parent
62177ea041
commit
df40b89192
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2021-24300
|
||||
|
||||
info:
|
||||
name: PickPlugins Product Slider for WooCommerce < 1.13.22 - XSS
|
||||
name: WordPress WooCommerce <1.13.22 - Cross-Site Scripting
|
||||
author: cckuailong
|
||||
severity: medium
|
||||
description: The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin before 1.13.22 did not properly sanitised the keyword GET parameter, leading to reflected Cross-Site Scripting issue.
|
||||
description: WordPress WooCommerce before 1.13.22 contains a reflected cross-site scripting vulnerability via the slider import search feature because it does not properly sanitize the keyword GET parameter.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/5fbbc7ad-3f1a-48a1-b2eb-e57f153eb837
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24300
|
||||
|
@ -47,3 +47,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2021-24316
|
||||
|
||||
info:
|
||||
name: An Unauthenticated Reflected XSS & XFS Mediumish theme through 1.0.47 for WordPress
|
||||
name: WordPress Mediumish Theme <=1.0.47 - Cross-Site Scripting
|
||||
author: 0x_Akoko
|
||||
severity: medium
|
||||
description: Mediumish WordPress Theme <= 1.0.47 - Unauthenticated Reflected XSS & XFS.
|
||||
description: WordPress Mediumish theme 1.0.47 and prior contains an unauthenticated reflected cross-site scripting vulnerability. The 's' GET parameter is not properly sanitized by the search feature before it is output back on the page.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e
|
||||
- https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txt
|
||||
- https://www.wowthemes.net/themes/mediumish-wordpress/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24316
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -38,3 +39,5 @@ requests:
|
|||
words:
|
||||
- "text/html"
|
||||
part: header
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2021-24320
|
||||
|
||||
info:
|
||||
name: Bello WordPress Theme < 1.6.0 - Reflected Cross-Site Scripting (XSS)
|
||||
name: WordPress Bello Directory & Listing Theme <1.6.0 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value,
|
||||
bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameter in ints listing
|
||||
page, leading to reflected Cross-Site Scripting issues.
|
||||
description: WordPress Bello Directory & Listing theme before 1.6.0 contains a reflected cross-site scripting vulnerability. It does not properly sanitize and escape the listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value,
|
||||
bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameters in the ints listing
|
||||
page.
|
||||
reference:
|
||||
- https://m0ze.ru/vulnerability/%5B2021-03-21%5D-%5BWordPress%5D-%5BCWE-79%5D-Bello-WordPress-Theme-v1.5.9.txt
|
||||
- https://wpscan.com/vulnerability/6b5b42fd-028a-4405-b027-3266058029bb
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24320
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -37,3 +38,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2021-24335
|
||||
|
||||
info:
|
||||
name: Car Repair Services < 4.0 - Reflected Cross-Site Scripting (XSS)
|
||||
name: WordPress Car Repair Services & Auto Mechanic Theme <4.0 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: The Car Repair Services & Auto Mechanic WordPress theme before 4.0 did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue
|
||||
description: WordPress Car Repair Services & Auto Mechanic before 4.0 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the serviceestimatekey parameter before outputting it back in the page.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24335
|
||||
- https://themeforest.net/item/car-repair-services-auto-mechanic-wordpress-theme/19823557
|
||||
- https://m0ze.ru/vulnerability/[2021-02-12]-[WordPress]-[CWE-79]-Car-Repair-Services-WordPress-Theme-v3.9.txt
|
||||
- https://wpscan.com/vulnerability/39258aba-2449-4214-a490-b8e46945117d
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24335
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -37,3 +37,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2021-24342
|
||||
|
||||
info:
|
||||
name: JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS)
|
||||
name: WordPress JNews Theme <8.0.6 - Cross-Site Scripting
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue.
|
||||
description: WordPress JNews theme before 8.0.6 contains a reflected cross-site scripting vulnerability. It does not sanitize the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*).
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/415ca763-fe65-48cb-acd3-b375a400217e
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24342
|
||||
|
@ -41,3 +41,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,11 +1,10 @@
|
|||
id: CVE-2021-24364
|
||||
|
||||
info:
|
||||
name: Jannah < 5.4.4 (XSS)
|
||||
name: WordPress Jannah Theme <5.4.4 - Cross-Site Scripting
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site
|
||||
Scripting (XSS) vulnerability.
|
||||
description: WordPress Jannah theme before 5.4.4 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/1d53fbe5-a879-42ca-a9d3-768a80018382
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24364
|
||||
|
@ -37,3 +36,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,17 +1,16 @@
|
|||
id: CVE-2021-24387
|
||||
|
||||
info:
|
||||
name: Real Estate 7 WordPress Theme < 3.1.1 - Unauthenticated Reflected XSS
|
||||
name: WordPress Pro Real Estate 7 Theme <3.1.1 - Cross-Site Scripting
|
||||
author: suman_kar
|
||||
severity: medium
|
||||
description: |
|
||||
The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly sanitise the ct_community parameter
|
||||
in its search listing page before outputting it back in it, leading to a reflected Cross-Site Scripting which
|
||||
can be triggered in both unauthenticated or authenticated user context
|
||||
WordPress Pro Real Estate 7 theme before 3.1.1 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the ct_community parameter in its search listing page before outputting it back.
