daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Dashboard Content Enhancements (#5242) 

Dashboard Content Enhancements
patch-1
MostInterestingBotInTheWorld 2022-08-29 09:55:23 -04:00 committed by GitHub
parent 62177ea041
commit df40b89192
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
55 changed files with 277 additions and 156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cves/2021/CVE-2021-24300.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2021-24300
info:
name: PickPlugins Product Slider for WooCommerce < 1.13.22 - XSS
name: WordPress WooCommerce <1.13.22 - Cross-Site Scripting
author: cckuailong
severity: medium
description: The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin before 1.13.22 did not properly sanitised the keyword GET parameter, leading to reflected Cross-Site Scripting issue.
description: WordPress WooCommerce before 1.13.22 contains a reflected cross-site scripting vulnerability via the slider import search feature because it does not properly sanitize the keyword GET parameter.
reference:
- https://wpscan.com/vulnerability/5fbbc7ad-3f1a-48a1-b2eb-e57f153eb837
- https://nvd.nist.gov/vuln/detail/CVE-2021-24300
@ -47,3 +47,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

7
cves/2021/CVE-2021-24316.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2021-24316
info:
name: An Unauthenticated Reflected XSS & XFS Mediumish theme through 1.0.47 for WordPress
name: WordPress Mediumish Theme <=1.0.47 - Cross-Site Scripting
author: 0x_Akoko
severity: medium
description: Mediumish WordPress Theme <= 1.0.47 - Unauthenticated Reflected XSS & XFS.
description: WordPress Mediumish theme 1.0.47 and prior contains an unauthenticated reflected cross-site scripting vulnerability. The 's' GET parameter is not properly sanitized by the search feature before it is output back on the page.
reference:
- https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e
- https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txt
- https://www.wowthemes.net/themes/mediumish-wordpress/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24316
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -38,3 +39,5 @@ requests:
words:
- "text/html"
part: header
# Enhanced by mp on 2022/08/28

11
cves/2021/CVE-2021-24320.yaml
View File

@ -1,15 +1,16 @@
id: CVE-2021-24320
info:
name: Bello WordPress Theme < 1.6.0 - Reflected Cross-Site Scripting (XSS)
name: WordPress Bello Directory & Listing Theme <1.6.0 - Cross-Site Scripting
author: daffainfo
severity: medium
description: The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value,
bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameter in ints listing
page, leading to reflected Cross-Site Scripting issues.
description: WordPress Bello Directory & Listing theme before 1.6.0 contains a reflected cross-site scripting vulnerability. It does not properly sanitize and escape the listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value,
bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameters in the ints listing
page.
reference:
- https://m0ze.ru/vulnerability/%5B2021-03-21%5D-%5BWordPress%5D-%5BCWE-79%5D-Bello-WordPress-Theme-v1.5.9.txt
- https://wpscan.com/vulnerability/6b5b42fd-028a-4405-b027-3266058029bb
- https://nvd.nist.gov/vuln/detail/CVE-2021-24320
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -37,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

8
cves/2021/CVE-2021-24335.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2021-24335
info:
name: Car Repair Services < 4.0 - Reflected Cross-Site Scripting (XSS)
name: WordPress Car Repair Services & Auto Mechanic Theme <4.0 - Cross-Site Scripting
author: daffainfo
severity: medium
description: The Car Repair Services & Auto Mechanic WordPress theme before 4.0 did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue
description: WordPress Car Repair Services & Auto Mechanic before 4.0 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the serviceestimatekey parameter before outputting it back in the page.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-24335
- https://themeforest.net/item/car-repair-services-auto-mechanic-wordpress-theme/19823557
- https://m0ze.ru/vulnerability/[2021-02-12]-[WordPress]-[CWE-79]-Car-Repair-Services-WordPress-Theme-v3.9.txt
- https://wpscan.com/vulnerability/39258aba-2449-4214-a490-b8e46945117d
- https://nvd.nist.gov/vuln/detail/CVE-2021-24335
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -37,3 +37,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

6
cves/2021/CVE-2021-24342.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2021-24342
info:
name: JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS)
name: WordPress JNews Theme <8.0.6 - Cross-Site Scripting
author: pikpikcu
severity: medium
description: JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue.
description: WordPress JNews theme before 8.0.6 contains a reflected cross-site scripting vulnerability. It does not sanitize the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*).
reference:
- https://wpscan.com/vulnerability/415ca763-fe65-48cb-acd3-b375a400217e
- https://nvd.nist.gov/vuln/detail/CVE-2021-24342
@ -41,3 +41,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

7
cves/2021/CVE-2021-24364.yaml
View File

@ -1,11 +1,10 @@
id: CVE-2021-24364
info:
name: Jannah < 5.4.4 (XSS)
name: WordPress Jannah Theme <5.4.4 - Cross-Site Scripting
author: pikpikcu
severity: medium
description: The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site
Scripting (XSS) vulnerability.
description: WordPress Jannah theme before 5.4.4 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page.
reference:
- https://wpscan.com/vulnerability/1d53fbe5-a879-42ca-a9d3-768a80018382
- https://nvd.nist.gov/vuln/detail/CVE-2021-24364
@ -37,3 +36,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

9
cves/2021/CVE-2021-24387.yaml
View File

@ -1,17 +1,16 @@
id: CVE-2021-24387
info:
name: Real Estate 7 WordPress Theme < 3.1.1 - Unauthenticated Reflected XSS
name: WordPress Pro Real Estate 7 Theme <3.1.1 - Cross-Site Scripting
author: suman_kar
severity: medium
description: |
The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly sanitise the ct_community parameter
in its search listing page before outputting it back in it, leading to a reflected Cross-Site Scripting which
can be triggered in both unauthenticated or authenticated user context
WordPress Pro Real Estate 7 theme before 3.1.1 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the ct_community parameter in its search listing page before outputting it back.
reference:
- https://cxsecurity.com/issue/WLB-2021070041
- https://wpscan.com/vulnerability/27264f30-71d5-4d2b-8f36-4009a2be6745
- https://contempothemes.com/wp-real-estate-7/changelog/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24387
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -40,3 +39,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

