md - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27310 + - https://nvd.nist.gov/vuln/detail/CVE-2021-27310 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -35,3 +36,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-27330.yaml b/cves/2021/CVE-2021-27330.yaml index f005ed631b..b56532d285 100644 --- a/cves/2021/CVE-2021-27330.yaml +++ b/cves/2021/CVE-2021-27330.yaml @@ -1,16 +1,16 @@ id: CVE-2021-27330 info: - name: Triconsole 3.75 XSS + name: Triconsole Datepicker Calendar <3.77 - Cross-Site Scripting author: pikpikcu,daffainfo severity: medium description: | - Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents. + Triconsole Datepicker Calendar before 3.77 contains a cross-site scripting vulnerability in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents. reference: - https://www.exploit-db.com/exploits/49597 - - https://nvd.nist.gov/vuln/detail/CVE-2021-27330 - http://www.triconsole.com/ - http://www.triconsole.com/php/calendar_datepicker.php + - https://nvd.nist.gov/vuln/detail/CVE-2021-27330 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -43,3 +43,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-27519.yaml b/cves/2021/CVE-2021-27519.yaml index 61f14a6df9..93e44aea56 100644 --- a/cves/2021/CVE-2021-27519.yaml +++ b/cves/2021/CVE-2021-27519.yaml @@ -1,16 +1,16 @@ id: CVE-2021-27519 info: - name: FUDForum 3.1.0 - Reflected XSS + name: FUDForum 3.1.0 - Cross-Site Scripting author: kh4sh3i severity: medium description: | - A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript + FUDForum 3.1.0 contains a cross-site scripting vulnerability which allows remote attackers to inject JavaScript via index.php in the "srch" parameter. reference: - https://www.exploit-db.com/exploits/49942 - - https://nvd.nist.gov/vuln/detail/CVE-2021-27519 - https://github.com/fudforum/FUDforum/issues/2 - http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-27519 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -41,3 +41,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-29484.yaml b/cves/2021/CVE-2021-29484.yaml index 066c94b888..78b0a64cca 100644 --- a/cves/2021/CVE-2021-29484.yaml +++ b/cves/2021/CVE-2021-29484.yaml @@ -1,15 +1,16 @@ id: CVE-2021-29484 info: - name: DOM XSS in Ghost CMS + name: Ghost CMS <=4.32 - Cross-Site Scripting author: rootxharsh,iamnoooob severity: medium - description: Ghost is a Node.js CMS. An unused endpoint added during the development of 4.0.0 has left sites vulnerable to untrusted users gaining access to Ghost Admin. Attackers can gain access by getting logged in users to click a link containing malicious code. Users do not need to enter credentials and may not know they've visited a malicious site. + description: Ghost CMS 4.0.0 to 4.3.2 contains a DOM cross-site scripting vulnerability. An unused endpoint added during the development of 4.0.0 allows attackers to gain access by getting logged-in users to click a link containing malicious code. reference: - https://github.com/TryGhost/Ghost/security/advisories/GHSA-9fgx-q25h-jxrg - - https://nvd.nist.gov/vuln/detail/CVE-2021-29484 - https://www.npmjs.com/package/ghost - https://forum.ghost.org/t/critical-security-update-available-for-ghost-4-x/22290 + - https://nvd.nist.gov/vuln/detail/CVE-2021-29484 + remediation: This issue has been fixed in 4.3.3. classification: cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N cvss-score: 6.8 @@ -37,3 +38,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-29625.yaml b/cves/2021/CVE-2021-29625.yaml index 70287d1af1..e95886aacf 100644 --- a/cves/2021/CVE-2021-29625.yaml +++ b/cves/2021/CVE-2021-29625.yaml @@ -1,14 +1,15 @@ id: CVE-2021-29625 info: - name: Adminer reflected XSS via the table parameter + name: Adminer <=4.8.0 - Cross-Site Scripting author: daffainfo severity: medium - description: Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled). In browsers without CSP, Adminer versions 4.6.1 to 4.8.0 are affected. The vulnerability is patched in version 4.8.1. As workarounds, one can use a browser supporting strict CSP or enable the native PHP extensions (e.g. `mysqli`) or disable displaying PHP errors (`display_errors`). + description: