From 1437dc1f59bfe2e8256763dc86a8db5f341ca5fe Mon Sep 17 00:00:00 2001
From: MostInterestingBotInTheWorld
<98333686+MostInterestingBotInTheWorld@users.noreply.github.com>
Date: Wed, 21 Sep 2022 17:42:27 -0400
Subject: [PATCH] Dashboard Content Enhancements (#5436)
Dashboard Content Enhancements
---
cves/2008/CVE-2008-1061.yaml | 1 -
cves/2021/CVE-2021-24214.yaml | 8 +++++---
cves/2022/CVE-2022-0678.yaml | 8 +++++---
miscellaneous/addeventlistener-detect.yaml | 9 ++++++++-
misconfiguration/xss-deprecated-header.yaml | 7 +++----
vulnerabilities/drupal/drupal-avatar-xss.yaml | 13 ++++++++++---
vulnerabilities/gnuboard/gnuboard-sms-xss.yaml | 10 ++++++++--
vulnerabilities/gnuboard/gnuboard5-rxss.yaml | 11 +++++++++--
vulnerabilities/gnuboard/gnuboard5-xss.yaml | 10 ++++++++--
vulnerabilities/httpbin/httpbin-xss.yaml | 9 ++++++++-
vulnerabilities/ibm/eclipse-help-system-xss.yaml | 12 ++++++++++--
.../laravel/laravel-ignition-xss.yaml | 14 ++++++++++----
.../moodle/moodle-filter-jmol-xss.yaml | 10 ++++++++--
vulnerabilities/moodle/moodle-xss.yaml | 11 +++++++++--
vulnerabilities/netsweeper/netsweeper-rxss.yaml | 10 +++++++++-
vulnerabilities/oracle/oracle-ebs-xss.yaml | 5 +++--
vulnerabilities/other/avada-xss.yaml | 12 +++++++++---
vulnerabilities/other/carrental-xss.yaml | 11 ++++++++---
vulnerabilities/other/ckan-dom-based-xss.yaml | 13 ++++++++++---
vulnerabilities/other/coldfusion-debug-xss.yaml | 12 +++++++++---
vulnerabilities/other/devalcms-xss.yaml | 16 ++++++++++++----
vulnerabilities/other/discourse-xss.yaml | 15 ++++++++++++---
vulnerabilities/other/dzzoffice-xss.yaml | 12 +++++++++---
vulnerabilities/other/empirecms-xss.yaml | 12 ++++++++++--
vulnerabilities/other/eris-xss.yaml | 14 +++++++++++---
.../other/hospital-management-xss.yaml | 14 +++++++++++---
.../other/hospital-management-xss2.yaml | 14 +++++++++++---
vulnerabilities/other/java-melody-xss.yaml | 12 +++++++++---
28 files changed, 234 insertions(+), 71 deletions(-)
diff --git a/cves/2008/CVE-2008-1061.yaml b/cves/2008/CVE-2008-1061.yaml
index 1e178cffdd1..4ed70272db1 100644
--- a/cves/2008/CVE-2008-1061.yaml
+++ b/cves/2008/CVE-2008-1061.yaml
@@ -10,7 +10,6 @@ info:
- https://www.exploit-db.com/exploits/5194
- https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881
- https://nvd.nist.gov/vuln/detail/CVE-2008-1061
- - http://secunia.com/advisories/29099
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
diff --git a/cves/2021/CVE-2021-24214.yaml b/cves/2021/CVE-2021-24214.yaml
index b1bed7feced..cf5a0ecabd5 100644
--- a/cves/2021/CVE-2021-24214.yaml
+++ b/cves/2021/CVE-2021-24214.yaml
@@ -1,13 +1,13 @@
id: CVE-2021-24214
info:
- name: OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error
+ name: WordPress OpenID Connect Generic Client 3.8.0-3.8.1 - Cross-Site Scripting
author: tess
severity: medium
- description: The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration.