8
cves/2021/CVE-2021-24389.yaml
View File

@ -1,13 +1,13 @@
id: CVE-2021-24389
info:
name: FoodBakery < 2.2 - Reflected Cross-Site Scripting (XSS)
name: WordPress FoodBakery <2.2 - Cross-Site Scripting
author: daffainfo
severity: medium
description: The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery WordPress theme before 2.2 did not properly sanitize the foodbakery_radius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability.
description: WordPress FoodBakery before 2.2 contains an unauthenticated reflected cross-site scripting vulnerability. It does not properly sanitize the foodbakery_radius parameter before outputting it back in the response.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-24389
- https://wpscan.com/vulnerability/23b8b8c4-cded-4887-a021-5f3ea610213b
- https://nvd.nist.gov/vuln/detail/CVE-2021-24389
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -35,3 +35,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

6
cves/2021/CVE-2021-24407.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2021-24407
info:
name: Jannah < 5.4.5 - Reflected Cross-Site Scripting (XSS)
name: WordPress Jannah Theme <5.4.5 - Cross-Site Scripting
author: pikpikcu
severity: medium
description: The Jannah WordPress theme before 5.4.5 did not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action, leading to a Reflected Cross-site Scripting (XSS) vulnerability.
description: WordPress Jannah theme before 5.4.5 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action.
reference:
- https://wpscan.com/vulnerability/fba9f010-1202-4eea-a6f5-78865c084153
- https://nvd.nist.gov/vuln/detail/CVE-2021-24407
@ -41,3 +41,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

6
cves/2021/CVE-2021-24488.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2021-24488
info:
name: WordPress Plugin Post Grid < 2.1.8 - XSS
name: WordPress Post Grid <2.1.8 - Cross-Site Scripting
author: cckuailong
severity: medium
description: The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly sanitised before being output back in the pages, leading to Reflected Cross-Site Scripting issues
description: WordPress Post Grid plugin before 2.1.8 contains a reflected cross-site scripting vulnerability. The slider import search feature and tab parameter of thesettings are not properly sanitized before being output back in the pages,
reference:
- https://wpscan.com/vulnerability/1fc0aace-ba85-4939-9007-d150960add4a
- https://nvd.nist.gov/vuln/detail/CVE-2021-24488
@ -43,3 +43,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

7
cves/2021/CVE-2021-24495.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2021-24495
info:
name: Wordpress Plugin Marmoset Viewer XSS
name: Wordpress Marmoset Viewer <1.9.3 - Cross-Site Scripting
author: johnjhacking
severity: medium
description: The Marmoset Viewer WordPress plugin before 1.9.3 does not property sanitize, validate or escape the 'id' parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue.
description: WordPress Marmoset Viewer plugin before 1.9.3 contains a cross-site scripting vulnerability. It does not property sanitize, validate, or escape the 'id' parameter before outputting back in the page.
reference:
- https://johnjhacking.com/blog/cve-2021-24495-improper-neutralization-of-input-during-web-page-generation-on-id-parameter-in-wordpress-marmoset-viewer-plugin-versions-1.9.3-leads-to-reflected-cross-site-scripting/
- https://wordpress.org/plugins/marmoset-viewer/#developers
- https://wpscan.com/vulnerability/d11b79a3-f762-49ab-b7c8-3174624d7638
- https://nvd.nist.gov/vuln/detail/CVE-2021-24495
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -38,3 +39,5 @@ requests:
- type: word
words:
- "Marmoset Viewer"
# Enhanced by mp on 2022/08/28

7
cves/2021/CVE-2021-24498.yaml
View File

@ -1,12 +1,13 @@
id: CVE-2021-24498
info:
name: Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS)
name: WordPress Calendar Event Multi View <1.4.01 - Cross-Site Scripting
author: suman_kar
severity: medium
description: The plugin does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php), leading to a reflected Cross-Site Scripting issue.
description: WordPress Calendar Event Multi View plugin before 1.4.01 contains an unauthenticated reflected cross-site scripting vulnerability. It does not sanitize or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php).
reference:
- https://wpscan.com/vulnerability/3c5a5187-42b3-4f88-9b0e-4fdfa1c39e86
- https://nvd.nist.gov/vuln/detail/CVE-2021-24498
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -40,3 +41,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

6
cves/2021/CVE-2021-24510.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2021-24510
info:
name: MF Gig Calendar <= 1.1 - Reflected Cross-Site Scripting (XSS)
name: WordPress MF Gig Calendar <=1.1 - Cross-Site Scripting
author: dhiyaneshDK
severity: medium
description: The MF Gig Calendar WordPress plugin through 1.1 does not sanitise or escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue
description: WordPress MF Gig Calendar plugin 1.1 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize or escape the id GET parameter before outputting back in the admin dashboard when editing an event.
reference:
- https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39
- https://nvd.nist.gov/vuln/detail/CVE-2021-24510
@ -46,3 +46,5 @@ requests:
part: header
words:
- "text/html"
# Enhanced by mp on 2022/08/28

6
cves/2021/CVE-2021-24891.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2021-24891
info:
name: Elementor < 3.1.4 - DOM Cross-Site-Scripting
name: WordPress Elementor Website Builder <3.1.4 - Cross-Site Scripting
author: dhiyaneshDk
severity: medium
description: |
The Elementor Website Builder WordPress plugin before 3.1.4 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue.
WordPress Elementor Website Builder plugin before 3.1.4 contains a DOM cross-site scripting vulnerability. It does not sanitize or escape user input appended to the DOM via a malicious hash.
reference:
- https://www.jbelamor.com/xss-elementor-lightox.html
- https://wpscan.com/vulnerability/fbed0daa-007d-4f91-8d87-4bca7781de2d
@ -46,3 +46,5 @@ requests:
- type: dsl
dsl:
- compare_versions(version, '> 1.5.0', '< 3.1.4') && status_code_1 == 200 && status_code_2 == 200
# Enhanced by mp on 2022/08/28