Adminer 4.6.1 to 4.8.0 contains a cross-site scripting vulnerability which affects users of MySQL, MariaDB, PgSQL, and SQLite in browsers without CSP when Adminer uses a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled). reference: - https://sourceforge.net/p/adminer/bugs-and-features/797/ - - https://www.cvedetails.com/cve/CVE-2021-29625/ - https://github.com/vrana/adminer/commit/4043092ec2c0de2258d60a99d0c5958637d051a7 + - https://nvd.nist.gov/vuln/detail/CVE-2021-29625 + remediation: This vulnerability is patched in version 4.8.1. As workarounds, one can use a browser supporting strict CSP or enable the native PHP extensions (e.g. `mysqli`) or disable displaying PHP errors (`display_errors`). classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -36,3 +37,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-3002.yaml b/cves/2021/CVE-2021-3002.yaml index 6789673ece..13f4e8607d 100644 --- a/cves/2021/CVE-2021-3002.yaml +++ b/cves/2021/CVE-2021-3002.yaml @@ -1,14 +1,14 @@ id: CVE-2021-3002 info: - name: Seo Panel 4.8.0 - Post based Reflected XSS + name: Seo Panel 4.8.0 - Cross-Site Scripting author: edoardottt severity: medium - description: Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter. + description: Seo Panel 4.8.0 contains a reflected cross-site scripting vulnerability via the seo/seopanel/login.php?sec=forgot email parameter. reference: - - https://nvd.nist.gov/vuln/detail/CVE-2021-3002 - http://www.cinquino.eu/SeoPanelReflect.htm - https://github.com/seopanel/Seo-Panel/issues/202 + - https://nvd.nist.gov/vuln/detail/CVE-2021-3002 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -41,4 +41,6 @@ requests: words: - "" - "seopanel" - condition: and \ No newline at end of file + condition: and + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-30049.yaml b/cves/2021/CVE-2021-30049.yaml index 6cff3a24b3..356dc34913 100644 --- a/cves/2021/CVE-2021-30049.yaml +++ b/cves/2021/CVE-2021-30049.yaml @@ -1,13 +1,13 @@ id: CVE-2021-30049 info: - name: SysAid Technologies 20.3.64 b14 Reflected XSS + name: SysAid Technologies 20.3.64 b14 - Cross-Site Scripting author: daffainfo severity: medium - description: SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI. + description: SysAid 20.3.64 b14 contains a cross-site scripting vulnerability via the /KeepAlive.jsp?stamp= URI. reference: - https://eh337.net/2021/03/30/sysaid/ - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30049 + - https://nvd.nist.gov/vuln/detail/CVE-2021-30049 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -35,3 +35,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-30151.yaml b/cves/2021/CVE-2021-30151.yaml index 4c58103107..ff25ad6b7f 100644 --- a/cves/2021/CVE-2021-30151.yaml +++ b/cves/2021/CVE-2021-30151.yaml @@ -1,14 +1,14 @@ id: CVE-2021-30151 info: - name: Sidekiq 5.1.3 and 6.x-6.2.0 - Cross-Site Scripting + name: Sidekiq <=6.2.0 - Cross-Site Scripting author: DhiyaneshDk severity: medium - description: Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used. + description: Sidekiq through 5.1.3 and 6.x through 6.2.0 contains a cross-site scripting vulnerability via the queue name of the live-poll feature when Internet Explorer is used. reference: - https://github.com/mperham/sidekiq/issues/4852 - - https://nvd.nist.gov/vuln/detail/CVE-2021-30151 - https://lists.debian.org/debian-lts-announce/2022/03/msg00015.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-30151 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -35,3 +35,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-30213.yaml b/cves/2021/CVE-2021-30213.yaml index b2819c12c4..136e5b6b3b 100644 --- a/cves/2021/CVE-2021-30213.yaml +++ b/cves/2021/CVE-2021-30213.yaml @@ -1,13 +1,13 @@ id: CVE-2021-30213 info: - name: Knowage Suite 7.3 XSS + name: Knowage Suite 7.3 - Cross-Site Scripting author: alph4byt3 severity: medium - description: Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter. + description: Knowage Suite 7.3 contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter. reference: - - https://nvd.nist.gov/vuln/detail/CVE-2021-30213 - https://github.com/piuppi/Proof-of-Concepts/blob/main/Engineering/XSS-KnowageSuite7-3_unauth.md + - https://nvd.nist.gov/vuln/detail/CVE-2021-30213 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -35,3 +35,5 @@ requests: part: header words: - text/html + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-31250.yaml b/cves/2021/CVE-2021-31250.yaml index 1979dd2372..45d9bde403 100644 --- a/cves/2021/CVE-2021-31250.yaml +++ b/cves/2021/CVE-2021-31250.yaml @@ -1,14 +1,15 @@ id: CVE-2021-31250 info: - name: CHIYU IoT XSS + name: CHIYU TCP/IP Converter - Cross-Site Scripting author: geeknik severity: medium - description: Several versions and models of CHIYU IoT devices are vulnerable to multiple Cross-Site Scripting flaws. + description: CHIYU BF-430, BF-431 and BF-450M TCP/IP Converter devices contain a cross-site scripting vulnerability due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, and ppp.cgi. reference: - https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31250 - https://www.chiyu-tech.com/msg/message-Firmware-update-87.htm - https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-31250 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N cvss-score: 5.4 @@ -34,3 +35,5 @@ requests: part: body words: - "\">" + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-31537.yaml b/cves/2021/CVE-2021-31537.yaml index 97439ab47f..26717b3613 100644 --- a/cves/2021/CVE-2021-31537.yaml +++ b/cves/2021/CVE-2021-31537.yaml @@ -1,14 +1,15 @@ id: CVE-2021-31537 info: - name: SIS-REWE GO version 7.5.0/12C XSS + name: SIS Informatik REWE GO SP17 <7.7 - Cross-Site Scripting author: geeknik severity: medium - description: SIS SIS-REWE Go before 7.7 SP17 allows XSS -- rewe/prod/web/index.php (affected parameters are config, version, win, db, pwd, and user) and /rewe/prod/web/rewe_go_check.php (version and all other parameters). + description: SIS Informatik REWE GO SP17 before 7.7 contains a cross-site scripting vulnerability via rewe/prod/web/index.php (affected parameters are config, version, win, db, pwd, and user) and /rewe/prod/web/rewe_go_check.php (version and all other parameters). reference: - https://sec-consult.com/vulnerability-lab/advisory/reflected-xss-sis-infromatik-rewe-go-cve-2021-31537/ - http://seclists.org/fulldisclosure/2021/May/20 - https://sisinformatik.com/rewe-go/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-31537 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -34,3 +35,5 @@ requests: part: header words: - "text/html" + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-31589.yaml b/cves/2021/CVE-2021-31589.yaml index e8ae46f1bd..50955fa55d 100644 --- a/cves/2021/CVE-2021-31589.yaml +++ b/cves/2021/CVE-2021-31589.yaml @@ -1,15 +1,16 @@ id: CVE-2021-31589 info: - name: BeyondTrust Remote Support Reflected XSS + name: BeyondTrust Secure Remote Access Base <=6.0.1 - Cross-Site Scripting author: Ahmed Abou-Ela severity: medium - description: Unauthenticated cross-site scripting (XSS) vulnerability in BeyondTrust Secure Remote Access Base Software through 6.0.1 allow remote attackers to inject arbitrary web script or HTML. + description: BeyondTrust Secure Remote Access Base through 6.0.1 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML. reference: - https://packetstormsecurity.com/files/165408 - https://cxsecurity.com/issue/WLB-2022010013 - https://beyondtrustcorp.service-now.com/csm?sys_kb_id=922d0ab31bc1b490e73854ae034bcb7b&id=kb_article_view&sysparm_rank=1&sysparm_tsqueryId=64fc14ffdb8f70d422725385ca9619cb - https://www.beyondtrust.com/docs/release-notes/index.htm + - https://nvd.nist.gov/vuln/detail/CVE-2021-31589 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -38,3 +39,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-31862.yaml b/cves/2021/CVE-2021-31862.yaml index 002a8fdbff..5e6170d84a 100644 --- a/cves/2021/CVE-2021-31862.yaml +++ b/cves/2021/CVE-2021-31862.yaml @@ -1,14 +1,14 @@ id: CVE-2021-31862 info: - name: SysAid - Reflected XSS + name: SysAid 20.4.74 - Cross-Site Scripting author: jas37 severity: medium - description: SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication. + description: SysAid 20.4.74 contains a reflected cross-site scripting vulnerability