+ description: WordPress OpenID Connect Generic Client plugin 3.8.0 and 3.8.1 contains a cross-site scripting vulnerability. It does not sanitize the login error when output back in the login form, thereby not requiring authentication, which can be exploited with the default configuration.
reference:
- https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10
- - https://nvd.nist.gov/vuln/detail/CVE-2021-24214
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24214
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-24214
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@@ -39,3 +39,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2022/09/19
diff --git a/cves/2022/CVE-2022-0678.yaml b/cves/2022/CVE-2022-0678.yaml
index 10718c58dd8..e551ad2a55a 100644
--- a/cves/2022/CVE-2022-0678.yaml
+++ b/cves/2022/CVE-2022-0678.yaml
@@ -1,16 +1,16 @@
id: CVE-2022-0678
info:
- name: Microweber < 1.2.11- Cross-Site Scripting
+ name: Packagist <1.2.11 - Cross-Site Scripting
author: tess
severity: medium
description: |
- Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11. User can escape the meta tag because the user doesn't escape the double-quote in the $redirectUrl parameter when logging out.
+ Packagist prior to 1.2.11 contains a cross-site scripting vulnerability via microweber/microweber. User can escape the meta tag because the user doesn't escape the double-quote in the $redirectUrl parameter when logging out.
reference:
- https://huntr.dev/bounties/d707137a-aace-44c5-b15c-1807035716c0/
- https://twitter.com/CVEnew/status/1495001503249178624?s=20&t=sfABvm7oG39Fd6rG44vQWg
- - https://nvd.nist.gov/vuln/detail/CVE-2022-0678
- https://huntr.dev/bounties/d707137a-aace-44c5-b15c-1807035716c0
+ - https://nvd.nist.gov/vuln/detail/CVE-2022-0678
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@@ -43,3 +43,5 @@ requests:
- type: status
status:
- 404
+
+# Enhanced by md on 2022/09/19
diff --git a/miscellaneous/addeventlistener-detect.yaml b/miscellaneous/addeventlistener-detect.yaml
index 8150161f44d..379295999f2 100644
--- a/miscellaneous/addeventlistener-detect.yaml
+++ b/miscellaneous/addeventlistener-detect.yaml
@@ -1,11 +1,16 @@
id: addeventlistener-detect
info:
- name: DOM EventListener detection
+ name: DOM EventListener - Cross-Site Scripting
author: yavolo,dwisiswant0
severity: info
+ description: EventListener contains a cross-site scripting vulnerability via the document object model (DOM). An attacker can execute arbitrary script which can then allow theft of cookie-based authentication credentials and launch of other attacks.
reference:
- https://portswigger.net/web-security/dom-based/controlling-the-web-message-source
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
tags: xss,misc
requests:
@@ -18,3 +23,5 @@ requests:
part: body
regex:
- (([\w\_]+)\.)?add[Ee]vent[Ll]istener\(["']?[\w\_]+["']? # Test cases: https://www.regextester.com/?fam=121118
+
+# Enhanced by md on 2022/09/19
diff --git a/misconfiguration/xss-deprecated-header.yaml b/misconfiguration/xss-deprecated-header.yaml
index e791f5adfde..bfafb768703 100644
--- a/misconfiguration/xss-deprecated-header.yaml
+++ b/misconfiguration/xss-deprecated-header.yaml
@@ -4,14 +4,13 @@ info:
name: XSS-Protection Header - Cross-Site Scripting
author: joshlarsen
severity: info
- description: XSS-Protection header in Explorer, Chrome, and Safari contains a cross-site scripting vulnerability if set to any value other than `0`.
+ description: Setting the XSS-Protection header is deprecated. Setting the header to anything other than `0` can actually introduce an XSS vulnerability.
reference:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
- https://owasp.org/www-project-secure-headers/#x-xss-protection
classification:
- cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
- cvss-score: 7.2
- cwe-id: CWE-79
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+ cvss-score: 0.0
tags: xss,misconfig,generic
requests:
diff --git a/vulnerabilities/drupal/drupal-avatar-xss.yaml b/vulnerabilities/drupal/drupal-avatar-xss.yaml
index a61b33b0161..4628dd1929a 100644
--- a/vulnerabilities/drupal/drupal-avatar-xss.yaml
+++ b/vulnerabilities/drupal/drupal-avatar-xss.yaml
@@ -1,13 +1,18 @@
id: drupal-avatar-xss
info:
- name: Drupal avatar_uploader v7.x-1.0-beta8 - Cross-Site Scripting
+ name: Drupal Avatar Uploader - Cross-Site Scripting
author: bywalks
- severity: medium
+ severity: high
description: |
- This plugin creates a avatar_uploader from any post types. The slider import search feature and tab parameter via plugin settings are vulnerable to reflected cross-site scripting.
