STRLCPY/scan4all

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2008/CVE-2008-1059.yaml

		skipped 11 lines
12	12		- https://nvd.nist.gov/vuln/detail/CVE-2008-1059
13	13		- https://web.archive.org/web/20090615225856/http://secunia.com/advisories/29099/
14	14		classification:
15		-	cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
16		-	cvss-score: 7.5
17		-	cve-id: CVE-2008-1061
18		-	cwe-id: CWE-22
	15	+	cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
	16	+	cvss-score: 7.2
	17	+	cve-id: CVE-2008-1059
	18	+	cwe-id: CWE-79
19	19		tags: lfi,cve,cve2008,wordpress,wp-plugin,wp,sniplets,edb,wpscan
20	20
21	21		requests:
		skipped 19 lines

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2008/CVE-2008-1061.yaml

		skipped 2 lines
3	3		info:
4	4		name: WordPress Sniplets <=1.2.2 - Cross-Site Scripting
5	5		author: dhiyaneshDK
6		-	severity: medium
	6	+	severity: high
7	7		description: \|
8	8		WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php.
9	9		reference:
		skipped 2 lines
12	12		- https://nvd.nist.gov/vuln/detail/CVE-2008-1061
13	13		- http://secunia.com/advisories/29099
14	14		classification:
	15	+	cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
	16	+	cvss-score: 7.2
15	17		cve-id: CVE-2008-1061
	18	+	cwe-id: CWE-79
16	19		tags: xss,wp-plugin,wp,edb,wpscan,cve,cve2008,wordpress,sniplets
17	20
18	21		requests:
		skipped 23 lines

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2014/CVE-2014-8676.yaml

1	1		id: CVE-2014-8676
2	2
3	3		info:
4		-	name: Simple Online Planning Tool 1.3.2 - Directory Traversal
	4	+	name: Simple Online Planning Tool <1.3.2 - Local File Inclusion
5	5		author: 0x_Akoko
6	6		severity: medium
7	7		description: \|
8		-	Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.
	8	+	SOPlanning <1.32 contain a directory traversal in the file_get_contents function via a .. (dot dot) in the fichier parameter.
9	9		reference:
10	10		- https://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html
11		-	- https://nvd.nist.gov/vuln/detail/CVE-2014-8676
12	11		- https://www.exploit-db.com/exploits/37604/
13	12		- http://seclists.org/fulldisclosure/2015/Jul/44
	13	+	- https://nvd.nist.gov/vuln/detail/CVE-2014-8676
14	14		classification:
15	15		cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
16	16		cvss-score: 5.3
		skipped 16 lines
33	33		status:
34	34		- 200
35	35
	36	+	# Enhanced by cs on 2022/09/09
	37	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2018/CVE-2018-16139.yaml

1	1		id: CVE-2018-16139
2	2
3	3		info:
4		-	name: BIBLIOsoft BIBLIOpac 2008 - Cross Site Scripting
	4	+	name: BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting
5	5		author: atomiczsec
6	6		severity: medium
7	7		description: \|
8		-	Cross-site scripting (XSS) vulnerability in BIBLIOsoft BIBLIOpac 2008 allows remote attackers to inject arbitrary web script or HTML via the db or action parameter to to bin/wxis.exe/bibliopac/.
	8	+	BIBLIOsoft BIBLIOpac 2008 contains a cross-site scripting vulnerability via the db or action parameter to bin/wxis.exe/bibliopac/, which allows a remote attacker to inject arbitrary web script or HTML.
9	9		reference:
10	10		- https://www.0x90.zone/web/xss/2019/02/01/XSS-Bibliosoft.html
11	11		- https://nvd.nist.gov/vuln/detail/CVE-2018-16139
12		-	- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16139
13	12		classification:
14	13		cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
15	14		cvss-score: 6.1
16	15		cve-id: CVE-2018-16139
17	16		cwe-id: CWE-79
18	17		metadata:
19		-	verified: true
20	18		shodan-query: title:"Bibliopac"
	19	+	verified: "true"
21	20		tags: cve,cve2018,xss,bibliopac,bibliosoft
22	21
23	22		requests:
		skipped 17 lines
41	40		status:
42	41		- 200
43	42
	43	+	# Enhanced by mp on 2022/09/14
	44	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2020/CVE-2020-13258.yaml