|
||||
reference:
|
||||
- https://cxsecurity.com/issue/WLB-2021070041
|
||||
- https://wpscan.com/vulnerability/27264f30-71d5-4d2b-8f36-4009a2be6745
|
||||
- https://contempothemes.com/wp-real-estate-7/changelog/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24387
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -40,3 +39,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
id: CVE-2021-24389
|
||||
|
||||
info:
|
||||
name: FoodBakery < 2.2 - Reflected Cross-Site Scripting (XSS)
|
||||
name: WordPress FoodBakery <2.2 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery WordPress theme before 2.2 did not properly sanitize the foodbakery_radius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability.
|
||||
description: WordPress FoodBakery before 2.2 contains an unauthenticated reflected cross-site scripting vulnerability. It does not properly sanitize the foodbakery_radius parameter before outputting it back in the response.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24389
|
||||
- https://wpscan.com/vulnerability/23b8b8c4-cded-4887-a021-5f3ea610213b
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24389
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -35,3 +35,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2021-24407
|
||||
|
||||
info:
|
||||
name: Jannah < 5.4.5 - Reflected Cross-Site Scripting (XSS)
|
||||
name: WordPress Jannah Theme <5.4.5 - Cross-Site Scripting
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: The Jannah WordPress theme before 5.4.5 did not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action, leading to a Reflected Cross-site Scripting (XSS) vulnerability.
|
||||
description: WordPress Jannah theme before 5.4.5 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/fba9f010-1202-4eea-a6f5-78865c084153
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24407
|
||||
|
@ -41,3 +41,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2021-24488
|
||||
|
||||
info:
|
||||
name: WordPress Plugin Post Grid < 2.1.8 - XSS
|
||||
name: WordPress Post Grid <2.1.8 - Cross-Site Scripting
|
||||
author: cckuailong
|
||||
severity: medium
|
||||
description: The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly sanitised before being output back in the pages, leading to Reflected Cross-Site Scripting issues
|
||||
description: WordPress Post Grid plugin before 2.1.8 contains a reflected cross-site scripting vulnerability. The slider import search feature and tab parameter of thesettings are not properly sanitized before being output back in the pages,
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/1fc0aace-ba85-4939-9007-d150960add4a
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24488
|
||||
|
@ -43,3 +43,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2021-24495
|
||||
|
||||
info:
|
||||
name: Wordpress Plugin Marmoset Viewer XSS
|
||||
name: Wordpress Marmoset Viewer <1.9.3 - Cross-Site Scripting
|
||||
author: johnjhacking
|
||||
severity: medium
|
||||
description: The Marmoset Viewer WordPress plugin before 1.9.3 does not property sanitize, validate or escape the 'id' parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue.
|
||||
description: WordPress Marmoset Viewer plugin before 1.9.3 contains a cross-site scripting vulnerability. It does not property sanitize, validate, or escape the 'id' parameter before outputting back in the page.
|
||||
reference:
|
||||
- https://johnjhacking.com/blog/cve-2021-24495-improper-neutralization-of-input-during-web-page-generation-on-id-parameter-in-wordpress-marmoset-viewer-plugin-versions-1.9.3-leads-to-reflected-cross-site-scripting/
|
||||
- https://wordpress.org/plugins/marmoset-viewer/#developers
|
||||
- https://wpscan.com/vulnerability/d11b79a3-f762-49ab-b7c8-3174624d7638
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24495
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -38,3 +39,5 @@ requests:
|
|||
- type: word
|
||||
words:
|
||||
- "Marmoset Viewer"
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,12 +1,13 @@
|
|||
id: CVE-2021-24498
|
||||
|
||||
info:
|
||||
name: Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS)
|
||||
name: WordPress Calendar Event Multi View <1.4.01 - Cross-Site Scripting
|
||||
author: suman_kar
|
||||
severity: medium
|
||||
description: The plugin does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php), leading to a reflected Cross-Site Scripting issue.
|
||||
description: WordPress Calendar Event Multi View plugin before 1.4.01 contains an unauthenticated reflected cross-site scripting vulnerability. It does not sanitize or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php).
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/3c5a5187-42b3-4f88-9b0e-4fdfa1c39e86
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24498
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -40,3 +41,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2021-24510
|
||||
|
||||
info:
|
||||
name: MF Gig Calendar <= 1.1 - Reflected Cross-Site Scripting (XSS)
|
||||
name: WordPress MF Gig Calendar <=1.1 - Cross-Site Scripting
|
||||
author: dhiyaneshDK
|
||||
severity: medium
|
||||
description: The MF Gig Calendar WordPress plugin through 1.1 does not sanitise or escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue
|
||||
description: WordPress MF Gig Calendar plugin 1.1 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize or escape the id GET parameter before outputting back in the admin dashboard when editing an event.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24510
|
||||
|
@ -46,3 +46,5 @@ requests:
|
|||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
id: CVE-2021-24891
|
||||
|
||||
info:
|
||||
name: Elementor < 3.1.4 - DOM Cross-Site-Scripting
|
||||
name: WordPress Elementor Website Builder <3.1.4 - Cross-Site Scripting
|
||||
author: dhiyaneshDk
|
||||
severity: medium
|
||||
description: |
|
||||
The Elementor Website Builder WordPress plugin before 3.1.4 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue.
|
||||
WordPress Elementor Website Builder plugin before 3.1.4 contains a DOM cross-site scripting vulnerability. It does not sanitize or escape user input appended to the DOM via a malicious hash.
