admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

Browse Source
This commit is contained in:
ghost
2025-12-09 04:15:47 +00:00
parent 1995515bd6
commit decee258ed
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@@ -1028,6 +1028,7 @@
{"ID":"CVE-2020-20300","Info":{"Name":"WeiPHP 5.0 - SQL Injection","Severity":"critical","Description":"WeiPHP 5.0 contains a SQL injection vulnerability via the wp_where function. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-20300.yaml"}
{"ID":"CVE-2020-2036","Info":{"Name":"Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting","Severity":"high","Description":"PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-2036.yaml"}
{"ID":"CVE-2020-20601","Info":{"Name":"ThinkCMF X2.2.2 - Remote Code Execution","Severity":"critical","Description":"ThinkCMF X2.2.2 and below contain a remote code execution caused by processing crafted packets, letting attackers execute arbitrary code remotely, exploit requires sending malicious packets.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-20601.yaml"}
{"ID":"CVE-2020-20627","Info":{"Name":"GiveWP - Missing Authorization to Settings Update","Severity":"medium","Description":"GiveWP plugin through 2.5.9 for WordPress contains an unauthenticated settings change caused by insecure access in includes/gateways/stripe/includes/admin/admin-actions.php, letting attackers modify settings without authentication, exploit requires no authentication.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-20627.yaml"}
{"ID":"CVE-2020-2096","Info":{"Name":"Jenkins Gitlab Hook \u003c=1.4.2 - Cross-Site Scripting","Severity":"medium","Description":"Jenkins Gitlab Hook 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected cross-site scripting vulnerability.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-2096.yaml"}
{"ID":"CVE-2020-20982","Info":{"Name":"shadoweb wdja v1.5.1 - Cross-Site Scripting","Severity":"critical","Description":"shadoweb wdja v1.5.1 is susceptible to cross-site scripting because it allows attackers to execute arbitrary code and gain escalated privileges via the backurl parameter to /php/passport/index.php.","Classification":{"CVSSScore":"9.6"}},"file_path":"http/cves/2020/CVE-2020-20982.yaml"}
{"ID":"CVE-2020-20988","Info":{"Name":"DomainMOD 4.13.0 - Cross-Site Scripting","Severity":"medium","Description":"DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the \"or Expiring Between\" parameter.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2020/CVE-2020-20988.yaml"}

2
cves.json-checksum.txt
View File

@@ -1 +1 @@
b3ba80fef3f3b97b9acf2a03c6275220
d8af8c3690770e8c69cc1314678397d9