19
cves/2021/CVE-2021-24910.yaml
View File

@ -1,24 +1,23 @@
id: CVE-2021-24910
info:
name: Transposh WordPress < 1.0.7 - Reflected Cross-Site Scripting (XSS)
name: WordPress Transposh Translation <1.0.8 - Cross-Site Scripting
author: Screamy
severity: medium
description: |
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue
severity: high
description: WordPress Transposh Translation plugin before 1.0.8 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response.
reference:
- https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/
- https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-24910.txt
- https://wpscan.com/vulnerability/b5cbebf4-5749-41a0-8be3-3333853fca17
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24910
- https://nvd.nist.gov/vuln/detail/CVE-2021-24910
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cve-id: CVE-2021-24910
cwe-id: CWE-79
metadata:
verified: "true"
tags: wp-plugin,xss,wp,wpscan,cve,cve2021,wordpress
verified: true
tags: cve,cve2021,wordpress,wp-plugin,xss,wp
requests:
- method: GET
@ -42,3 +41,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

6
cves/2021/CVE-2021-24926.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2021-24926
info:
name: WordPress Plugin Domain Check < 1.0.17 - XSS
name: WordPress Domain Check <1.0.17 - Cross-Site Scripting
author: cckuailong
severity: medium
description: The Domain Check WordPress plugin before 1.0.17 does not sanitise and escape the domain parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue.
description: WordPress Domain Check plugin before 1.0.17 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the domain parameter before outputting it back in the page.
reference:
- https://wpscan.com/vulnerability/8cc7cbbd-f74f-4f30-9483-573641fea733
- https://nvd.nist.gov/vuln/detail/CVE-2021-24926
@ -43,3 +43,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

7
cves/2021/CVE-2021-24987.yaml
View File

@ -1,11 +1,10 @@
id: CVE-2021-24987
info:
name: Super Socializer < 7.13.30 - Reflected Cross-Site Scripting
name: WordPress Super Socializer <7.13.30 - Cross-Site Scripting
author: Akincibor
severity: medium
description: The plugin does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response,
leading to a Reflected Cross-Site Scripting issue.
description: WordPress Super Socializer plugin before 7.13.30 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response.
reference:
- https://wpscan.com/vulnerability/a14b668f-812f-46ee-827e-0996b378f7f0
- https://nvd.nist.gov/vuln/detail/CVE-2021-24987
@ -36,3 +35,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

7
cves/2021/CVE-2021-25063.yaml
View File

@ -1,12 +1,13 @@
id: CVE-2021-25063
info:
name: Contact Form 7 Skins <= 2.5.0 - Reflected Cross-Site Scripting (XSS)
name: WordPress Contact Form 7 Skins <=2.5.0 - Cross-Site Scripting
author: dhiyaneshDk
severity: medium
description: The plugin does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
description: WordPress Contact Form 7 Skins plugin 2.5.0 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the tab parameter before outputting it back in an admin page.
reference:
- https://wpscan.com/vulnerability/e2185887-3e53-4089-aa3f-981c944ee0bb
- https://nvd.nist.gov/vuln/detail/CVE-2021-25063
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -44,3 +45,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

7
cves/2021/CVE-2021-25075.yaml
View File

@ -1,15 +1,16 @@
id: CVE-2021-25075
info:
name: WordPress Duplicate Page or Post < 1.5.1 - Stored XSS
name: WordPress Duplicate Page or Post <1.5.1 - Cross-Site Scripting
author: DhiyaneshDK
severity: low
description: |
The plugin does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings, or perform such attack via CSRF. Furthermore, due to the lack of escaping, this could lead to Stored Cross-Site Scripting issues.
WordPress Duplicate Page or Post plugin before 1.5.1 contains a stored cross-site scripting vulnerability. The plugin does not have any authorization and has a flawed cross-site request forgery check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing unauthenticated users to call it and change the plugin's settings, or perform such attack via cross-site request forgery.
remediation: Fixed in version 1.5.1.
reference:
- https://wpscan.com/vulnerability/db5a0431-af4d-45b7-be4e-36b6c90a601b
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25075
- https://nvd.nist.gov/vuln/detail/CVE-2021-25075
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
cvss-score: 3.50
@ -58,3 +59,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

8
cves/2021/CVE-2021-26247.yaml
View File

@ -1,13 +1,13 @@
id: CVE-2021-26247
info:
name: Unauthenticated XSS Cacti - auth_changepassword.php
name: Cacti - Cross-Site Scripting
author: dhiyaneshDK
severity: medium
description: As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter.
description: Cacti contains a cross-site scripting vulnerability via "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" which can successfully execute the JavaScript payload present in the "ref" URL parameter.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-26247
- https://www.cacti.net/info/changelog
- https://nvd.nist.gov/vuln/detail/CVE-2021-26247
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -35,3 +35,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

7
cves/2021/CVE-2021-26475.yaml
View File

@ -1,13 +1,14 @@
id: CVE-2021-26475
info:
name: EPrints 3.4.2 XSS
name: EPrints 3.4.2 - Cross-Site Scripting
author: geeknik
severity: medium
description: EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI.
description: EPrints 3.4.2 contains a reflected cross-site scripting vulnerability via the cgi/cal URI.
reference:
- https://github.com/grymer/CVE/blob/master/eprints_security_review.pdf
- https://files.eprints.org/2548/
- https://nvd.nist.gov/vuln/detail/CVE-2021-26475
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -34,3 +35,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