|
||||
reference:
|
||||
- https://www.jbelamor.com/xss-elementor-lightox.html
|
||||
- https://wpscan.com/vulnerability/fbed0daa-007d-4f91-8d87-4bca7781de2d
|
||||
|
@ -46,3 +46,5 @@ requests:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- compare_versions(version, '> 1.5.0', '< 3.1.4') && status_code_1 == 200 && status_code_2 == 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,24 +1,23 @@
|
|||
id: CVE-2021-24910
|
||||
|
||||
info:
|
||||
name: Transposh WordPress < 1.0.7 - Reflected Cross-Site Scripting (XSS)
|
||||
name: WordPress Transposh Translation <1.0.8 - Cross-Site Scripting
|
||||
author: Screamy
|
||||
severity: medium
|
||||
description: |
|
||||
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue
|
||||
severity: high
|
||||
description: WordPress Transposh Translation plugin before 1.0.8 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response.
|
||||
reference:
|
||||
- https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/
|
||||
- https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-24910.txt
|
||||
- https://wpscan.com/vulnerability/b5cbebf4-5749-41a0-8be3-3333853fca17
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24910
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24910
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cve-id: CVE-2021-24910
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: wp-plugin,xss,wp,wpscan,cve,cve2021,wordpress
|
||||
verified: true
|
||||
tags: cve,cve2021,wordpress,wp-plugin,xss,wp
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -42,3 +41,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2021-24926
|
||||
|
||||
info:
|
||||
name: WordPress Plugin Domain Check < 1.0.17 - XSS
|
||||
name: WordPress Domain Check <1.0.17 - Cross-Site Scripting
|
||||
author: cckuailong
|
||||
severity: medium
|
||||
description: The Domain Check WordPress plugin before 1.0.17 does not sanitise and escape the domain parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue.
|
||||
description: WordPress Domain Check plugin before 1.0.17 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the domain parameter before outputting it back in the page.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/8cc7cbbd-f74f-4f30-9483-573641fea733
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24926
|
||||
|
@ -43,3 +43,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,11 +1,10 @@
|
|||
id: CVE-2021-24987
|
||||
|
||||
info:
|
||||
name: Super Socializer < 7.13.30 - Reflected Cross-Site Scripting
|
||||
name: WordPress Super Socializer <7.13.30 - Cross-Site Scripting
|
||||
author: Akincibor
|
||||
severity: medium
|
||||
description: The plugin does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response,
|
||||
leading to a Reflected Cross-Site Scripting issue.
|
||||
description: WordPress Super Socializer plugin before 7.13.30 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/a14b668f-812f-46ee-827e-0996b378f7f0
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24987
|
||||
|
@ -36,3 +35,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,12 +1,13 @@
|
|||
id: CVE-2021-25063
|
||||
|
||||
info:
|
||||
name: Contact Form 7 Skins <= 2.5.0 - Reflected Cross-Site Scripting (XSS)
|
||||
name: WordPress Contact Form 7 Skins <=2.5.0 - Cross-Site Scripting
|
||||
author: dhiyaneshDk
|
||||
severity: medium
|
||||
description: The plugin does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
|
||||
description: WordPress Contact Form 7 Skins plugin 2.5.0 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the tab parameter before outputting it back in an admin page.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/e2185887-3e53-4089-aa3f-981c944ee0bb
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-25063
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -44,3 +45,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2021-25075
|
||||
|
||||
info:
|
||||
name: WordPress Duplicate Page or Post < 1.5.1 - Stored XSS
|
||||
name: WordPress Duplicate Page or Post <1.5.1 - Cross-Site Scripting
|
||||
author: DhiyaneshDK
|
||||
severity: low
|
||||
description: |
|
||||
The plugin does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings, or perform such attack via CSRF. Furthermore, due to the lack of escaping, this could lead to Stored Cross-Site Scripting issues.
|
||||
WordPress Duplicate Page or Post plugin before 1.5.1 contains a stored cross-site scripting vulnerability. The plugin does not have any authorization and has a flawed cross-site request forgery check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing unauthenticated users to call it and change the plugin's settings, or perform such attack via cross-site request forgery.
|
||||
remediation: Fixed in version 1.5.1.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/db5a0431-af4d-45b7-be4e-36b6c90a601b
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25075
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-25075
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
|
||||
cvss-score: 3.50
|
||||
|
@ -58,3 +59,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
id: CVE-2021-26247
|
||||
|
||||
info:
|
||||
name: Unauthenticated XSS Cacti - auth_changepassword.php
|
||||
name: Cacti - Cross-Site Scripting
|
||||
author: dhiyaneshDK
|
||||
severity: medium
|
||||
description: As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter.
|
||||
description: Cacti contains a cross-site scripting vulnerability via "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" which can successfully execute the JavaScript payload present in the "ref" URL parameter.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-26247
|
||||
- https://www.cacti.net/info/changelog
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-26247
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -35,3 +35,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
id: CVE-2021-26475
|
||||
|
||||
info:
|
||||
name: EPrints 3.4.2 XSS
|
||||
name: EPrints 3.4.2 - Cross-Site Scripting
|
||||
author: geeknik
|
||||
severity: medium
|
||||
description: EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI.
|
||||
description: EPrints 3.4.2 contains a reflected cross-site scripting vulnerability via the cgi/cal URI.
|
||||
reference:
|
||||
- https://github.com/grymer/CVE/blob/master/eprints_security_review.pdf
|
||||
- https://files.eprints.org/2548/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-26475
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -34,3 +35,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
id: CVE-2021-26702
|
||||
|
||||
info:
|
||||
name: EPrints 3.4.2 XSS
|
||||
name: EPrints 3.4.2 - Cross-Site Scripting
|
||||
author: ritikchaddha
|
||||
severity: medium
|
||||
description: EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to a cgi/dataset_ dictionary URI.