+ Drupal Avatar Uploader v7.x-1.0-beta8 plugin contains a cross-site scripting vulnerability in the slider import search feature and tab parameter via plugin settings.
reference:
- https://www.exploit-db.com/exploits/50841
+ - https://packetstormsecurity.com/files/166409/Drupal-Avatar-Upload-7.x-1.0-beta8-Cross-Site-Scripting.html
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
tags: xss,drupal,edb
requests:
@@ -31,3 +36,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2022/09/19
diff --git a/vulnerabilities/gnuboard/gnuboard-sms-xss.yaml b/vulnerabilities/gnuboard/gnuboard-sms-xss.yaml
index ac137267787..21bad6a8870 100644
--- a/vulnerabilities/gnuboard/gnuboard-sms-xss.yaml
+++ b/vulnerabilities/gnuboard/gnuboard-sms-xss.yaml
@@ -1,13 +1,17 @@
id: gnuboard-sms-xss
info:
- name: Gnuboard CMS - SMS Emoticon Cross-Site Scripting
+ name: Gnuboard CMS - Cross-Site Scripting
author: gy741
severity: medium
- description: A vulnerability in Gnuboard CMS allows remote attackers to inject arbitrary Javascript into the responses returned by the server.
+ description: Gnuboard CMS contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary JavaScript into the responses returned by the server.
reference:
- https://sir.kr/g5_pds/4788?page=5
- https://github.com/gnuboard/gnuboard5/commit/8182cac90d2ee2f9da06469ecba759170e782ee3
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
metadata:
verified: true
shodan-query: http.html:"Gnuboard"
@@ -33,3 +37,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2022/09/19
diff --git a/vulnerabilities/gnuboard/gnuboard5-rxss.yaml b/vulnerabilities/gnuboard/gnuboard5-rxss.yaml
index 383d3f0720f..f5622ae8d16 100644
--- a/vulnerabilities/gnuboard/gnuboard5-rxss.yaml
+++ b/vulnerabilities/gnuboard/gnuboard5-rxss.yaml
@@ -1,13 +1,18 @@
id: gnuboard5-rxss
info:
- name: Gnuboard5 - Cross-Site Scripting
+ name: Gnuboard 5 - Cross-Site Scripting
author: arafatansari
severity: medium
description: |
- Gnuboard 5 is vulnerable to reflected XSS via $_GET['LGD_OID'].
+ Gnuboard 5 contains a cross-site scripting vulnerability via the $_GET['LGD_OID'] parameter.
reference:
- https://huntr.dev/bounties/ed317cde-9bd1-429e-b6d3-547e72534dd5/
+ - https://vulners.com/huntr/25775287-88CD-4F00-B978-692D627DFF04
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
metadata:
verified: true
shodan-query: http.html:"gnuboard5"
@@ -32,3 +37,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2022/09/19
diff --git a/vulnerabilities/gnuboard/gnuboard5-xss.yaml b/vulnerabilities/gnuboard/gnuboard5-xss.yaml
index 7d6a45de353..8bc27e5a809 100644
--- a/vulnerabilities/gnuboard/gnuboard5-xss.yaml
+++ b/vulnerabilities/gnuboard/gnuboard5-xss.yaml
@@ -1,13 +1,17 @@
id: gnuboard5-xss
info:
- name: Gnuboard5 - Cross-Site Scripting
+ name: Gnuboard 5 - Cross-Site Scripting
author: arafatansari
severity: medium
description: |
- Gnuboard 5 is vulnerable to reflected XSS to a flaw in the clean_xss_tags() function called in new.php.