1	1		id: CVE-2020-13258
2	2
3	3		info:
4		-	name: Contentful - Cross-Site Scripting
	4	+	name: Contentful <=2020-05-21 - Cross-Site Scripting
5	5		author: pikpikcu
6	6		severity: medium
7	7		description: \|
8		-	Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter to the-example-app.py.
	8	+	Contentful through 2020-05-21 for Python contains a reflected cross-site scripting vulnerability via the api parameter to the-example-app.py.
9	9		reference:
10	10		- https://github.com/contentful/the-example-app.py/issues/44
11		-	- https://nvd.nist.gov/vuln/detail/CVE-2016-1000140
	11	+	- https://nvd.nist.gov/vuln/detail/CVE-2020-13258
12	12		classification:
13	13		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
14	14		cvss-score: 6.1
		skipped 24 lines
39	39		status:
40	40		- 200
41	41
	42	+	# Enhanced by mp on 2022/09/14
	43	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2020/CVE-2020-13483.yaml

1	1		id: CVE-2020-13483
2	2
3	3		info:
4		-	name: Bitrix24 through 20.0.0 allows Cross-Site Scripting
	4	+	name: Bitrix24 <=20.0.0 - Cross-Site Scripting
5	5		author: pikpikcu,3th1c_yuk1
6	6		severity: medium
7		-	description: The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.
	7	+	description: The Web Application Firewall in Bitrix24 up to and including 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.
8	8		reference:
9	9		- https://gist.github.com/mariuszpoplwski/ca6258cf00c723184ebd2228ba81f558
10	10		- https://twitter.com/brutelogic/status/1483073170827628547
	11	+	- https://nvd.nist.gov/vuln/detail/CVE-2020-13483
11	12		classification:
12	13		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
13	14		cvss-score: 6.1
		skipped 27 lines
41	42		status:
42	43		- 200
43	44
	45	+	# Enhanced by cs 2022/09/14
	46	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2021/CVE-2021-24214.yaml

1	+	id: CVE-2021-24214
2	+	info:
3	+	name: OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error
4	+	author: tess
5	+	severity: medium
6	+	description: The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration.
7	+	reference:
8	+	- https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10
9	+	- https://nvd.nist.gov/vuln/detail/CVE-2021-24214
10	+	- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24214
11	+	classification:
12	+	cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
13	+	cvss-score: 6.1
14	+	cve-id: CVE-2021-24214
15	+	cwe-id: CWE-79
16	+	metadata:
17	+	verified: true
18	+	tags: wpscan,cve,cve2021,wordpress,xss,wp-plugin,wp,openid
19	+
20	+	requests:
21	+	- method: GET
22	+	path:
23	+	- '{{BaseURL}}/wp-login.php?login-error=<script>alert(document.domain)</script>'
24	+
25	+	matchers-condition: and
26	+	matchers:
27	+	- type: word
28	+	part: body
29	+	words:
30	+	- 'ERROR (<script>alert(document.domain)</script>):'
31	+	- 'Login with OpenID Connect'
32	+	condition: and
33	+
34	+	- type: word
35	+	part: header
36	+	words:
37	+	- text/html
38	+
39	+	- type: status
40	+	status:
41	+	- 200
42	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2021/CVE-2021-24276.yaml

1	1		id: CVE-2021-24276
2	2
3	3		info:
4		-	name: Contact Form by Supsystic < 1.7.15 - Cross-Site Scripting
	4	+	name: WordPress Supsystic Contact Form <1.7.15 - Cross-Site Scripting
5	5		author: dhiyaneshDK
6	6		severity: medium
7		-	description: The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
	7	+	description: WordPress Supsystic Contact Form plugin before 1.7.15 contains a cross-site scripting vulnerability. It does not sanitize the tab parameter of its options page before outputting it in an attribute.
8	8		reference:
9	9		- https://wpscan.com/vulnerability/1301123c-5e63-432a-ab90-3221ca532d9c
	10	+	- http://packetstormsecurity.com/files/164308/WordPress-Contact-Form-1.7.14-Cross-Site-Scripting.html
10	11		- https://nvd.nist.gov/vuln/detail/CVE-2021-24276
11		-	- http://packetstormsecurity.com/files/164308/WordPress-Contact-Form-1.7.14-Cross-Site-Scripting.html
12	12		classification:
13	13		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
14	14		cvss-score: 6.1
		skipped 22 lines
37	37		- "text/html"
38	38		part: header
39	39
	40	+	# Enhanced by mp on 2022/09/14
	41	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2021/CVE-2021-24746.yaml