|
||||
description: EPrints 3.4.2 contains a reflected cross-site scripting vulnerability in the dataset parameter to the cgi/dataset_ dictionary URI.
|
||||
reference:
|
||||
- https://github.com/grymer/CVE/blob/master/eprints_security_review.pdf
|
||||
- https://files.eprints.org/2548/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-26702
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -34,3 +35,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
id: CVE-2021-26710
|
||||
|
||||
info:
|
||||
name: Redwood v4.3.4.5-v4.5.3 XSS
|
||||
name: Redwood Report2Web 4.3.4.5 & 4.5.3 - Cross-Site Scripting
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter.
|
||||
description: Redwood Report2Web 4.3.4.5 and 4.5.3 contains a cross-site scripting vulnerability in the login panel which allows remote attackers to inject JavaScript via the signIn.do urll parameter.
|
||||
reference:
|
||||
- https://vict0ni.me/report2web-xss-frame-injection.html
|
||||
- https://vict0ni.me/redwood-report2web-xss-and-frame-injection/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-26710
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -35,3 +36,5 @@ requests:
|
|||
words:
|
||||
- "text/html"
|
||||
part: header
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2021-26723
|
||||
|
||||
info:
|
||||
name: Jenzabar v9.20-v9.2.2 XSS
|
||||
name: Jenzabar 9.2x-9.2.2 - Cross-Site Scripting
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS.
|
||||
description: Jenzabar 9.2.x through 9.2.2 contains a cross-site scripting vulnerability. It allows /ics?tool=search&query.
|
||||
reference:
|
||||
- http://packetstormsecurity.com/files/161303/Jenzabar-9.2.2-Cross-Site-Scripting.html
|
||||
- https://gist.github.com/Y0ung-DST/d1b6b65be6248b0ffc2b2f2120deb205
|
||||
- https://jenzabar.com/blog
|
||||
- https://y0ungdst.medium.com/xss-in-jenzabar-cve-2021-26723-a0749231328
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-26723
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -37,3 +38,5 @@ requests:
|
|||
words:
|
||||
- "text/html"
|
||||
part: header
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,11 +1,10 @@
|
|||
id: CVE-2021-26812
|
||||
|
||||
info:
|
||||
name: Moodle jitsi plugin XSS
|
||||
name: Moodle Jitsi Meet 2.7-2.8.3 - Cross-Site Scripting
|
||||
author: aceseven (digisec360)
|
||||
severity: medium
|
||||
description: Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can
|
||||
inject javascript code to be run by the application.
|
||||
description: Moodle Jitsi Meet 2.7 through 2.8.3 plugin contains a cross-site scripting vulnerability via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject JavaScript code to be run by the application.
|
||||
reference:
|
||||
- https://github.com/udima-university/moodle-mod_jitsi/issues/67
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-26812
|
||||
|
@ -36,3 +35,5 @@ requests:
|
|||
part: header
|
||||
words:
|
||||
- "MoodleSession"
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2021-27309
|
||||
|
||||
info:
|
||||
name: Clansphere CMS 2011.4 - Reflected XSS
|
||||
name: Clansphere CMS 2011.4 - Cross-Site Scripting
|
||||
author: edoardottt
|
||||
severity: medium
|
||||
description: |
|
||||
Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter.
|
||||
Clansphere CMS 2011.4 contains an unauthenticated reflected cross-site scripting vulnerability via the "module" parameter.
|
||||
reference:
|
||||
- https://github.com/xoffense/POC/blob/main/Clansphere%202011.4%20%22module%22%20xss.md
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-27309
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27309
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-27309
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -40,3 +40,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
id: CVE-2021-27310
|
||||
|
||||
info:
|
||||
name: Clansphere CMS 2011.4 - Reflected Cross-Site Scripting (XSS)
|
||||
name: Clansphere CMS 2011.4 - Cross-Site Scripting
|
||||
author: alph4byt3
|
||||
severity: medium
|
||||
description: Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "language" parameter.
|
||||
description: Clansphere CMS 2011.4 contains an unauthenticated reflected cross-site scripting vulnerability via the "language" parameter.
|
||||
reference:
|
||||
- https://github.com/xoffense/POC/blob/main/Clansphere%202011.4%20%22language%22%20xss.md
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27310
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-27310
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -35,3 +36,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
id: CVE-2021-27330
|
||||
|
||||
info:
|
||||
name: Triconsole 3.75 XSS
|
||||
name: Triconsole Datepicker Calendar <3.77 - Cross-Site Scripting
|
||||
author: pikpikcu,daffainfo
|
||||
severity: medium
|
||||
description: |
|
||||
Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.
|
||||
Triconsole Datepicker Calendar before 3.77 contains a cross-site scripting vulnerability in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/49597
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-27330
|
||||
- http://www.triconsole.com/
|
||||
- http://www.triconsole.com/php/calendar_datepicker.php
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-27330
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -43,3 +43,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
id: CVE-2021-27519
|
||||
|
||||
info:
|
||||
name: FUDForum 3.1.0 - Reflected XSS
|
||||
name: FUDForum 3.1.0 - Cross-Site Scripting
|
||||
author: kh4sh3i
|
||||
severity: medium
|
||||
description: |
|
||||
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript
|
||||
FUDForum 3.1.0 contains a cross-site scripting vulnerability which allows remote attackers to inject JavaScript via index.php in the "srch" parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/49942
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-27519
|
||||
- https://github.com/fudforum/FUDforum/issues/2
|
||||
- http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-27519
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -41,3 +41,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2021-29484
|
||||
|
||||
info:
|
||||
name: DOM XSS in Ghost CMS
|
||||
name: Ghost CMS <=4.32 - Cross-Site Scripting
|
||||
author: rootxharsh,iamnoooob
|
||||
severity: medium
|
||||
description: Ghost is a Node.js CMS. An unused endpoint added during the development of 4.0.0 has left sites vulnerable to untrusted users gaining access to Ghost Admin. Attackers can gain access by getting logged in users to click a link containing malicious code. Users do not need to enter credentials and may not know they've visited a malicious site.