7
cves/2021/CVE-2021-26702.yaml
View File

@ -1,13 +1,14 @@
id: CVE-2021-26702
info:
name: EPrints 3.4.2 XSS
name: EPrints 3.4.2 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to a cgi/dataset_ dictionary URI.
description: EPrints 3.4.2 contains a reflected cross-site scripting vulnerability in the dataset parameter to the cgi/dataset_ dictionary URI.
reference:
- https://github.com/grymer/CVE/blob/master/eprints_security_review.pdf
- https://files.eprints.org/2548/
- https://nvd.nist.gov/vuln/detail/CVE-2021-26702
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -34,3 +35,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

7
cves/2021/CVE-2021-26710.yaml
View File

@ -1,13 +1,14 @@
id: CVE-2021-26710
info:
name: Redwood v4.3.4.5-v4.5.3 XSS
name: Redwood Report2Web 4.3.4.5 & 4.5.3 - Cross-Site Scripting
author: pikpikcu
severity: medium
description: A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter.
description: Redwood Report2Web 4.3.4.5 and 4.5.3 contains a cross-site scripting vulnerability in the login panel which allows remote attackers to inject JavaScript via the signIn.do urll parameter.
reference:
- https://vict0ni.me/report2web-xss-frame-injection.html
- https://vict0ni.me/redwood-report2web-xss-and-frame-injection/
- https://nvd.nist.gov/vuln/detail/CVE-2021-26710
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -35,3 +36,5 @@ requests:
words:
- "text/html"
part: header
# Enhanced by mp on 2022/08/28

7
cves/2021/CVE-2021-26723.yaml
View File

@ -1,15 +1,16 @@
id: CVE-2021-26723
info:
name: Jenzabar v9.20-v9.2.2 XSS
name: Jenzabar 9.2x-9.2.2 - Cross-Site Scripting
author: pikpikcu
severity: medium
description: Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS.
description: Jenzabar 9.2.x through 9.2.2 contains a cross-site scripting vulnerability. It allows /ics?tool=search&query.
reference:
- http://packetstormsecurity.com/files/161303/Jenzabar-9.2.2-Cross-Site-Scripting.html
- https://gist.github.com/Y0ung-DST/d1b6b65be6248b0ffc2b2f2120deb205
- https://jenzabar.com/blog
- https://y0ungdst.medium.com/xss-in-jenzabar-cve-2021-26723-a0749231328
- https://nvd.nist.gov/vuln/detail/CVE-2021-26723
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -37,3 +38,5 @@ requests:
words:
- "text/html"
part: header
# Enhanced by mp on 2022/08/28

7
cves/2021/CVE-2021-26812.yaml
View File

@ -1,11 +1,10 @@
id: CVE-2021-26812
info:
name: Moodle jitsi plugin XSS
name: Moodle Jitsi Meet 2.7-2.8.3 - Cross-Site Scripting
author: aceseven (digisec360)
severity: medium
description: Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can
inject javascript code to be run by the application.
description: Moodle Jitsi Meet 2.7 through 2.8.3 plugin contains a cross-site scripting vulnerability via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject JavaScript code to be run by the application.
reference:
- https://github.com/udima-university/moodle-mod_jitsi/issues/67
- https://nvd.nist.gov/vuln/detail/CVE-2021-26812
@ -36,3 +35,5 @@ requests:
part: header
words:
- "MoodleSession"
# Enhanced by mp on 2022/08/28

8
cves/2021/CVE-2021-27309.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2021-27309
info:
name: Clansphere CMS 2011.4 - Reflected XSS
name: Clansphere CMS 2011.4 - Cross-Site Scripting
author: edoardottt
severity: medium
description: |
Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter.
Clansphere CMS 2011.4 contains an unauthenticated reflected cross-site scripting vulnerability via the "module" parameter.
reference:
- https://github.com/xoffense/POC/blob/main/Clansphere%202011.4%20%22module%22%20xss.md
- https://nvd.nist.gov/vuln/detail/CVE-2021-27309
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27309
- https://nvd.nist.gov/vuln/detail/CVE-2021-27309
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -40,3 +40,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

7
cves/2021/CVE-2021-27310.yaml
View File

@ -1,13 +1,14 @@
id: CVE-2021-27310
info:
name: Clansphere CMS 2011.4 - Reflected Cross-Site Scripting (XSS)
name: Clansphere CMS 2011.4 - Cross-Site Scripting
author: alph4byt3
severity: medium
description: Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "language" parameter.
description: Clansphere CMS 2011.4 contains an unauthenticated reflected cross-site scripting vulnerability via the "language" parameter.
reference:
- https://github.com/xoffense/POC/blob/main/Clansphere%202011.4%20%22language%22%20xss.md
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27310
- https://nvd.nist.gov/vuln/detail/CVE-2021-27310
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -35,3 +36,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

8
cves/2021/CVE-2021-27330.yaml
View File

@ -1,16 +1,16 @@
id: CVE-2021-27330
info:
name: Triconsole 3.75 XSS
name: Triconsole Datepicker Calendar <3.77 - Cross-Site Scripting
author: pikpikcu,daffainfo
severity: medium
description: |
Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.
Triconsole Datepicker Calendar before 3.77 contains a cross-site scripting vulnerability in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.
reference:
- https://www.exploit-db.com/exploits/49597
- https://nvd.nist.gov/vuln/detail/CVE-2021-27330
- http://www.triconsole.com/
- http://www.triconsole.com/php/calendar_datepicker.php
- https://nvd.nist.gov/vuln/detail/CVE-2021-27330
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -43,3 +43,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