+ Gnuboard 5 contains a cross-site scripting vulnerability via the clean_xss_tags() function called in new.php.
reference:
- https://huntr.dev/bounties/ad2a9b32-fe6c-43e9-9b05-2c77c58dde6a/
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
metadata:
verified: true
shodan-query: http.html:"gnuboard5"
@@ -32,3 +36,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2022/09/19
diff --git a/vulnerabilities/httpbin/httpbin-xss.yaml b/vulnerabilities/httpbin/httpbin-xss.yaml
index 7282471d26f..8eae46e2746 100644
--- a/vulnerabilities/httpbin/httpbin-xss.yaml
+++ b/vulnerabilities/httpbin/httpbin-xss.yaml
@@ -3,9 +3,14 @@ id: httpbin-xss
info:
name: HTTPBin - Cross-Site Scripting
author: Adam Crosser
- severity: medium
+ severity: high
+ description: HTTPBin contains a cross-site scripting vulnerability which can allow an attacker to execute arbitrary script. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
reference:
- https://github.com/postmanlabs/httpbin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
metadata:
shodan-query:
- html:"https://github.com/requests/httpbin"
@@ -32,3 +37,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2022/09/19
diff --git a/vulnerabilities/ibm/eclipse-help-system-xss.yaml b/vulnerabilities/ibm/eclipse-help-system-xss.yaml
index 4581fcf6474..c219abe8049 100644
--- a/vulnerabilities/ibm/eclipse-help-system-xss.yaml
+++ b/vulnerabilities/ibm/eclipse-help-system-xss.yaml
@@ -1,9 +1,15 @@
id: eclipse-help-system-xss
info:
- name: Eclipse Help System Cross-Site Scripting
+ name: IBM Eclipse Help System - Cross-Site Scripting
author: pikpikcu
- severity: medium
+ severity: high
+ description: IBM Eclipse Help System 6.1.0 through 6.1.0.6, 6.1.5 through 6.1.5.3, 7.0 through 7.0.0.2, and 8.0 prior to 8.0.0.1 contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site.
+ reference: https://packetstormsecurity.com/files/131924/IBM-Eclipse-Help-System-IEHS-Cross-Site-Scripting.html
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
tags: ibm,xss
requests:
@@ -23,3 +29,5 @@ requests:
words:
- "text/html"
part: header
+
+# Enhanced by md on 2022/09/19
diff --git a/vulnerabilities/laravel/laravel-ignition-xss.yaml b/vulnerabilities/laravel/laravel-ignition-xss.yaml
index ba60d9239a9..0ca4168edb9 100644
--- a/vulnerabilities/laravel/laravel-ignition-xss.yaml
+++ b/vulnerabilities/laravel/laravel-ignition-xss.yaml
@@ -1,16 +1,20 @@
id: laravel-ignition-xss
info:
- name: Laravel Ignition Cross-Site Scripting
+ name: Laravel Ignition - Cross-Site Scripting
author: 0x_Akoko
- severity: medium
+ severity: high
description: |
- Laravel's Ignition contains a cross-site scripting vulnerability when debug mode is enabled.
+ Laravel Ignition contains a cross-site scripting vulnerability when debug mode is enabled.
remediation: |
- Disable Laravel's debug mode by setting APP_DEBUG to false.
+ Disable debug mode by setting APP_DEBUG to false.
reference:
- https://www.acunetix.com/vulnerabilities/web/laravel-ignition-reflected-cross-site-scripting/
- https://github.com/facade/ignition/issues/273
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
tags: laravel,xss,ignition
requests:
@@ -33,3 +37,5 @@ requests:
- type: status
status:
- 500
+
+# Enhanced by md on 2022/09/19
diff --git a/vulnerabilities/moodle/moodle-filter-jmol-xss.yaml b/vulnerabilities/moodle/moodle-filter-jmol-xss.yaml
index 4c3f3c6236e..d60d37ee187 100644
--- a/vulnerabilities/moodle/moodle-filter-jmol-xss.yaml
+++ b/vulnerabilities/moodle/moodle-filter-jmol-xss.yaml
@@ -1,12 +1,16 @@
id: moodle-filter-jmol-xss
info:
- name: Moodle filter_jmol - Cross-Site Scripting
+ name: Moodle Jsmol - Cross-Site Scripting
author: madrobot
severity: medium
- description: Cross-site scripting on Moodle.