|
||||
description: Ghost CMS 4.0.0 to 4.3.2 contains a DOM cross-site scripting vulnerability. An unused endpoint added during the development of 4.0.0 allows attackers to gain access by getting logged-in users to click a link containing malicious code.
|
||||
reference:
|
||||
- https://github.com/TryGhost/Ghost/security/advisories/GHSA-9fgx-q25h-jxrg
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-29484
|
||||
- https://www.npmjs.com/package/ghost
|
||||
- https://forum.ghost.org/t/critical-security-update-available-for-ghost-4-x/22290
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-29484
|
||||
remediation: This issue has been fixed in 4.3.3.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
|
||||
cvss-score: 6.8
|
||||
|
@ -37,3 +38,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2021-29625
|
||||
|
||||
info:
|
||||
name: Adminer reflected XSS via the table parameter
|
||||
name: Adminer <=4.8.0 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled). In browsers without CSP, Adminer versions 4.6.1 to 4.8.0 are affected. The vulnerability is patched in version 4.8.1. As workarounds, one can use a browser supporting strict CSP or enable the native PHP extensions (e.g. `mysqli`) or disable displaying PHP errors (`display_errors`).
|
||||
description: Adminer 4.6.1 to 4.8.0 contains a cross-site scripting vulnerability which affects users of MySQL, MariaDB, PgSQL, and SQLite in browsers without CSP when Adminer uses a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled).
|
||||
reference:
|
||||
- https://sourceforge.net/p/adminer/bugs-and-features/797/
|
||||
- https://www.cvedetails.com/cve/CVE-2021-29625/
|
||||
- https://github.com/vrana/adminer/commit/4043092ec2c0de2258d60a99d0c5958637d051a7
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-29625
|
||||
remediation: This vulnerability is patched in version 4.8.1. As workarounds, one can use a browser supporting strict CSP or enable the native PHP extensions (e.g. `mysqli`) or disable displaying PHP errors (`display_errors`).
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -36,3 +37,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
id: CVE-2021-3002
|
||||
|
||||
info:
|
||||
name: Seo Panel 4.8.0 - Post based Reflected XSS
|
||||
name: Seo Panel 4.8.0 - Cross-Site Scripting
|
||||
author: edoardottt
|
||||
severity: medium
|
||||
description: Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter.
|
||||
description: Seo Panel 4.8.0 contains a reflected cross-site scripting vulnerability via the seo/seopanel/login.php?sec=forgot email parameter.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-3002
|
||||
- http://www.cinquino.eu/SeoPanelReflect.htm
|
||||
- https://github.com/seopanel/Seo-Panel/issues/202
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-3002
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -42,3 +42,5 @@ requests:
|
|||
- "<img src=a onerror=alert(document.domain)>"
|
||||
- "seopanel"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
id: CVE-2021-30049
|
||||
|
||||
info:
|
||||
name: SysAid Technologies 20.3.64 b14 Reflected XSS
|
||||
name: SysAid Technologies 20.3.64 b14 - Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI.
|
||||
description: SysAid 20.3.64 b14 contains a cross-site scripting vulnerability via the /KeepAlive.jsp?stamp= URI.
|
||||
reference:
|
||||
- https://eh337.net/2021/03/30/sysaid/
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30049
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-30049
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -35,3 +35,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
id: CVE-2021-30151
|
||||
|
||||
info:
|
||||
name: Sidekiq 5.1.3 and 6.x-6.2.0 - Cross-Site Scripting
|
||||
name: Sidekiq <=6.2.0 - Cross-Site Scripting
|
||||
author: DhiyaneshDk
|
||||
severity: medium
|
||||
description: Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
|
||||
description: Sidekiq through 5.1.3 and 6.x through 6.2.0 contains a cross-site scripting vulnerability via the queue name of the live-poll feature when Internet Explorer is used.
|
||||
reference:
|
||||
- https://github.com/mperham/sidekiq/issues/4852
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-30151
|
||||
- https://lists.debian.org/debian-lts-announce/2022/03/msg00015.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-30151
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -35,3 +35,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
id: CVE-2021-30213
|
||||
|
||||
info:
|
||||
name: Knowage Suite 7.3 XSS
|
||||
name: Knowage Suite 7.3 - Cross-Site Scripting
|
||||
author: alph4byt3
|
||||
severity: medium
|
||||
description: Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter.
|
||||
description: Knowage Suite 7.3 contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-30213
|
||||
- https://github.com/piuppi/Proof-of-Concepts/blob/main/Engineering/XSS-KnowageSuite7-3_unauth.md
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-30213
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -35,3 +35,5 @@ requests:
|
|||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2021-31250
|
||||
|
||||
info:
|
||||
name: CHIYU IoT XSS
|
||||
name: CHIYU TCP/IP Converter - Cross-Site Scripting
|
||||
author: geeknik
|
||||
severity: medium
|
||||
description: Several versions and models of CHIYU IoT devices are vulnerable to multiple Cross-Site Scripting flaws.
