admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

Browse Source
This commit is contained in:
ghost
2026-01-11 23:58:10 +00:00
parent 456917b9c0
commit 45de985c3b
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@@ -377,6 +377,7 @@
{"ID":"CVE-2016-10973","Info":{"Name":"Brafton WordPress Plugin \u003c 3.4.8 - Cross-Site Scripting","Severity":"medium","Description":"The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-10973.yaml"}
{"ID":"CVE-2016-10976","Info":{"Name":"Safe Editor Plugin \u003c 1.2 - CSS/JS-injection","Severity":"medium","Description":"The safe-editor plugin before 1.2 for WordPress has no se_save authentication, with resultant XSS.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-10976.yaml"}
{"ID":"CVE-2016-10993","Info":{"Name":"ScoreMe Theme - Cross-Site Scripting","Severity":"medium","Description":"WordPress ScoreMe theme through 2016-04-01 contains a reflected cross-site scripting vulnerability via the s parameter which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2016/CVE-2016-10993.yaml"}
{"ID":"CVE-2016-15041","Info":{"Name":"MainWP Dashboard \u003c= 3.1.2 - Stored Cross-Site Scripting","Severity":"high","Description":"MainWP Dashboard The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress versions up to 3.1.2 contains a stored cross-site scripting caused by insufficient input sanitization and output escaping in 'mwp_setup_purchase_username' parameter, letting unauthenticated attackers inject and execute arbitrary scripts when users access affected pages.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2016/CVE-2016-15041.yaml"}
{"ID":"CVE-2016-15042","Info":{"Name":"WordPress Frontend File Manager \u003c 4.0 \u0026 N-Media Post Frontend \u003c 1.1 - Arbitrary File Upload","Severity":"critical","Description":"The Frontend File Manager plugin (\u003c4.0) and N-Media Post Front-end Form plugin (\u003c1.1) for WordPress were vulnerable to arbitrary file uploads due to missing file type validation. This allowed unauthenticated attackers to upload arbitrary files and potentially achieve remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-15042.yaml"}
{"ID":"CVE-2016-15043","Info":{"Name":"WP Mobile Detector \u003c= 3.5 - Unrestricted File Upload","Severity":"critical","Description":"WP Mobile Detector plugin for WordPress \u003c= 3.5 contains an unrestricted file upload vulnerability caused by missing file type validation in resize.php, letting unauthenticated attackers upload arbitrary files, potentially leading to remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-15043.yaml"}
{"ID":"CVE-2016-1555","Info":{"Name":"NETGEAR WNAP320 Access Point Firmware - Remote Command Injection","Severity":"critical","Description":"NETGEAR WNAP320 Access Point Firmware version 2.0.3 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-1555.yaml"}

2
cves.json-checksum.txt
View File

@@ -1 +1 @@
8ce8439a513d625134eac84f0fa95032
caf064fd7a56497f21981fd2fa6883b8