+ description: Moodle contains a cross-site scripting vulnerability via the Jsmol plugin and may also be susceptible to local file inclusion or server-side-request forgery. An attacker can execute arbitrary script in the browser of an unsuspecting user and steal cookie-based authentication credentials and launch other attacks.
reference:
- https://www.dionach.com/blog/moodle-jmol-plugin-multiple-vulnerabilities/
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
tags: moodle,xss
requests:
@@ -29,3 +33,5 @@ requests:
part: header
words:
- "text/html"
+
+# Enhanced by md on 2022/09/19
diff --git a/vulnerabilities/moodle/moodle-xss.yaml b/vulnerabilities/moodle/moodle-xss.yaml
index 5dcfe36be5a..e94f6bb2929 100644
--- a/vulnerabilities/moodle/moodle-xss.yaml
+++ b/vulnerabilities/moodle/moodle-xss.yaml
@@ -1,12 +1,17 @@
id: moodle-xss
info:
- name: Moodle redirect_uri - Cross-Site Scripting
+ name: Moodle - Cross-Site Scripting
author: hackergautam
severity: medium
- description: XSS in moodle via redirect_uri parameter
+ description: Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, and earlier unsupported versions contain a cross-site scripting vulnerability via the redirect_uri parameter.
reference:
- https://twitter.com/JacksonHHax/status/1391367064154042377
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-32478
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
tags: moodle,xss
requests:
@@ -31,3 +36,5 @@ requests:
part: header
words:
- "text/html"
+
+# Enhanced by md on 2022/09/19
diff --git a/vulnerabilities/netsweeper/netsweeper-rxss.yaml b/vulnerabilities/netsweeper/netsweeper-rxss.yaml
index 8b85901e9fd..285bd2e95d8 100644
--- a/vulnerabilities/netsweeper/netsweeper-rxss.yaml
+++ b/vulnerabilities/netsweeper/netsweeper-rxss.yaml
@@ -3,9 +3,15 @@ id: netsweeper-rxss
info:
name: Netsweeper 4.0.9 - Cross-Site Scripting
author: daffainfo
- severity: medium
+ severity: high
+ description: Netsweeper 4.0.9 contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
reference:
- https://packetstormsecurity.com/files/download/133034/netsweeper-issues.tgz
+ - https://www.exploit-db.com/exploits/37930
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
tags: xss,packetstorm,netsweeper
requests:
@@ -28,3 +34,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2022/09/19
diff --git a/vulnerabilities/oracle/oracle-ebs-xss.yaml b/vulnerabilities/oracle/oracle-ebs-xss.yaml
index 23bd3eea02e..b2ceaad71d3 100644
--- a/vulnerabilities/oracle/oracle-ebs-xss.yaml
+++ b/vulnerabilities/oracle/oracle-ebs-xss.yaml
@@ -1,11 +1,10 @@
id: oracle-ebs-xss
info:
- name: Oracle EBS - Cross-Site Scripting
+ name: Oracle E-Business Suite - Cross-Site Scripting
author: dhiyaneshDk
severity: medium
reference:
- - https://www.blackhat.com/docs/us-16/materials/us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite-wp-4.pdf
- https://www.blackhat.com/docs/us-16/materials/us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite.pdf
- http://www.davidlitchfield.com/AssessingOraclee-BusinessSuite11i.pdf
tags: oracle,xss,ebs
@@ -31,3 +30,5 @@ requests:
words:
- "text/html"
part: header
+
+# Enhanced by md on 2022/09/19
diff --git a/vulnerabilities/other/avada-xss.yaml b/vulnerabilities/other/avada-xss.yaml
index ccfb12bf6fc..803af861174 100644
--- a/vulnerabilities/other/avada-xss.yaml
+++ b/vulnerabilities/other/avada-xss.yaml
@@ -1,13 +1,17 @@
id: avada-xss
info:
- name: Avada < 7.4.2 - Cross-Site Scripting
+ name: WordPress Avada Website Builder <7.4.2 - Cross-Site Scripting
author: Akincibor
- severity: medium
- description: The theme does not properly escape bbPress searches before outputting them back as breadcrumbs, leading to a Reflected Cross-Site Scripting issue.
+ severity: high
+ description: WordPress Avada Website Builder prior to 7.4.2 contains a cross-site scripting vulnerability. The theme does not properly escape bbPress searches before outputting them back as breadcrumbs.
reference:
- https://wpscan.com/vulnerability/eb172b07-56ab-41ce-92a1-be38bab567cb
- https://theme-fusion.com/documentation/avada/installation-maintenance/avada-changelog/
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
tags: xss,wp,wordpress,wp-theme,avada,wpscan
requests:
@@ -32,3 +36,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2022/09/19
diff --git a/vulnerabilities/other/carrental-xss.yaml b/vulnerabilities/other/carrental-xss.yaml
index c9625edd146..e019b94bd6a 100644
--- a/vulnerabilities/other/carrental-xss.yaml
+++ b/vulnerabilities/other/carrental-xss.yaml
@@ -1,14 +1,18 @@
id: carrental-xss
info:
- name: Car Rental Management System v1.0 - Stored Cross-Site Scripting
+ name: Car Rental Management System 1.0 - Cross-Site Scripting
author: arafatansari
severity: medium
description: |
- Car Rental Management System v1.0 is vulnerable to Cross Site Scripting via admin/ajax.php?action=save_category in Name and Description Parameter.