1	1		id: CVE-2021-24746
2	2
3	3		info:
4		-	name: WordPress Sassy Social Share Plugin - Cross-Site Scripting
	4	+	name: WordPress Sassy Social Share Plugin <3.3.40 - Cross-Site Scripting
5	5		author: Supras
6	6		severity: medium
7		-	description: WP plugin Sassy Social Share < 3.3.40 - Reflected Cross-Site Scripting
	7	+	description: WordPress plugin Sassy Social Share < 3.3.40 contains a reflected cross-site scripting vulnerability.
8	8		reference:
9	9		- https://wpscan.com/vulnerability/99f4fb32-e312-4059-adaf-f4cbaa92d4fa
10	10		- https://nvd.nist.gov/vuln/detail/CVE-2021-24746
		skipped 39 lines
50	50		regex:
51	51		- '"slug":"([_a-z-A-Z0-9]+)",'
52	52
	53	+	# Enhanced by cs 2022/09/14
	54	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2021/CVE-2021-46069.yaml

		skipped 52 lines
53	53		- 'contains(body_3, "<td>\"><script>alert(document.domain)</script></td>")'
54	54		condition: and
55	55
56		-	# Enhanced by mp 09/09/2022
	56	+	# Enhanced by mp 2022/09/09
57	57

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2021/CVE-2021-46073.yaml

		skipped 52 lines
53	53		- 'contains(body_3, "<script>alert(document.domain)</script> Test</td>")'
54	54		condition: and
55	55
56		-	# Enhanced by mp 09/09/2022
	56	+	# Enhanced by mp 2022/09/09
57	57

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-0776.yaml

1	1		id: CVE-2022-0776
2	2
3	3		info:
4		-	name: RevealJS postMessage Cross-Site Scripting
	4	+	name: RevealJS postMessage <4.3.0 - Cross-Site Scripting
5	5		author: LogicalHunter
6		-	severity: medium
7		-	description: Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0.
	6	+	severity: high
	7	+	description: RevealJS postMessage before 4.3.0 contains a cross-site scripting vulnerability via the document object model.
8	8		reference:
9	9		- https://hackerone.com/reports/691977
10	10		- https://github.com/hakimel/reveal.js/pull/3137
11	11		- https://huntr.dev/bounties/be2b7ee4-f487-42e1-874a-6bcc410e4001/
	12	+	- https://nvd.nist.gov/vuln/detail/CVE-2022-0776
12	13		classification:
	14	+	cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
	15	+	cvss-score: 7.2
	16	+	cwe-id: CWE-79
13	17		cve-id: CVE-2022-0776
14	18		tags: hackerone,huntr,cve,cve2022,headless,postmessage,revealjs
15	19
		skipped 17 lines
33	37		words:
34	38		- "true"
35	39
	40	+	# Enhanced by mp on 2022/09/14
	41	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-0928.yaml

1	1		id: CVE-2022-0928
2	2
3	3		info:
4		-	name: Microweber - Cross-Site Scripting
	4	+	name: Microweber <1.2.12 - Stored Cross-Site Scripting
5	5		author: amit-jd
6	6		severity: medium
7	7		description: \|
8		-	Cross-site Scripting (XSS) discovered in microweber prior to 1.2.12. Type parameter in the body of POST request triggered by add/edit tax in microweb are vulnerable to stored XSS.
	8	+	Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability via the Type parameter in the body of POST request, which is triggered by Add/Edit Tax.
9	9		reference:
10	10		- https://huntr.dev/bounties/085aafdd-ba50-44c7-9650-fa573da29bcd
11	11		- https://github.com/microweber/microweber/commit/fc9137c031f7edec5f50d73b300919fb519c924a
		skipped 42 lines
54	54		- 'status_code==200'
55	55		condition: and
56	56
	57	+	# Enhanced by mp on 2022/09/14
	58	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-0954.yaml