|
||||
description: CHIYU BF-430, BF-431 and BF-450M TCP/IP Converter devices contain a cross-site scripting vulnerability due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, and ppp.cgi.
|
||||
reference:
|
||||
- https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31250
|
||||
- https://www.chiyu-tech.com/msg/message-Firmware-update-87.htm
|
||||
- https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-31250
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
|
@ -34,3 +35,5 @@ requests:
|
|||
part: body
|
||||
words:
|
||||
- "\"><script>alert({{randstr}})</script>"
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2021-31537
|
||||
|
||||
info:
|
||||
name: SIS-REWE GO version 7.5.0/12C XSS
|
||||
name: SIS Informatik REWE GO SP17 <7.7 - Cross-Site Scripting
|
||||
author: geeknik
|
||||
severity: medium
|
||||
description: SIS SIS-REWE Go before 7.7 SP17 allows XSS -- rewe/prod/web/index.php (affected parameters are config, version, win, db, pwd, and user) and /rewe/prod/web/rewe_go_check.php (version and all other parameters).
|
||||
description: SIS Informatik REWE GO SP17 before 7.7 contains a cross-site scripting vulnerability via rewe/prod/web/index.php (affected parameters are config, version, win, db, pwd, and user) and /rewe/prod/web/rewe_go_check.php (version and all other parameters).
|
||||
reference:
|
||||
- https://sec-consult.com/vulnerability-lab/advisory/reflected-xss-sis-infromatik-rewe-go-cve-2021-31537/
|
||||
- http://seclists.org/fulldisclosure/2021/May/20
|
||||
- https://sisinformatik.com/rewe-go/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-31537
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -34,3 +35,5 @@ requests:
|
|||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2021-31589
|
||||
|
||||
info:
|
||||
name: BeyondTrust Remote Support Reflected XSS
|
||||
name: BeyondTrust Secure Remote Access Base <=6.0.1 - Cross-Site Scripting
|
||||
author: Ahmed Abou-Ela
|
||||
severity: medium
|
||||
description: Unauthenticated cross-site scripting (XSS) vulnerability in BeyondTrust Secure Remote Access Base Software through 6.0.1 allow remote attackers to inject arbitrary web script or HTML.
|
||||
description: BeyondTrust Secure Remote Access Base through 6.0.1 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/165408
|
||||
- https://cxsecurity.com/issue/WLB-2022010013
|
||||
- https://beyondtrustcorp.service-now.com/csm?sys_kb_id=922d0ab31bc1b490e73854ae034bcb7b&id=kb_article_view&sysparm_rank=1&sysparm_tsqueryId=64fc14ffdb8f70d422725385ca9619cb
|
||||
- https://www.beyondtrust.com/docs/release-notes/index.htm
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-31589
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -38,3 +39,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
id: CVE-2021-31862
|
||||
|
||||
info:
|
||||
name: SysAid - Reflected XSS
|
||||
name: SysAid 20.4.74 - Cross-Site Scripting
|
||||
author: jas37
|
||||
severity: medium
|
||||
description: SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication.
|
||||
description: SysAid 20.4.74 contains a reflected cross-site scripting vulnerability via the KeepAlive.jsp stamp parameter.
|
||||
reference:
|
||||
- https://github.com/RobertDra/CVE-2021-31862/blob/main/README.md
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-31862
|
||||
- https://www.sysaid.com/product/on-premise/latest-release
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-31862
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -28,3 +28,5 @@ requests:
|
|||
- '(body == "false <script>alert(document.domain)</script>")'
|
||||
- 'status_code == 200'
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2021-32853
|
||||
|
||||
info:
|
||||
name: Erxes <= v0.23.0 XSS
|
||||
name: Erxes <0.23.0 - Cross-Site Scripting
|
||||
author: dwisiswant0
|
||||
severity: medium
|
||||
description: Erxes prior to version 0.23.0 is vulnerable to cross-site scripting.The value of topicID parameter is not escaped & triggered in the enclosing script tag.
|
||||
description: Erxes before 0.23.0 contains a cross-site scripting vulnerability. The value of topicID parameter is not escaped and is triggered in the enclosing script tag.
|
||||
reference:
|
||||
- https://securitylab.github.com/advisories/GHSL-2021-103-erxes/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-3285
|
||||
|
@ -36,3 +36,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2021-33904
|
||||
|
||||
info:
|
||||
name: Accela Civic Platform 21.1 - 'servProvCode' XSS
|
||||
name: Accela Civic Platform <=21.1 - Cross-Site Scripting
|
||||
author: geeknik
|
||||
severity: medium
|
||||
description: In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS.
|
||||
description: Accela Civic Platform through 21.1 contains a cross-site scripting vulnerability via the security/hostSignon.do parameter servProvCode.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/49980
|
||||
- https://gist.github.com/0xx7/3d934939d7122fe23db11bc48eda9d21
|
||||
- http://packetstormsecurity.com/files/163093/Accela-Civic-Platorm-21.1-Cross-Site-Scripting.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-33904
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -37,3 +38,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2021-34370
|
||||
|
||||
info:
|
||||
name: Accela Civic Platform 21.1 - Open Redirect & XSS
|
||||
name: Accela Civic Platform <=21.1 - Cross-Site Scripting
|
||||
author: 0x_Akoko
|
||||
severity: medium
|
||||
description: Accela Civic Platform Cross-Site-Scripting and Open Redirect <= 21.1
|
||||
description: Accela Civic Platform through 21.1 contains a cross-site scripting vulnerability via ssoAdapter/logoutAction.do successURL.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/49990
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-34370
|
||||
- https://www.accela.com/civic-platform/
|
||||
- https://gist.github.com/0xx7/7e9f1b725f7ff98b9239d3cb027b7dc8
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-34370
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -27,3 +27,5 @@ requests:
|
|||
regex:
|
||||
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
|
||||
part: header
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2021-34640
|
||||
|
||||
info:
|
||||
name: Securimage-WP-Fixed <= 3.5.4 - Reflected Cross-Site Scripting (XSS)
|
||||
name: WordPress Securimage-WP-Fixed <=3.5.4 - Cross-Site Scripting
|
||||
author: dhiyaneshDK
|
||||
severity: medium
|
||||
description: The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5.4.