+ Car Rental Management System 1.0 contains a cross-site scripting vulnerability via admin/ajax.php?action=save_category in Name and Description parameter.
reference:
- https://www.exploit-db.com/exploits/49546
- https://www.sourcecodester.com/
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
metadata:
verified: true
shodan-query: http.html:"Car Rental Management System"
@@ -31,7 +35,6 @@ requests:
------WebKitFormBoundaryCMJ5bh3B6m9767Em
Content-Disposition: form-data; name="id"
-
------WebKitFormBoundaryCMJ5bh3B6m9767Em
Content-Disposition: form-data; name="name"
@@ -64,3 +67,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2022/09/19
diff --git a/vulnerabilities/other/ckan-dom-based-xss.yaml b/vulnerabilities/other/ckan-dom-based-xss.yaml
index 75408652e96..2aa02c7ee93 100644
--- a/vulnerabilities/other/ckan-dom-based-xss.yaml
+++ b/vulnerabilities/other/ckan-dom-based-xss.yaml
@@ -1,12 +1,17 @@
id: ckan-dom-based-xss
info:
- name: CKAN DOM Based Cross-Site Scripting
+ name: Ckan - DOM Cross-Site Scripting
author: dhiyaneshDk
- severity: medium
- description: CKAN uses the old jQuery Sparkle library which is vulnerable to DOM Based XSS.
+ severity: high
+ description: Ckan contains a cross-site scripting vulnerability in the document object model via the previous version of the jQuery Sparkle library. An attacker can execute arbitrary script and thus can steal cookie-based authentication credentials and launch other attacks.
reference:
- https://github.com/ckan/ckan/blob/b9e45e2723d4abd70fa72b16ec4a0bebc795c56b/ckan/public/base/javascript/view-filters.js#L27
+ - https://security.snyk.io/vuln/SNYK-PYTHON-CKAN-42010
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
tags: dom,xss
requests:
@@ -28,3 +33,5 @@ requests:
words:
- 'text/html'
part: header
+
+# Enhanced by md on 2022/09/20
diff --git a/vulnerabilities/other/coldfusion-debug-xss.yaml b/vulnerabilities/other/coldfusion-debug-xss.yaml
index 0aa70de503a..ad8dc226e09 100644
--- a/vulnerabilities/other/coldfusion-debug-xss.yaml
+++ b/vulnerabilities/other/coldfusion-debug-xss.yaml
@@ -1,12 +1,16 @@
id: coldfusion-debug-xss
info:
- name: Adobe ColdFusion Debug Page Cross-Site Scripting
+ name: Adobe ColdFusion - Cross-Site Scripting
author: dhiyaneshDK
- severity: medium
- description: The remote Adobe ColdFusion debug page has been left open to unauthenticated users, this could allow remote attackers to trigger a reflected cross site scripting against the visitors of the site.
+ severity: high
+ description: Adobe ColdFusion debug page contains a cross-site scripting vulnerability when the application is running on a remote host. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
reference:
- https://github.com/jaeles-project/jaeles-signatures/blob/master/common/coldfusion-debug-xss.yaml
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
metadata:
shodan-query: http.component:"Adobe ColdFusion"
tags: adobe,coldfusion,xss
@@ -32,3 +36,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2022/09/20
diff --git a/vulnerabilities/other/devalcms-xss.yaml b/vulnerabilities/other/devalcms-xss.yaml
index ed7a954353f..a8bcb41187b 100644
--- a/vulnerabilities/other/devalcms-xss.yaml
+++ b/vulnerabilities/other/devalcms-xss.yaml
@@ -1,13 +1,19 @@
-id: devalcms-xss
+id: CVE-2008-6982
info:
- name: Devalcms 1.4A - Cross-Site Scripting
+ name: Devalcms 1.4a - Cross-Site Scripting
author: arafatansari
- severity: medium
+ severity: high
description: |
- Devalcms 1.4A is affected by Cross-Site Scripting (rXSS) in the 'currentpath' parameter of the index.php file.
+ Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file.
reference:
- https://www.exploit-db.com/exploits/6369
+ - https://www.cvedetails.com/cve/CVE-2008-6982
+ - https://nvd.nist.gov/vuln/detail/CVE-2008-6982
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
metadata:
verified: true
tags: devalcms,xss,cms,edb
@@ -32,3 +38,5 @@ requests:
- type: status
status:
- 500
+
+# Enhanced by md on 2022/09/20
diff --git a/vulnerabilities/other/discourse-xss.yaml b/vulnerabilities/other/discourse-xss.yaml
index 27bf55e7c85..8e0cd4d89f4 100644
--- a/vulnerabilities/other/discourse-xss.yaml
+++ b/vulnerabilities/other/discourse-xss.yaml
@@ -1,10 +1,17 @@
id: discourse-xss
info:
- name: Discourse CMS - Cross-Site Scripting
+ name: Discourse - Cross-Site Scripting
author: madrobot
- severity: medium
- description: Cross-site scripting (XSS) on Discourse CMS
+ severity: high
+ description: Discourse contains a cross-site scripting vulnerability. An attacker can execute arbitrary script and thus steal cookie-based authentication credentials and launch other attacks.
+ reference:
+ - https://www.cvedetails.com/vulnerability-list/vendor_id-20185/product_id-57316/opxss-1/Discourse-Discourse.html
+ - https://github.com/discourse/discourse/security/advisories/GHSA-xhmc-9jwm-wqph
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
tags: xss,discourse
requests:
@@ -26,3 +33,5 @@ requests:
words:
- "text/html"
part: header
+
+# Enhanced by md on 2022/09/20
diff --git a/vulnerabilities/other/dzzoffice-xss.yaml b/vulnerabilities/other/dzzoffice-xss.yaml
index 6d494d58e7f..26c26cb8cc9 100644
--- a/vulnerabilities/other/dzzoffice-xss.yaml
+++ b/vulnerabilities/other/dzzoffice-xss.yaml
@@ -1,13 +1,17 @@
id: dzzoffice-xss
info:
- name: Dzzoffice 2.02.1_SC_UTF8 - Cross-Site Scripting
+ name: Dzzoffice 2.02.1 - Cross-Site Scripting
author: arafatansari
- severity: medium
+ severity: high
description: |
- A XSS vulnerability was discovered in dzzoffice 2.02.1_SC_UTF8, There is a Reflected XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML via the zero parameter.
+ Dzzoffice 2.02.1_SC_UTF8 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the zero parameter.
reference:
- https://github.com/zyx0814/dzzoffice/issues/183
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
metadata:
verified: true
shodan-query: http.html:"dzzoffice"
@@ -36,3 +40,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2022/09/20
diff --git a/vulnerabilities/other/empirecms-xss.yaml b/vulnerabilities/other/empirecms-xss.yaml
index 6fa8d62c0bc..fc4b3ded0c0 100644
--- a/vulnerabilities/other/empirecms-xss.yaml
+++ b/vulnerabilities/other/empirecms-xss.yaml
@@ -1,11 +1,17 @@
id: empirecms-xss
info:
- name: EmpireCMS v75 Cross-Site Scripting
+ name: EmpireCMS 7.5 - Cross-Site Scripting
author: pikpikcu
- severity: medium
+ severity: high
+ description: EmpireCMS 7.5 contains a cross-site scripting vulnerability. An attacker can execute arbitrary script and thus steal cookie-based authentication credentials and launch other attacks.
reference:
- https://www.geek-share.com/detail/2777280260.html
+ - https://github.com/leadscloud/EmpireCMS/issues/4
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
tags: empirecms,xss
requests:
@@ -23,3 +29,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2022/09/20
diff --git a/vulnerabilities/other/eris-xss.yaml b/vulnerabilities/other/eris-xss.yaml
index 29bf5c34c01..2b595af930b 100644
--- a/vulnerabilities/other/eris-xss.yaml
+++ b/vulnerabilities/other/eris-xss.yaml
@@ -1,11 +1,17 @@
id: eris-xss
info:
- name: Complete Online Job Search System v1.0 - Cross-Site Scripting
+ name: Complete Online Job Search System 1.0 - Cross-Site Scripting
author: arafatansari
- severity: medium
+ severity: high
description: |
- Complete Online Job Search System v1.0 is vulnerable to Reflected Cross Site Scripting via index.php?q=advancesearch.