8
cves/2021/CVE-2021-27519.yaml
View File

@ -1,16 +1,16 @@
id: CVE-2021-27519
info:
name: FUDForum 3.1.0 - Reflected XSS
name: FUDForum 3.1.0 - Cross-Site Scripting
author: kh4sh3i
severity: medium
description: |
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript
FUDForum 3.1.0 contains a cross-site scripting vulnerability which allows remote attackers to inject JavaScript via index.php in the "srch" parameter.
reference:
- https://www.exploit-db.com/exploits/49942
- https://nvd.nist.gov/vuln/detail/CVE-2021-27519
- https://github.com/fudforum/FUDforum/issues/2
- http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-27519
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -41,3 +41,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

9
cves/2021/CVE-2021-29484.yaml
View File

@ -1,15 +1,16 @@
id: CVE-2021-29484
info:
name: DOM XSS in Ghost CMS
name: Ghost CMS <=4.32 - Cross-Site Scripting
author: rootxharsh,iamnoooob
severity: medium
description: Ghost is a Node.js CMS. An unused endpoint added during the development of 4.0.0 has left sites vulnerable to untrusted users gaining access to Ghost Admin. Attackers can gain access by getting logged in users to click a link containing malicious code. Users do not need to enter credentials and may not know they've visited a malicious site.
description: Ghost CMS 4.0.0 to 4.3.2 contains a DOM cross-site scripting vulnerability. An unused endpoint added during the development of 4.0.0 allows attackers to gain access by getting logged-in users to click a link containing malicious code.
reference:
- https://github.com/TryGhost/Ghost/security/advisories/GHSA-9fgx-q25h-jxrg
- https://nvd.nist.gov/vuln/detail/CVE-2021-29484
- https://www.npmjs.com/package/ghost
- https://forum.ghost.org/t/critical-security-update-available-for-ghost-4-x/22290
- https://nvd.nist.gov/vuln/detail/CVE-2021-29484
remediation: This issue has been fixed in 4.3.3.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
cvss-score: 6.8
@ -37,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

9
cves/2021/CVE-2021-29625.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2021-29625
info:
name: Adminer reflected XSS via the table parameter
name: Adminer <=4.8.0 - Cross-Site Scripting
author: daffainfo
severity: medium
description: Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled). In browsers without CSP, Adminer versions 4.6.1 to 4.8.0 are affected. The vulnerability is patched in version 4.8.1. As workarounds, one can use a browser supporting strict CSP or enable the native PHP extensions (e.g. `mysqli`) or disable displaying PHP errors (`display_errors`).
description: Adminer 4.6.1 to 4.8.0 contains a cross-site scripting vulnerability which affects users of MySQL, MariaDB, PgSQL, and SQLite in browsers without CSP when Adminer uses a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled).
reference:
- https://sourceforge.net/p/adminer/bugs-and-features/797/
- https://www.cvedetails.com/cve/CVE-2021-29625/
- https://github.com/vrana/adminer/commit/4043092ec2c0de2258d60a99d0c5958637d051a7
- https://nvd.nist.gov/vuln/detail/CVE-2021-29625
remediation: This vulnerability is patched in version 4.8.1. As workarounds, one can use a browser supporting strict CSP or enable the native PHP extensions (e.g. `mysqli`) or disable displaying PHP errors (`display_errors`).
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -36,3 +37,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

8
cves/2021/CVE-2021-3002.yaml
View File

@ -1,14 +1,14 @@
id: CVE-2021-3002
info:
name: Seo Panel 4.8.0 - Post based Reflected XSS
name: Seo Panel 4.8.0 - Cross-Site Scripting
author: edoardottt
severity: medium
description: Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter.
description: Seo Panel 4.8.0 contains a reflected cross-site scripting vulnerability via the seo/seopanel/login.php?sec=forgot email parameter.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-3002
- http://www.cinquino.eu/SeoPanelReflect.htm
- https://github.com/seopanel/Seo-Panel/issues/202
- https://nvd.nist.gov/vuln/detail/CVE-2021-3002
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -42,3 +42,5 @@ requests:
- "<img src=a onerror=alert(document.domain)>"
- "seopanel"
condition: and
# Enhanced by mp on 2022/08/28

8
cves/2021/CVE-2021-30049.yaml
View File

@ -1,13 +1,13 @@
id: CVE-2021-30049
info:
name: SysAid Technologies 20.3.64 b14 Reflected XSS
name: SysAid Technologies 20.3.64 b14 - Cross-Site Scripting
author: daffainfo
severity: medium
description: SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI.
description: SysAid 20.3.64 b14 contains a cross-site scripting vulnerability via the /KeepAlive.jsp?stamp= URI.
reference:
- https://eh337.net/2021/03/30/sysaid/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30049
- https://nvd.nist.gov/vuln/detail/CVE-2021-30049
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -35,3 +35,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

8
cves/2021/CVE-2021-30151.yaml
View File

@ -1,14 +1,14 @@
id: CVE-2021-30151
info:
name: Sidekiq 5.1.3 and 6.x-6.2.0 - Cross-Site Scripting
name: Sidekiq <=6.2.0 - Cross-Site Scripting
author: DhiyaneshDk
severity: medium
description: Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
description: Sidekiq through 5.1.3 and 6.x through 6.2.0 contains a cross-site scripting vulnerability via the queue name of the live-poll feature when Internet Explorer is used.
reference:
- https://github.com/mperham/sidekiq/issues/4852
- https://nvd.nist.gov/vuln/detail/CVE-2021-30151
- https://lists.debian.org/debian-lts-announce/2022/03/msg00015.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-30151
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -35,3 +35,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

8
cves/2021/CVE-2021-30213.yaml
View File

@ -1,13 +1,13 @@
id: CVE-2021-30213
info:
name: Knowage Suite 7.3 XSS
name: Knowage Suite 7.3 - Cross-Site Scripting
author: alph4byt3
severity: medium
description: Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter.
description: Knowage Suite 7.3 contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-30213
- https://github.com/piuppi/Proof-of-Concepts/blob/main/Engineering/XSS-KnowageSuite7-3_unauth.md
- https://nvd.nist.gov/vuln/detail/CVE-2021-30213
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -35,3 +35,5 @@ requests:
part: header
words:
- text/html
# Enhanced by mp on 2022/08/28