|
||||
description: WordPress Securimage-WP-Fixed plugin 3.5.4 and prior contains a cross-site scripting vulnerability due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file, which allows attackers to inject arbitrary web scripts.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/22017067-8675-4884-b976-d7f5a71279d2
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-34640
|
||||
- https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34640
|
||||
- https://plugins.trac.wordpress.org/browser/securimage-wp-fixed/trunk/securimage-wp.php#L628
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-34640
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -48,3 +48,5 @@ requests:
|
|||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2021-34643
|
||||
|
||||
info:
|
||||
name: Skaut bazar < 1.3.3 - Reflected Cross-Site Scripting
|
||||
name: WordPress Skaut Bazar <1.3.3 - Cross-Site Scripting
|
||||
author: dhiyaneshDK
|
||||
severity: medium
|
||||
description: The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/skaut-bazar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.2.
|
||||
description: WordPress Skaut Bazar plugin before 1.3.3 contains a reflected cross-site scripting vulnerability due to the use of $_SERVER['PHP_SELF'] in the ~/skaut-bazar.php file, which allows attackers to inject arbitrary web scripts.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/c1b41276-b8fb-4a5c-bede-84ea62663b7a
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34643
|
||||
- https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34643
|
||||
- https://plugins.trac.wordpress.org/browser/skaut-bazar/tags/1.3.2/skaut-bazar.php#L657
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-34643
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -48,3 +48,5 @@ requests:
|
|||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2021-36450
|
||||
|
||||
info:
|
||||
name: Verint 15.2 - Cross Site Scripting
|
||||
name: Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting
|
||||
author: atomiczsec
|
||||
severity: medium
|
||||
description: Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.
|
||||
description: Verint Workforce Optimization 15.2.8.10048 contains a cross-site scripting vulnerability via the control/my_notifications NEWUINAV parameter.
|
||||
reference:
|
||||
- https://medium.com/@1nf0sk/cve-2021-36450-cross-site-scripting-xss-6f5d8d7db740
|
||||
- https://sushantvkamble.blogspot.com/2021/11/cross-site-scripting-xss.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-36450
|
||||
- http://verint.com
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-36450
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -61,3 +61,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,15 +1,14 @@
|
|||
id: CVE-2021-37216
|
||||
|
||||
info:
|
||||
name: QSAN Storage Manager prior to v3.3.3 Reflected XSS
|
||||
name: QSAN Storage Manager <3.3.3 - Cross-Site Scripting
|
||||
author: dwisiswant0
|
||||
severity: medium
|
||||
description: |
|
||||
QSAN Storage Manager header page parameters does not filter special characters.
|
||||
Remote attackers can inject JavaScript without logging in and launch
|
||||
reflected XSS attacks to access and modify specific data.
|
||||
QSAN Storage Manager before 3.3.3 contains a reflected cross-site scripting vulnerability. Header page parameters do not filter special characters. Remote attackers can inject JavaScript to access and modify specific data.
|
||||
reference:
|
||||
- https://www.twcert.org.tw/tw/cp-132-4962-44cd2-1.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-37216
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -40,3 +39,5 @@ requests:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- "!contains(tolower(all_headers), 'x-xss-protection')"
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,10 +1,15 @@
|
|||
id: CVE-2021-37416
|
||||
|
||||
info:
|
||||
name: Zoho ManageEngine ADSelfService Plus - Reflected XSS
|
||||
name: Zoho ManageEngine ADSelfService Plus <=6103 - Cross-Site Scripting
|
||||
author: edoardottt
|
||||
severity: medium
|
||||
description: Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.
|
||||
description: Zoho ManageEngine ADSelfService Plus 6103 and prior contains a reflected cross-site scripting vulnerability on the loadframe page.
|
||||
reference:
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37416
|
||||
- https://blog.stmcyber.com/vulns/cve-2021-37416/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-37416
|
||||
tags: cve,cve2021,zoho,xss
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -13,11 +18,6 @@ info:
|
|||
metadata:
|
||||
shodan-query: http.title:"ManageEngine"
|
||||
verified: true
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-37416
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37416
|
||||
- https://blog.stmcyber.com/vulns/cve-2021-37416/
|
||||
tags: cve,cve2021,zoho,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -41,3 +41,5 @@ requests:
|
|||
- "></iframe><script>alert(1)</script>"
|
||||
- "adsf/js/"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
id: CVE-2021-37833
|
||||
|
||||
info:
|
||||
name: Hotel Druid 3.0.2 XSS
|
||||
name: Hotel Druid 3.0.2 - Cross-Site Scripting
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: Reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands.
|
||||
description: Hotel Druid 3.0.2 contains a cross-site scripting vulnerability in multiple pages which allows for arbitrary execution of JavaScript commands.