1	1		id: CVE-2022-0954
2	2
3	3		info:
4		-	name: Microweber - Cross-Site Scripting
	4	+	name: Microweber <1.2.11 - Stored Cross-Site Scripting
5	5		author: amit-jd
6	6		severity: medium
7	7		description: \|
8		-	Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.
	8	+	Microweber before 1.2.1 contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Autorespond E-mail Settings, and Payment Methods.
9	9		reference:
10	10		- https://github.com/advisories/GHSA-8c76-mxv5-w4g8
11	11		- https://huntr.dev/bounties/b99517c0-37fc-4efa-ab1a-3591da7f4d26/
		skipped 44 lines
56	56		- 'status_code_3==200'
57	57		condition: and
58	58
	59	+	# Enhanced by mp on 2022/09/14
	60	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-0963.yaml

1	1		id: CVE-2022-0963
2	2
3	3		info:
4		-	name: Microweber > 1.2.12 - Cross-Site Scripting
	4	+	name: Microweber <1.2.12 - Stored Cross-Site Scripting
5	5		author: amit-jd
6	6		severity: medium
7	7		description: \|
8		-	Microweber prior to 1.2.12 allows unrestricted upload of XML files, which malicious actors can exploit to cause a stored cross-site scripting attack.
	8	+	Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,.
9	9		reference:
10	10		- https://huntr.dev/bounties/a89a4198-0880-4aa2-8439-a463f39f244c/
11	11		- https://github.com/advisories/GHSA-q3x2-jvp3-wj78
12		-	- https://nvd.nist.gov/vuln/detail/CVE-2022-0963
13	12		- https://huntr.dev/bounties/a89a4198-0880-4aa2-8439-a463f39f244c
	13	+	- https://nvd.nist.gov/vuln/detail/CVE-2022-0963
14	14		classification:
15	15		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
16	16		cvss-score: 5.4
		skipped 51 lines
68	68		- 'contains(body_2,"bytes_uploaded")'
69	69		condition: and
70	70
	71	+	# Enhanced by mp on 2022/09/14
	72	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-1221.yaml

1	1		id: CVE-2022-1221
2	2
3	3		info:
4		-	name: Gwyn's Imagemap Selector <= 0.3.3 - Cross-Site Scripting
	4	+	name: WordPress Gwyn's Imagemap Selector <=0.3.3 - Cross-Site Scripting
5	5		author: veshraj
6	6		severity: medium
7	7		description: \|
8		-	The Gwyn's Imagemap Selector Wordpresss plugin does not sanitize the id and class parameters before returning them back in attributes, leading to a Reflected Cross-Site Scripting.
	8	+	Wordpress Gwyn's Imagemap Selector plugin 0.3.3 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize the id and class parameters before returning them back in attributes.
9	9		reference:
10	10		- https://wpscan.com/vulnerability/641be9f6-2f74-4386-b16e-4b9488f0d2a9
11	11		- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1221
	12	+	- https://nvd.nist.gov/vuln/detail/CVE-2022-1221
12	13		classification:
13	14		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
14	15		cvss-score: 6.1
		skipped 26 lines
41	42		status:
42	43		- 200
43	44
	45	+	# Enhanced by md on 2022/09/12
	46	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-1439.yaml

1	1		id: CVE-2022-1439
2	2
3	3		info:
4		-	name: Microweber Cross-Site Scripting
	4	+	name: Microweber <1.2.15 - Cross-Site Scripting
5	5		author: pikpikcu
6	6		severity: medium
7		-	description: Reflected XSS in microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a paylaod that runs without user interaction.
	7	+	description: Microweber prior to 1.2.15 contains a reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
8	8		reference:
9		-	- https://nvd.nist.gov/vuln/detail/CVE-2022-1439
10	9		- https://huntr.dev/bounties/86f6a762-0f3d-443d-a676-20f8496907e0/
11	10		- https://huntr.dev/bounties/86f6a762-0f3d-443d-a676-20f8496907e0
12	11		- https://github.com/microweber/microweber/commit/ad3928f67b2cd4443f4323d858b666d35a919ba8
	12	+	- https://nvd.nist.gov/vuln/detail/CVE-2022-1439
13	13		classification:
14	14		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
15	15		cvss-score: 6.1
		skipped 21 lines
37	37		- "parent-module-id"
38	38		condition: and
39	39
	40	+	# Enhanced by md on 2022/09/12
	41	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-1597.yaml