7
cves/2021/CVE-2021-31250.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2021-31250
info:
name: CHIYU IoT XSS
name: CHIYU TCP/IP Converter - Cross-Site Scripting
author: geeknik
severity: medium
description: Several versions and models of CHIYU IoT devices are vulnerable to multiple Cross-Site Scripting flaws.
description: CHIYU BF-430, BF-431 and BF-450M TCP/IP Converter devices contain a cross-site scripting vulnerability due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, and ppp.cgi.
reference:
- https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices#cve-2021-31250
- https://www.chiyu-tech.com/msg/message-Firmware-update-87.htm
- https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/
- https://nvd.nist.gov/vuln/detail/CVE-2021-31250
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
@ -34,3 +35,5 @@ requests:
part: body
words:
- "\"><script>alert({{randstr}})</script>"
# Enhanced by mp on 2022/08/28

7
cves/2021/CVE-2021-31537.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2021-31537
info:
name: SIS-REWE GO version 7.5.0/12C XSS
name: SIS Informatik REWE GO SP17 <7.7 - Cross-Site Scripting
author: geeknik
severity: medium
description: SIS SIS-REWE Go before 7.7 SP17 allows XSS -- rewe/prod/web/index.php (affected parameters are config, version, win, db, pwd, and user) and /rewe/prod/web/rewe_go_check.php (version and all other parameters).
description: SIS Informatik REWE GO SP17 before 7.7 contains a cross-site scripting vulnerability via rewe/prod/web/index.php (affected parameters are config, version, win, db, pwd, and user) and /rewe/prod/web/rewe_go_check.php (version and all other parameters).
reference:
- https://sec-consult.com/vulnerability-lab/advisory/reflected-xss-sis-infromatik-rewe-go-cve-2021-31537/
- http://seclists.org/fulldisclosure/2021/May/20
- https://sisinformatik.com/rewe-go/
- https://nvd.nist.gov/vuln/detail/CVE-2021-31537
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -34,3 +35,5 @@ requests:
part: header
words:
- "text/html"
# Enhanced by mp on 2022/08/28

7
cves/2021/CVE-2021-31589.yaml
View File

@ -1,15 +1,16 @@
id: CVE-2021-31589
info:
name: BeyondTrust Remote Support Reflected XSS
name: BeyondTrust Secure Remote Access Base <=6.0.1 - Cross-Site Scripting
author: Ahmed Abou-Ela
severity: medium
description: Unauthenticated cross-site scripting (XSS) vulnerability in BeyondTrust Secure Remote Access Base Software through 6.0.1 allow remote attackers to inject arbitrary web script or HTML.
description: BeyondTrust Secure Remote Access Base through 6.0.1 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML.
reference:
- https://packetstormsecurity.com/files/165408
- https://cxsecurity.com/issue/WLB-2022010013
- https://beyondtrustcorp.service-now.com/csm?sys_kb_id=922d0ab31bc1b490e73854ae034bcb7b&id=kb_article_view&sysparm_rank=1&sysparm_tsqueryId=64fc14ffdb8f70d422725385ca9619cb
- https://www.beyondtrust.com/docs/release-notes/index.htm
- https://nvd.nist.gov/vuln/detail/CVE-2021-31589
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -38,3 +39,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

8
cves/2021/CVE-2021-31862.yaml
View File

@ -1,14 +1,14 @@
id: CVE-2021-31862
info:
name: SysAid - Reflected XSS
name: SysAid 20.4.74 - Cross-Site Scripting
author: jas37
severity: medium
description: SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication.
description: SysAid 20.4.74 contains a reflected cross-site scripting vulnerability via the KeepAlive.jsp stamp parameter.
reference:
- https://github.com/RobertDra/CVE-2021-31862/blob/main/README.md
- https://nvd.nist.gov/vuln/detail/CVE-2021-31862
- https://www.sysaid.com/product/on-premise/latest-release
- https://nvd.nist.gov/vuln/detail/CVE-2021-31862
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -28,3 +28,5 @@ requests:
- '(body == "false <script>alert(document.domain)</script>")'
- 'status_code == 200'
condition: and
# Enhanced by mp on 2022/08/28

6
cves/2021/CVE-2021-32853.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2021-32853
info:
name: Erxes <= v0.23.0 XSS
name: Erxes <0.23.0 - Cross-Site Scripting
author: dwisiswant0
severity: medium
description: Erxes prior to version 0.23.0 is vulnerable to cross-site scripting.The value of topicID parameter is not escaped & triggered in the enclosing script tag.
description: Erxes before 0.23.0 contains a cross-site scripting vulnerability. The value of topicID parameter is not escaped and is triggered in the enclosing script tag.
reference:
- https://securitylab.github.com/advisories/GHSL-2021-103-erxes/
- https://nvd.nist.gov/vuln/detail/CVE-2021-3285
@ -36,3 +36,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

7
cves/2021/CVE-2021-33904.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2021-33904
info:
name: Accela Civic Platform 21.1 - 'servProvCode' XSS
name: Accela Civic Platform <=21.1 - Cross-Site Scripting
author: geeknik
severity: medium
description: In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS.
description: Accela Civic Platform through 21.1 contains a cross-site scripting vulnerability via the security/hostSignon.do parameter servProvCode.
reference:
- https://www.exploit-db.com/exploits/49980
- https://gist.github.com/0xx7/3d934939d7122fe23db11bc48eda9d21
- http://packetstormsecurity.com/files/163093/Accela-Civic-Platorm-21.1-Cross-Site-Scripting.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-33904
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -37,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