|
||||
reference:
|
||||
- https://github.com/dievus/CVE-2021-37833
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-37833
|
||||
- https://www.hoteldruid.com
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-37833
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -41,3 +41,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
id: CVE-2021-42063
|
||||
|
||||
info:
|
||||
name: SAP Knowledge Warehouse (KW) - Reflected XSS
|
||||
name: SAP Knowledge Warehouse <=7.5.0 - Cross-Site Scripting
|
||||
author: pdteam
|
||||
severity: medium
|
||||
description: |
|
||||
A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data.
|
||||
SAP Knowledge Warehouse 7.30, 7.31, 7.40, and 7.50 contain a reflected cross-site scripting vulnerability via the usage of one SAP KW component within a web browser.
|
||||
reference:
|
||||
- https://seclists.org/fulldisclosure/2022/Mar/32
|
||||
- https://packetstormsecurity.com/files/166369/SAP-Knowledge-Warehouse-7.50-7.40-7.31-7.30-Cross-Site-Scripting.html
|
||||
|
@ -43,3 +43,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
id: CVE-2021-45422
|
||||
|
||||
info:
|
||||
name: Reprise License Manager 14.2 - Reflected XSS
|
||||
name: Reprise License Manager 14.2 - Cross-Site Scripting
|
||||
author: edoardottt
|
||||
severity: medium
|
||||
description: |
|
||||
Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET. No authentication is required.
|
||||
Reprise License Manager 14.2 contains a cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET.
|
||||
reference:
|
||||
- https://seclists.org/fulldisclosure/2022/Jan/31
|
||||
- https://www.getinfosec.news/13202933/reprise-license-manager-142-reflected-cross-site-scripting#/
|
||||
|
@ -42,3 +42,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -4,12 +4,12 @@ info:
|
|||
name: Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting
|
||||
author: DhiyaneshDk
|
||||
severity: medium
|
||||
description: ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking.
|
||||
description: ZyXEL ZyWALL 2 Plus Internet Security Appliance contains a cross-site scripting vulnerability. Insecure URI handling leads to bypass of security restrictions, which allows an attacker to execute arbitrary JavaScript codes to perform multiple attacks.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/50797
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-46387
|
||||
- https://www.zyxel.com/us/en/support/security_advisories.shtml
|
||||
- https://drive.google.com/drive/folders/1_XfWBLqxT2Mqt7uB663Sjlc62pE8-rcN?usp=sharing
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-46387
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -41,3 +41,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2022-0140
|
||||
|
||||
info:
|
||||
name: WordPress Visual Form Builder < 3.0.6 - Unauthenticated Information Disclosure
|
||||
name: WordPress Visual Form Builder <3.0.8 - Cross-Site Scripting
|
||||
author: random-robbie
|
||||
severity: medium
|
||||
description: |
|
||||
Visual Form Builder < 3.0.6 - Unauthenticated Information Disclosure. The plugin does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint.
|
||||
WordPress Visual Form Builder plugin before 3.0.8 contains a cross-site scripting vulnerability. The plugin does not perform access control on entry form export, allowing an unauthenticated user to export the form entries as CSV files using the vfb-export endpoint.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/9fa2b3b6-2fe3-40f0-8f71-371dd58fe336
|
||||
- https://www.fortiguard.com/zeroday/FG-VD-21-082
|
||||
- https://nvd.nist.gov/vuln/detail/cve-2022-0140
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
|
@ -38,3 +39,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -1,14 +1,15 @@
|
|||
id: CVE-2022-0148
|
||||
|
||||
info:
|
||||
name: All-in-one Floating Contact Form < 2.0.4 - Authenticated Reflected XSS
|
||||
name: WordPress All-in-one Floating Contact Form <2.0.4 - Cross-Site Scripting
|
||||
author: DhiyaneshDK
|
||||
severity: medium
|
||||
description: The plugin was vulnerable to reflected XSS on the my-sticky-elements-leads admin page.
|
||||
description: WordPress All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs plugin before 2.0.4 contains a reflected cross-site scripting vulnerability on the my-sticky-elements-leads admin page.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/37665ee1-c57f-4445-9596-df4f7d72c8cd
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0148
|
||||
- https://plugins.trac.wordpress.org/changeset/2654453/mystickyelements
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0148
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
|
@ -47,3 +48,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/08/28
|
||||
|
|
|
@ -8,9 +8,10 @@ info:
|
|||
Admin credentials are stored in clear text at the endpoint /test.txt (This occurs in situations where the default credentials admin:admin have beenchanged.) Allows an unauthenticated attacker to obtain adminicredentials, access the admin dashboard of Linear eMerge E3-Series devices, control entire building doors, cameras, elevator, etc... and access information about employees who can access the building and take control of the entire building.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/167990/Nortek-Linear-eMerge-E3-Series-Credential-Disclosure.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-31269
|
||||
- https://eg.linkedin.com/in/omar-1-hashem
|
||||
- https://www.nortekcontrol.com/access-control/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-31269
|
||||
classification:
|
||||
cve-id: CVE-2022-31269
|
||||
metadata:
|
||||
shodan-query: http.title:"Linear eMerge"
|
||||
verified: "true"
|
||||
|
|
|
@ -10,7 +10,8 @@ info:
|
|||
- https://packetstormsecurity.com/files/167992/
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31798
|
||||
- http://packetstormsecurity.com/files/167992/Nortek-Linear-eMerge-E3-Series-Account-Takeover.html
|
||||
- https://eg.linkedin.com/in/omar-1-hashem
|
||||
classification:
|
||||
cve-id: CVE-2022-31798
|
||||
metadata:
|
||||
shodan-query: http.title:"eMerge"
|
||||
verified: "true"
|
||||
|
|
Loading…
Reference in New Issue