1	1		id: CVE-2022-1597
2	2
3	3		info:
4		-	name: WPQA < 5.4 - Cross-Site Scripting
	4	+	name: WordPress WPQA <5.4 - Cross-Site Scripting
5	5		author: veshraj
6	6		severity: medium
7	7		description: \|
8		-	The plugin, used as a companion for the Discy and Himer themes,
9		-	does not sanitise and escape a parameter on its reset password
10		-	form which makes it possible to perform reflected XSS.
	8	+	WordPress WPQA plugin prior to 5.4 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter on its reset password form.
11	9		reference:
12	10		- https://wpscan.com/vulnerability/faff9484-9fc7-4300-bdad-9cd8a30a9a4e
13		-	- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1597
	11	+	- https://nvd.nist.gov/vuln/detail/CVE-2022-1597
14	12		classification:
15	13		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
16	14		cvss-score: 6.1
		skipped 45 lines
62	60		status:
63	61		- 200
64	62
	63	+	# Enhanced by mp on 2022/09/14
	64	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-1724.yaml

1	1		id: CVE-2022-1724
2	2
3	3		info:
4		-	name: Simple Membership < 4.1.1 - Cross-Site Scripting
	4	+	name: WordPress Simple Membership <4.1.1 - Cross-Site Scripting
5	5		author: Akincibor
6	6		severity: medium
7		-	description: The plugin does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting.
	7	+	description: WordPress Simple Membership plugin before 4.1.1 contains a reflected cross-site scripting vulnerability. It does not properly sanitize and escape parameters before outputting them back in AJAX actions.
8	8		reference:
9	9		- https://wpscan.com/vulnerability/96a0a667-9c4b-4ea6-b78a-0681e9a9bbae
10	10		- https://nvd.nist.gov/vuln/detail/CVE-2022-1724
		skipped 27 lines
38	38		status:
39	39		- 200
40	40
	41	+	# Enhanced by mp on 2022/09/14
	42	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-1904.yaml

1	1		id: CVE-2022-1904
2	2
3	3		info:
4		-	name: Easy Pricing Tables < 3.2.1 - Cross-Site-Scripting
	4	+	name: WordPress Easy Pricing Tables <3.2.1 - Cross-Site Scripting
5	5		author: Akincibor
6	6		severity: medium
7	7		description: \|
8		-	The plugin does not sanitize and escape parameter before reflecting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a reflected cross-site scripting.
	8	+	WordPress Easy Pricing Tables plugin before 3.2.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before reflecting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled.
9	9		reference:
10	10		- https://wpscan.com/vulnerability/92215d07-d129-49b4-a838-0de1a944c06b
11		-	- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1904
	11	+	- https://nvd.nist.gov/vuln/detail/CVE-2022-1904
12	12		classification:
13	13		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
14	14		cvss-score: 6.1
		skipped 24 lines
39	39		status:
40	40		- 200
41	41
	42	+	# Enhanced by mp on 2022/09/14
	43	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-1906.yaml

1	1		id: CVE-2022-1906
2	2
3	3		info:
4		-	name: Copyright Proof <= 4.16 - Cross-Site-Scripting
	4	+	name: WordPress Copyright Proof <=4.16 - Cross-Site-Scripting
5	5		author: random-robbie
6	6		severity: medium
7	7		description: \|
8		-	The plugin does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting when a specific setting is enabled.
	8	+	WordPress Copyright Proof plugin 4.16 and prior contains a cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users when a specific setting is enabled.
9	9		reference:
10	10		- https://wpscan.com/vulnerability/af4f459e-e60b-4384-aad9-0dc18aa3b338
11	11		- https://nvd.nist.gov/vuln/detail/CVE-2022-1906
12		-	- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1906
13	12		classification:
14	13		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
15	14		cvss-score: 6.1
		skipped 27 lines
43	42		status:
44	43		- 200
45	44
	45	+	# Enhanced by mp on 2022/09/14
	46	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-1937.yaml