8
cves/2021/CVE-2021-34370.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2021-34370
info:
name: Accela Civic Platform 21.1 - Open Redirect & XSS
name: Accela Civic Platform <=21.1 - Cross-Site Scripting
author: 0x_Akoko
severity: medium
description: Accela Civic Platform Cross-Site-Scripting and Open Redirect <= 21.1
description: Accela Civic Platform through 21.1 contains a cross-site scripting vulnerability via ssoAdapter/logoutAction.do successURL.
reference:
- https://www.exploit-db.com/exploits/49990
- https://nvd.nist.gov/vuln/detail/CVE-2021-34370
- https://www.accela.com/civic-platform/
- https://gist.github.com/0xx7/7e9f1b725f7ff98b9239d3cb027b7dc8
- https://nvd.nist.gov/vuln/detail/CVE-2021-34370
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -27,3 +27,5 @@ requests:
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
part: header
# Enhanced by mp on 2022/08/28

8
cves/2021/CVE-2021-34640.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2021-34640
info:
name: Securimage-WP-Fixed <= 3.5.4 - Reflected Cross-Site Scripting (XSS)
name: WordPress Securimage-WP-Fixed <=3.5.4 - Cross-Site Scripting
author: dhiyaneshDK
severity: medium
description: The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5.4.
description: WordPress Securimage-WP-Fixed plugin 3.5.4 and prior contains a cross-site scripting vulnerability due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file, which allows attackers to inject arbitrary web scripts.
reference:
- https://wpscan.com/vulnerability/22017067-8675-4884-b976-d7f5a71279d2
- https://nvd.nist.gov/vuln/detail/CVE-2021-34640
- https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34640
- https://plugins.trac.wordpress.org/browser/securimage-wp-fixed/trunk/securimage-wp.php#L628
- https://nvd.nist.gov/vuln/detail/CVE-2021-34640
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -48,3 +48,5 @@ requests:
part: header
words:
- "text/html"
# Enhanced by mp on 2022/08/28

8
cves/2021/CVE-2021-34643.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2021-34643
info:
name: Skaut bazar < 1.3.3 - Reflected Cross-Site Scripting
name: WordPress Skaut Bazar <1.3.3 - Cross-Site Scripting
author: dhiyaneshDK
severity: medium
description: The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/skaut-bazar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.2.
description: WordPress Skaut Bazar plugin before 1.3.3 contains a reflected cross-site scripting vulnerability due to the use of $_SERVER['PHP_SELF'] in the ~/skaut-bazar.php file, which allows attackers to inject arbitrary web scripts.
reference:
- https://wpscan.com/vulnerability/c1b41276-b8fb-4a5c-bede-84ea62663b7a
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34643
- https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34643
- https://plugins.trac.wordpress.org/browser/skaut-bazar/tags/1.3.2/skaut-bazar.php#L657
- https://nvd.nist.gov/vuln/detail/CVE-2021-34643
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -48,3 +48,5 @@ requests:
part: header
words:
- "text/html"
# Enhanced by mp on 2022/08/28

8
cves/2021/CVE-2021-36450.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2021-36450
info:
name: Verint 15.2 - Cross Site Scripting
name: Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting
author: atomiczsec
severity: medium
description: Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.
description: Verint Workforce Optimization 15.2.8.10048 contains a cross-site scripting vulnerability via the control/my_notifications NEWUINAV parameter.
reference:
- https://medium.com/@1nf0sk/cve-2021-36450-cross-site-scripting-xss-6f5d8d7db740
- https://sushantvkamble.blogspot.com/2021/11/cross-site-scripting-xss.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-36450
- http://verint.com
- https://nvd.nist.gov/vuln/detail/CVE-2021-36450
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -61,3 +61,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

9
cves/2021/CVE-2021-37216.yaml
View File

@ -1,15 +1,14 @@
id: CVE-2021-37216
info:
name: QSAN Storage Manager prior to v3.3.3 Reflected XSS
name: QSAN Storage Manager <3.3.3 - Cross-Site Scripting
author: dwisiswant0
severity: medium
description: |
QSAN Storage Manager header page parameters does not filter special characters.
Remote attackers can inject JavaScript without logging in and launch
reflected XSS attacks to access and modify specific data.
QSAN Storage Manager before 3.3.3 contains a reflected cross-site scripting vulnerability. Header page parameters do not filter special characters. Remote attackers can inject JavaScript to access and modify specific data.
reference:
- https://www.twcert.org.tw/tw/cp-132-4962-44cd2-1.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-37216
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -40,3 +39,5 @@ requests:
- type: dsl
dsl:
- "!contains(tolower(all_headers), 'x-xss-protection')"
# Enhanced by mp on 2022/08/28

16
cves/2021/CVE-2021-37416.yaml
View File

@ -1,10 +1,15 @@
id: CVE-2021-37416
info:
name: Zoho ManageEngine ADSelfService Plus - Reflected XSS
name: Zoho ManageEngine ADSelfService Plus <=6103 - Cross-Site Scripting
author: edoardottt
severity: medium
description: Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.
description: Zoho ManageEngine ADSelfService Plus 6103 and prior contains a reflected cross-site scripting vulnerability on the loadframe page.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37416
- https://blog.stmcyber.com/vulns/cve-2021-37416/
- https://nvd.nist.gov/vuln/detail/CVE-2021-37416
tags: cve,cve2021,zoho,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -13,11 +18,6 @@ info:
metadata:
shodan-query: http.title:"ManageEngine"
verified: true
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-37416
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37416
- https://blog.stmcyber.com/vulns/cve-2021-37416/
tags: cve,cve2021,zoho,xss
requests:
- method: GET
@ -41,3 +41,5 @@ requests:
- "></iframe><script>alert(1)</script>"
- "adsf/js/"
condition: and
# Enhanced by mp on 2022/08/28