via the KeepAlive.jsp stamp parameter. reference: - https://github.com/RobertDra/CVE-2021-31862/blob/main/README.md - - https://nvd.nist.gov/vuln/detail/CVE-2021-31862 - https://www.sysaid.com/product/on-premise/latest-release + - https://nvd.nist.gov/vuln/detail/CVE-2021-31862 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -27,4 +27,6 @@ requests: dsl: - '(body == "false ")' - 'status_code == 200' - condition: and \ No newline at end of file + condition: and + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-32853.yaml b/cves/2021/CVE-2021-32853.yaml index 3bc5300c3d..ca5084210a 100644 --- a/cves/2021/CVE-2021-32853.yaml +++ b/cves/2021/CVE-2021-32853.yaml @@ -1,10 +1,10 @@ id: CVE-2021-32853 info: - name: Erxes <= v0.23.0 XSS + name: Erxes <0.23.0 - Cross-Site Scripting author: dwisiswant0 severity: medium - description: Erxes prior to version 0.23.0 is vulnerable to cross-site scripting.The value of topicID parameter is not escaped & triggered in the enclosing script tag. + description: Erxes before 0.23.0 contains a cross-site scripting vulnerability. The value of topicID parameter is not escaped and is triggered in the enclosing script tag. reference: - https://securitylab.github.com/advisories/GHSL-2021-103-erxes/ - https://nvd.nist.gov/vuln/detail/CVE-2021-3285 @@ -36,3 +36,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-33904.yaml b/cves/2021/CVE-2021-33904.yaml index 88ca2a982f..1f6531393d 100644 --- a/cves/2021/CVE-2021-33904.yaml +++ b/cves/2021/CVE-2021-33904.yaml @@ -1,14 +1,15 @@ id: CVE-2021-33904 info: - name: Accela Civic Platform 21.1 - 'servProvCode' XSS + name: Accela Civic Platform <=21.1 - Cross-Site Scripting author: geeknik severity: medium - description: In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. + description: Accela Civic Platform through 21.1 contains a cross-site scripting vulnerability via the security/hostSignon.do parameter servProvCode. reference: - https://www.exploit-db.com/exploits/49980 - https://gist.github.com/0xx7/3d934939d7122fe23db11bc48eda9d21 - http://packetstormsecurity.com/files/163093/Accela-Civic-Platorm-21.1-Cross-Site-Scripting.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-33904 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -36,4 +37,6 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-34370.yaml b/cves/2021/CVE-2021-34370.yaml index 927dad3943..ce3d29a587 100644 --- a/cves/2021/CVE-2021-34370.yaml +++ b/cves/2021/CVE-2021-34370.yaml @@ -1,15 +1,15 @@ id: CVE-2021-34370 info: - name: Accela Civic Platform 21.1 - Open Redirect & XSS + name: Accela Civic Platform <=21.1 - Cross-Site Scripting author: 0x_Akoko severity: medium - description: Accela Civic Platform Cross-Site-Scripting and Open Redirect <= 21.1 + description: Accela Civic Platform through 21.1 contains a cross-site scripting vulnerability via ssoAdapter/logoutAction.do successURL. reference: - https://www.exploit-db.com/exploits/49990 - - https://nvd.nist.gov/vuln/detail/CVE-2021-34370 - https://www.accela.com/civic-platform/ - https://gist.github.com/0xx7/7e9f1b725f7ff98b9239d3cb027b7dc8 + - https://nvd.nist.gov/vuln/detail/CVE-2021-34370 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -27,3 +27,5 @@ requests: regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' part: header + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-34640.yaml b/cves/2021/CVE-2021-34640.yaml index e6a0f0ab73..671821477a 100644 --- a/cves/2021/CVE-2021-34640.yaml +++ b/cves/2021/CVE-2021-34640.yaml @@ -1,15 +1,15 @@ id: CVE-2021-34640 info: - name: Securimage-WP-Fixed <= 3.5.4 - Reflected Cross-Site Scripting (XSS) + name: WordPress Securimage-WP-Fixed <=3.5.4 - Cross-Site Scripting author: dhiyaneshDK severity: medium - description: The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5.4. + description: WordPress Securimage-WP-Fixed plugin 3.5.4 and prior contains a cross-site scripting vulnerability due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file, which allows attackers to inject arbitrary web scripts. reference: - https://wpscan.com/vulnerability/22017067-8675-4884-b976-d7f5a71279d2 - - https://nvd.nist.gov/vuln/detail/CVE-2021-34640 - https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34640 - https://plugins.trac.wordpress.org/browser/securimage-wp-fixed/trunk/securimage-wp.php#L628 + - https://nvd.nist.gov/vuln/detail/CVE-2021-34640 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -48,3 +48,5 @@ requests: part: header words: - "text/html" + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-34643.yaml b/cves/2021/CVE-2021-34643.yaml index 0cf31a9da0..6210fa2c8d 100644 --- a/cves/2021/CVE-2021-34643.yaml +++ b/cves/2021/CVE-2021-34643.yaml @@ -1,15 +1,15 @@ id: CVE-2021-34643 info: - name: Skaut bazar < 1.3.3 - Reflected Cross-Site Scripting + name: WordPress Skaut Bazar <1.3.3 - Cross-Site Scripting author: dhiyaneshDK severity: medium - description: The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/skaut-bazar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.2. + description: WordPress Skaut Bazar plugin before 1.3.3 contains a reflected cross-site scripting vulnerability due to the use of $_SERVER['PHP_SELF'] in the ~/skaut-bazar.php file, which allows attackers to inject arbitrary web scripts. reference: - https://wpscan.com/vulnerability/c1b41276-b8fb-4a5c-bede-84ea62663b7a - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34643 - https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34643 - https://plugins.trac.wordpress.org/browser/skaut-bazar/tags/1.3.2/skaut-bazar.php#L657 + - https://nvd.nist.gov/vuln/detail/CVE-2021-34643 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -48,3 +48,5 @@ requests: part: header words: - "text/html" + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-36450.yaml b/cves/2021/CVE-2021-36450.yaml index 0b8526d3b3..c95ae38b34 100644 --- a/cves/2021/CVE-2021-36450.yaml +++ b/cves/2021/CVE-2021-36450.yaml @@ -1,15 +1,15 @@ id: CVE-2021-36450 info: - name: Verint 15.2 - Cross Site Scripting + name: Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting author: atomiczsec severity: medium - description: Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter. + description: Verint Workforce Optimization 15.2.8.10048 contains a cross-site scripting vulnerability via the control/my_notifications NEWUINAV parameter. reference: - https://medium.com/@1nf0sk/cve-2021-36450-cross-site-scripting-xss-6f5d8d7db740 - https://sushantvkamble.blogspot.com/2021/11/cross-site-scripting-xss.html - - https://nvd.nist.gov/vuln/detail/CVE-2021-36450 - http://verint.com + - https://nvd.nist.gov/vuln/detail/CVE-2021-36450 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -61,3 +61,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-37216.yaml b/cves/2021/CVE-2021-37216.yaml index 25f31aa3fc..28221d2bdd 100644 --- a/cves/2021/CVE-2021-37216.yaml +++ b/cves/2021/CVE-2021-37216.yaml @@ -1,15 +1,14 @@ id: CVE-2021-37216 info: - name: QSAN Storage Manager prior to v3.3.3 Reflected XSS + name: QSAN Storage Manager <3.3.3 - Cross-Site Scripting author: dwisiswant0 severity: medium description: | - QSAN Storage Manager header page parameters does not filter special characters. - Remote attackers can inject JavaScript without logging in and launch - reflected XSS attacks to access and modify specific data. + QSAN Storage Manager before 3.3.3 contains a reflected cross-site scripting vulnerability. Header page parameters do not filter special characters. Remote attackers can inject JavaScript to access and modify specific data. reference: - https://www.twcert.org.tw/tw/cp-132-4962-44cd2-1.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-37216 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -40,3 +39,5 @@ requests: - type: dsl dsl: - "!contains(tolower(all_headers), 'x-xss-protection')" + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-37416.yaml b/cves/2021/CVE-2021-37416.yaml index d534bfabf9..16c783a632 100644 --- a/cves/2021/CVE-2021-37416.yaml +++ b/cves/2021/CVE-2021-37416.yaml @@ -1,10 +1,15 @@ id: CVE-2021-37416 info: - name: Zoho ManageEngine ADSelfService Plus - Reflected XSS + name: Zoho ManageEngine ADSelfService Plus <=6103 - Cross-Site Scripting author: edoardottt severity: medium - description: Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page. + description: Zoho ManageEngine ADSelfService Plus 6103 and prior contains a reflected cross-site scripting vulnerability on the loadframe page. + reference: + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37416 + - https://blog.stmcyber.com/vulns/cve-2021-37416/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-37416 + tags: cve,cve2021,zoho,xss classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -13,11 +18,6 @@ info: metadata: shodan-query: http.title:"ManageEngine" verified: true - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2021-37416 - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37416 - - https://blog.stmcyber.com/vulns/cve-2021-37416/ - tags: cve,cve2021,zoho,xss requests: - method: GET @@ -40,4 +40,6 @@ requests: words: - ">" - "adsf/js/" - condition: and \ No newline at end of file + condition: and + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-37833.yaml b/cves/2021/CVE-2021-37833.yaml index f76398eeb8..d4af2272cc 100644 --- a/cves/2021/CVE-2021-37833.yaml +++ b/cves/2021/CVE-2021-37833.yaml @@ -1,14 +1,14 @@ id: CVE-2021-37833 info: - name: Hotel Druid 3.0.2 XSS + name: Hotel Druid 3.0.2 - Cross-Site Scripting author: pikpikcu severity: medium - description: Reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands. + description: Hotel Druid 3.0.2 contains a cross-site scripting vulnerability in multiple pages which allows for arbitrary execution of JavaScript commands. reference: - https://github.com/dievus/CVE-2021-37833 - - https://nvd.nist.gov/vuln/detail/CVE-2021-37833 - https://www.hoteldruid.com + - https://nvd.nist.gov/vuln/detail/CVE-2021-37833 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -41,3 +41,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-42063.yaml b/cves/2021/CVE-2021-42063.yaml index f56a291589..be4cdc8a05 100644 --- a/cves/2021/CVE-2021-42063.yaml +++ b/cves/2021/CVE-2021-42063.yaml @@ -1,11 +1,11 @@ id: CVE-2021-42063 info: - name: SAP Knowledge Warehouse (KW) - Reflected XSS + name: SAP Knowledge Warehouse <=7.5.0 - Cross-Site Scripting author: pdteam severity: medium description: | - A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data. + SAP Knowledge Warehouse 7.30, 7.31, 7.40, and 7.50 contain a reflected cross-site scripting vulnerability via the usage of one SAP KW component within a web browser. reference: - https://seclists.org/fulldisclosure/2022/Mar/32 - https://packetstormsecurity.com/files/166369/SAP-Knowledge-Warehouse-7.50-7.40-7.31-7.30-Cross-Site-Scripting.html @@ -42,4 +42,6 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-45422.yaml b/cves/2021/CVE-2021-45422.yaml index 1768449328..8a428ded25 100644 --- a/cves/2021/CVE-2021-45422.yaml +++ b/cves/2021/CVE-2021-45422.yaml @@ -1,11 +1,11 @@ id: CVE-2021-45422 info: - name: Reprise License Manager 14.2 - Reflected XSS + name: Reprise License Manager 14.2 - Cross-Site Scripting author: edoardottt severity: medium description: | - Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET. No authentication is required. + Reprise License Manager 14.2 contains a cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET. reference: - https://seclists.org/fulldisclosure/2022/Jan/31 - https://www.getinfosec.news/13202933/reprise-license-manager-142-reflected-cross-site-scripting#/ @@ -42,3 +42,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2021/CVE-2021-46387.yaml b/cves/2021/CVE-2021-46387.yaml index da999dc5c4..a3ef370c63 100644 --- a/cves/2021/CVE-2021-46387.yaml +++ b/cves/2021/CVE-2021-46387.yaml @@ -4,12 +4,12 @@ info: name: Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting author: DhiyaneshDk severity: medium - description: ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking. + description: ZyXEL ZyWALL 2 Plus Internet Security Appliance contains a cross-site scripting vulnerability. Insecure URI handling leads to bypass of security restrictions, which allows an attacker to execute arbitrary JavaScript codes to perform multiple attacks. reference: - https://www.exploit-db.com/exploits/50797 - - https://nvd.nist.gov/vuln/detail/CVE-2021-46387 - https://www.zyxel.com/us/en/support/security_advisories.shtml - https://drive.google.com/drive/folders/1_XfWBLqxT2Mqt7uB663Sjlc62pE8-rcN?usp=sharing + - https://nvd.nist.gov/vuln/detail/CVE-2021-46387 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 @@ -41,3 +41,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2022/CVE-2022-0140.yaml b/cves/2022/CVE-2022-0140.yaml index 48c298e85a..cc4682ea12 100644 --- a/cves/2022/CVE-2022-0140.yaml +++ b/cves/2022/CVE-2022-0140.yaml @@ -1,14 +1,15 @@ id: CVE-2022-0140 info: - name: WordPress Visual Form Builder < 3.0.6 - Unauthenticated Information Disclosure + name: WordPress Visual Form Builder <3.0.8 - Cross-Site Scripting author: random-robbie severity: medium description: | - Visual Form Builder < 3.0.6 - Unauthenticated Information Disclosure. The plugin does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint. + WordPress Visual Form Builder plugin before 3.0.8 contains a cross-site scripting vulnerability. The plugin does not perform access control on entry form export, allowing an unauthenticated user to export the form entries as CSV files using the vfb-export endpoint. reference: - https://wpscan.com/vulnerability/9fa2b3b6-2fe3-40f0-8f71-371dd58fe336 - https://www.fortiguard.com/zeroday/FG-VD-21-082 + - https://nvd.nist.gov/vuln/detail/cve-2022-0140 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 @@ -37,4 +38,6 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2022/CVE-2022-0148.yaml b/cves/2022/CVE-2022-0148.yaml index 776c46aeef..b2d6dd34ba 100644 --- a/cves/2022/CVE-2022-0148.yaml +++ b/cves/2022/CVE-2022-0148.yaml @@ -1,14 +1,15 @@ id: CVE-2022-0148 info: - name: All-in-one Floating Contact Form < 2.0.4 - Authenticated Reflected XSS + name: WordPress All-in-one Floating Contact Form <2.0.4 - Cross-Site Scripting author: DhiyaneshDK severity: medium - description: The plugin was vulnerable to reflected XSS on the my-sticky-elements-leads admin page. + description: WordPress All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs plugin before 2.0.4 contains a reflected cross-site scripting vulnerability on the my-sticky-elements-leads admin page. reference: - https://wpscan.com/vulnerability/37665ee1-c57f-4445-9596-df4f7d72c8cd - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0148 - https://plugins.trac.wordpress.org/changeset/2654453/mystickyelements + - https://nvd.nist.gov/vuln/detail/CVE-2022-0148 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N cvss-score: 5.4 @@ -47,3 +48,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/28 diff --git a/cves/2022/CVE-2022-31269.yaml b/cves/2022/CVE-2022-31269.yaml index fedbed181d..f4de41f944 100644 --- a/cves/2022/CVE-2022-31269.yaml +++ b/cves/2022/CVE-2022-31269.yaml @@ -8,9 +8,10 @@ info: Admin credentials are stored in clear text at the endpoint /test.txt (This occurs in situations where the default credentials admin:admin have beenchanged.) Allows an unauthenticated attacker to obtain adminicredentials, access the admin dashboard of Linear eMerge E3-Series devices, control entire building doors, cameras, elevator, etc... and access information about employees who can access the building and take control of the entire building. reference: - https://packetstormsecurity.com/files/167990/Nortek-Linear-eMerge-E3-Series-Credential-Disclosure.html - - https://nvd.nist.gov/vuln/detail/CVE-2022-31269 - - https://eg.linkedin.com/in/omar-1-hashem - https://www.nortekcontrol.com/access-control/ + - https://nvd.nist.gov/vuln/detail/CVE-2022-31269 + classification: + cve-id: CVE-2022-31269 metadata: shodan-query: http.title:"Linear eMerge" verified: "true" diff --git a/cves/2022/CVE-2022-31798.yaml b/cves/2022/CVE-2022-31798.yaml index 7b9e2ba803..411d9517d3 100644 --- a/cves/2022/CVE-2022-31798.yaml +++ b/cves/2022/CVE-2022-31798.yaml @@ -10,7 +10,8 @@ info: - https://packetstormsecurity.com/files/167992/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31798 - http://packetstormsecurity.com/files/167992/Nortek-Linear-eMerge-E3-Series-Account-Takeover.html - - https://eg.linkedin.com/in/omar-1-hashem + classification: + cve-id: CVE-2022-31798 metadata: shodan-query: http.title:"eMerge" verified: "true"