1	1		id: CVE-2022-1937
2	2
3	3		info:
4		-	name: Awin Data Feed <= 1.6 - Cross-Site Scripting
	4	+	name: WordPress Awin Data Feed <=1.6 - Cross-Site Scripting
5	5		author: Akincibor,DhiyaneshDK
6	6		severity: medium
7	7		description: \|
8		-	The plugin does not sanitise and escape a parameter before outputting it back via an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting.
	8	+	WordPress Awin Data Feed plugin 1.6 and prior contains a cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back via an AJAX action, available to both unauthenticated and authenticated users.
9	9		reference:
10	10		- https://wpscan.com/vulnerability/eb40ea5d-a463-4947-9a40-d55911ff50e9
11	11		- https://nvd.nist.gov/vuln/detail/CVE-2022-1937
		skipped 29 lines
41	41		- contains(body_2, 'colspan=\"2\"><script>alert(document.domain)</script></th>')
42	42		condition: and
43	43
	44	+	# Enhanced by mp on 2022/09/14
	45	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-1946.yaml

1	1		id: CVE-2022-1946
2	2
3	3		info:
4		-	name: Gallery < 2.0.0 - Cross-Site Scripting
	4	+	name: WordPress Gallery <2.0.0 - Cross-Site Scripting
5	5		author: Akincibor
6	6		severity: medium
7		-	description: The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue.
	7	+	description: WordPress Gallery plugin before 2.0.0 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the response of an AJAX action, available to both unauthenticated and authenticated users.
8	8		reference:
9	9		- https://wpscan.com/vulnerability/0903920c-be2e-4515-901f-87253eb30940
10	10		- https://wordpress.org/plugins/gallery-album
11		-	- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1946
	11	+	- https://nvd.nist.gov/vuln/detail/CVE-2022-1946
12	12		classification:
13	13		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
14	14		cvss-score: 6.1
		skipped 25 lines
40	40		status:
41	41		- 200
42	42
	43	+	# Enhanced by mp on 2022/09/14
	44	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-2187.yaml

1	1		id: CVE-2022-2187
2	2
3	3		info:
4		-	name: Contact Form 7 Captcha < 0.1.2 - Cross-Site Scripting
	4	+	name: WordPress Contact Form 7 Captcha <0.1.2 - Cross-Site Scripting
5	5		author: For3stCo1d
6	6		severity: medium
7	7		description: \|
8		-	The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
	8	+	WordPress Contact Form 7 Captcha plugin before 0.1.2 contains a reflected cross-site scripting vulnerability. It does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute.
9	9		reference:
10	10		- https://wpscan.com/vulnerability/4fd2f1ef-39c6-4425-8b4d-1a332dabac8d
11	11		- https://wordpress.org/plugins/contact-form-7-simple-recaptcha
12		-	- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2187
	12	+	- https://nvd.nist.gov/vuln/detail/CVE-2022-2187
13	13		classification:
14	14		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
15	15		cvss-score: 6.1
		skipped 24 lines
40	40		status:
41	41		- 200
42	42
	43	+	# Enhanced by mp on 2022/09/14
	44	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-2290.yaml

1	1		id: CVE-2022-2290
2	2
3	3		info:
4		-	name: Trilium - Cross-Site Scripting
	4	+	name: Trilium <0.52.4 - Cross-Site Scripting
5	5		author: dbrwsky
6	6		severity: medium
7		-	description: Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/trilium prior to 0.52.4, 0.53.1-beta.
	7	+	description: Trilium prior to 0.52.4, 0.53.1-beta contains a cross-site scripting vulnerability which can allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
8	8		reference:
9	9		- https://huntr.dev/bounties/367c5c8d-ad6f-46be-8503-06648ecf09cf/
10	10		- https://github.com/zadam/trilium
11		-	- https://nvd.nist.gov/vuln/detail/CVE-2022-2290
12	11		- https://github.com/zadam/trilium/commit/3faae63b849a1fabc31b823bb7af3a84d32256a7
	12	+	- https://nvd.nist.gov/vuln/detail/CVE-2022-2290
13	13		classification:
14	14		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
15	15		cvss-score: 6.1
		skipped 31 lines
47	47		status:
48	48		- 404
49	49
	50	+	# Enhanced by mp on 2022/09/14
	51	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-2383.yaml