8
cves/2021/CVE-2021-37833.yaml
View File

@ -1,14 +1,14 @@
id: CVE-2021-37833
info:
name: Hotel Druid 3.0.2 XSS
name: Hotel Druid 3.0.2 - Cross-Site Scripting
author: pikpikcu
severity: medium
description: Reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands.
description: Hotel Druid 3.0.2 contains a cross-site scripting vulnerability in multiple pages which allows for arbitrary execution of JavaScript commands.
reference:
- https://github.com/dievus/CVE-2021-37833
- https://nvd.nist.gov/vuln/detail/CVE-2021-37833
- https://www.hoteldruid.com
- https://nvd.nist.gov/vuln/detail/CVE-2021-37833
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -41,3 +41,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

6
cves/2021/CVE-2021-42063.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2021-42063
info:
name: SAP Knowledge Warehouse (KW) - Reflected XSS
name: SAP Knowledge Warehouse <=7.5.0 - Cross-Site Scripting
author: pdteam
severity: medium
description: |
A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data.
SAP Knowledge Warehouse 7.30, 7.31, 7.40, and 7.50 contain a reflected cross-site scripting vulnerability via the usage of one SAP KW component within a web browser.
reference:
- https://seclists.org/fulldisclosure/2022/Mar/32
- https://packetstormsecurity.com/files/166369/SAP-Knowledge-Warehouse-7.50-7.40-7.31-7.30-Cross-Site-Scripting.html
@ -43,3 +43,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

6
cves/2021/CVE-2021-45422.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2021-45422
info:
name: Reprise License Manager 14.2 - Reflected XSS
name: Reprise License Manager 14.2 - Cross-Site Scripting
author: edoardottt
severity: medium
description: |
Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET. No authentication is required.
Reprise License Manager 14.2 contains a cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET.
reference:
- https://seclists.org/fulldisclosure/2022/Jan/31
- https://www.getinfosec.news/13202933/reprise-license-manager-142-reflected-cross-site-scripting#/
@ -42,3 +42,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

6
cves/2021/CVE-2021-46387.yaml
View File

@ -4,12 +4,12 @@ info:
name: Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting
author: DhiyaneshDk
severity: medium
description: ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking.
description: ZyXEL ZyWALL 2 Plus Internet Security Appliance contains a cross-site scripting vulnerability. Insecure URI handling leads to bypass of security restrictions, which allows an attacker to execute arbitrary JavaScript codes to perform multiple attacks.
reference:
- https://www.exploit-db.com/exploits/50797
- https://nvd.nist.gov/vuln/detail/CVE-2021-46387
- https://www.zyxel.com/us/en/support/security_advisories.shtml
- https://drive.google.com/drive/folders/1_XfWBLqxT2Mqt7uB663Sjlc62pE8-rcN?usp=sharing
- https://nvd.nist.gov/vuln/detail/CVE-2021-46387
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -41,3 +41,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

7
cves/2022/CVE-2022-0140.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2022-0140
info:
name: WordPress Visual Form Builder < 3.0.6 - Unauthenticated Information Disclosure
name: WordPress Visual Form Builder <3.0.8 - Cross-Site Scripting
author: random-robbie
severity: medium
description: |
Visual Form Builder < 3.0.6 - Unauthenticated Information Disclosure. The plugin does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint.
WordPress Visual Form Builder plugin before 3.0.8 contains a cross-site scripting vulnerability. The plugin does not perform access control on entry form export, allowing an unauthenticated user to export the form entries as CSV files using the vfb-export endpoint.
reference:
- https://wpscan.com/vulnerability/9fa2b3b6-2fe3-40f0-8f71-371dd58fe336
- https://www.fortiguard.com/zeroday/FG-VD-21-082
- https://nvd.nist.gov/vuln/detail/cve-2022-0140
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
@ -38,3 +39,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

7
cves/2022/CVE-2022-0148.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2022-0148
info:
name: All-in-one Floating Contact Form < 2.0.4 - Authenticated Reflected XSS
name: WordPress All-in-one Floating Contact Form <2.0.4 - Cross-Site Scripting
author: DhiyaneshDK
severity: medium
description: The plugin was vulnerable to reflected XSS on the my-sticky-elements-leads admin page.
description: WordPress All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs plugin before 2.0.4 contains a reflected cross-site scripting vulnerability on the my-sticky-elements-leads admin page.
reference:
- https://wpscan.com/vulnerability/37665ee1-c57f-4445-9596-df4f7d72c8cd
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0148
- https://plugins.trac.wordpress.org/changeset/2654453/mystickyelements
- https://nvd.nist.gov/vuln/detail/CVE-2022-0148
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
@ -47,3 +48,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/28

5
cves/2022/CVE-2022-31269.yaml
View File

@ -8,9 +8,10 @@ info:
Admin credentials are stored in clear text at the endpoint /test.txt (This occurs in situations where the default credentials admin:admin have beenchanged.) Allows an unauthenticated attacker to obtain adminicredentials, access the admin dashboard of Linear eMerge E3-Series devices, control entire building doors, cameras, elevator, etc... and access information about employees who can access the building and take control of the entire building.
reference:
- https://packetstormsecurity.com/files/167990/Nortek-Linear-eMerge-E3-Series-Credential-Disclosure.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-31269
- https://eg.linkedin.com/in/omar-1-hashem
- https://www.nortekcontrol.com/access-control/
- https://nvd.nist.gov/vuln/detail/CVE-2022-31269
classification:
cve-id: CVE-2022-31269
metadata:
shodan-query: http.title:"Linear eMerge"
verified: "true"

3
cves/2022/CVE-2022-31798.yaml
View File

@ -10,7 +10,8 @@ info:
- https://packetstormsecurity.com/files/167992/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31798
- http://packetstormsecurity.com/files/167992/Nortek-Linear-eMerge-E3-Series-Account-Takeover.html
- https://eg.linkedin.com/in/omar-1-hashem
classification:
cve-id: CVE-2022-31798
metadata:
shodan-query: http.title:"eMerge"
verified: "true"