+ Complete Online Job Search System 1.0 contains a cross-site scripting vulnerability via index.php?q=advancesearch.
+ reference:
+ - https://github.com/debug601/bug_report/blob/main/vendors/campcodes.com/online-job-search-system/SQLi-9.md
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
metadata:
verified: true
tags: cve,cve2022,xss,eris
@@ -36,3 +42,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2022/09/20
diff --git a/vulnerabilities/other/hospital-management-xss.yaml b/vulnerabilities/other/hospital-management-xss.yaml
index 4824df0fb74..6606ce078fc 100644
--- a/vulnerabilities/other/hospital-management-xss.yaml
+++ b/vulnerabilities/other/hospital-management-xss.yaml
@@ -1,11 +1,17 @@
id: hospital-management-xss
info:
- name: Hospital Management System v1.0 - Cross Site Scripting
+ name: Hospital Management System 1.0 - Cross-Site Scripting
author: arafatansari
- severity: medium
+ severity: high
description: |
- Hospital Management System v1.0 was discovered to contain a XSS vulnerability via the searchdata parameter in doctor/search.php.
+ Hospital Management System 1.0 contains a cross-site scripting vulnerability via the searchdata parameter in doctor/search.php.
+ reference:
+ - https://vulmon.com/vulnerabilitydetails?qid=CVE-2021-39411&scoretype=cvssv3
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
metadata:
verified: true
shodan-query: http.html:"Hospital Management System"
@@ -37,3 +43,5 @@ requests:
- "status_code_2 == 200"
- contains(body_2, 'Result against \"\" keyword')
condition: and
+
+# Enhanced by md on 2022/09/20
diff --git a/vulnerabilities/other/hospital-management-xss2.yaml b/vulnerabilities/other/hospital-management-xss2.yaml
index fbaeb204d78..a858821df49 100644
--- a/vulnerabilities/other/hospital-management-xss2.yaml
+++ b/vulnerabilities/other/hospital-management-xss2.yaml
@@ -1,11 +1,17 @@
id: hospital-management-xss2
info:
- name: Hospital Management System v1.0 - Cross Site Scripting
+ name: Hospital Management System 1.0 - Cross-Site Scripting
author: arafatansari
- severity: medium
+ severity: high
description: |
- Hospital Management System v1.0 was discovered to contain a XSS vulnerability via the searchdata parameter in patient-search.php.
+ Hospital Management System 1.0 contains a cross-site scripting vulnerability via the searchdata parameter in patient-search.php.
+ reference:
+ - https://vulmon.com/vulnerabilitydetails?qid=CVE-2021-39411&scoretype=cvssv3
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
metadata:
verified: true
shodan-query: http.html:"Hospital Management System"
@@ -37,3 +43,5 @@ requests:
- "status_code_2 == 200"
- contains(body_2, 'Result against \"\" keyword')
condition: and
+
+# Enhanced by md on 2022/09/20
diff --git a/vulnerabilities/other/java-melody-xss.yaml b/vulnerabilities/other/java-melody-xss.yaml
index efa41edf75e..3c43c2a4352 100644
--- a/vulnerabilities/other/java-melody-xss.yaml
+++ b/vulnerabilities/other/java-melody-xss.yaml
@@ -1,13 +1,17 @@
id: java-melody-xss
info:
- name: JavaMelody Monitoring - Cross-Site Scripting
+ name: JavaMelody - Cross-Site Scripting
author: kailashbohara
- severity: medium
- description: Reflected cross site scripting (XSS) in JavaMelody monitoring.
+ severity: high
+ description: JavaMelody contains a cross-site scripting vulnerability via the monitoring parameter. An attacker can execute arbitrary script in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
reference:
- https://github.com/Hurdano/JavaMelody-XSS
- https://github.com/javamelody/javamelody/pull/555
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 7.2
+ cwe-id: CWE-79
tags: xss,javamelody
requests:
@@ -29,3 +33,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by md on 2022/09/20