1	1		id: CVE-2022-2383
2	2
3	3		info:
4		-	name: Feed Them Social < 3.0.1 - Cross-Site Scripting
	4	+	name: WordPress Feed Them Social <3.0.1 - Cross-Site Scripting
5	5		author: akincibor
6	6		severity: medium
7	7		description: \|
8		-	The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
	8	+	WordPress Feed Them Social plugin before 3.0.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the page.
9	9		reference:
10	10		- https://wpscan.com/vulnerability/4a3b3023-e740-411c-a77c-6477b80d7531
11	11		- https://wordpress.org/plugins/feed-them-social/
12		-	- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2383
13	12		- https://nvd.nist.gov/vuln/detail/CVE-2022-2383
14	13		classification:
15	14		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
		skipped 25 lines
41	40		status:
42	41		- 200
43	42
	43	+	# Enhanced by mp on 2022/09/14
	44	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-24181.yaml

1	1		id: CVE-2022-24181
2	2
3	3		info:
4		-	name: PKP Open Journals System 3.3 - Cross-Site Scripting
	4	+	name: PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting
5	5		author: lucasljm2001,ekrause
6	6		severity: medium
7	7		description: \|
8		-	Detects an XSS vulnerability in Open Journals System.
	8	+	PKP Open Journal Systems 2.4.8 to 3.3 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary code via the X-Forwarded-Host Header.
9	9		reference:
10	10		- https://www.exploit-db.com/exploits/50881
11	11		- https://github.com/pkp/pkp-lib/issues/7649
12	12		- https://youtu.be/v8-9evO2oVg
13		-	- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-24181
14	13		- https://nvd.nist.gov/vuln/detail/cve-2022-24181
15	14		classification:
16	15		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
17	16		cvss-score: 6.1
18	17		cve-id: CVE-2022-24181
	18	+	cwe-id: CWE-79
19	19		metadata:
20		-	verified: true
	20	+	verified: "true"
21	21		tags: cve,cve2022,xss,oss,pkp-lib,edb
22	22
23	23		requests:
		skipped 19 lines
43	43		status:
44	44		- 200
45	45
	46	+	# Enhanced by mp on 2022/09/14
	47	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-24681.yaml

1	1		id: CVE-2022-24681
2	2
3	3		info:
4		-	name: ManageEngine ADSelfService - Stored Cross-Site Scripting
	4	+	name: ManageEngine ADSelfService Plus <6121 - Stored Cross-Site Scripting
5	5		author: Open-Sec
6	6		severity: medium
7	7		description: \|
8		-	Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.
	8	+	ManageEngine ADSelfService Plus before 6121 contains a stored cross-site scripting vulnerability via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screens.
9	9		reference:
10	10		- https://raxis.com/blog/cve-2022-24681
11		-	- https://nvd.nist.gov/vuln/detail/CVE-2022-24681
12	11		- https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-24681.html
13	12		- https://manageengine.com
	13	+	- https://nvd.nist.gov/vuln/detail/CVE-2022-24681
14	14		classification:
15	15		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
16	16		cvss-score: 6.1
		skipped 31 lines
48	48		status:
49	49		- 200
50	50
	51	+	# Enhanced by mp on 2022/09/14
	52	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-24899.yaml

1	1		id: CVE-2022-24899
2	2
3	3		info:
4		-	name: Contao 4.13.2 - Cross-Site Scripting
	4	+	name: Contao <4.13.3 - Cross-Site Scripting
5	5		author: ritikchaddha
6	6		severity: medium
7	7		description: \|
8		-	Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings.
	8	+	Contao prior to 4.13.3 contains a cross-site scripting vulnerability. It is possible to inject arbitrary JavaScript code into the canonical tag.
9	9		reference:
10	10		- https://huntr.dev/bounties/df46e285-1b7f-403c-8f6c-8819e42deb80/
11	11		- https://github.com/contao/contao/security/advisories/GHSA-m8x6-6r63-qvj2
12	12		- https://nvd.nist.gov/vuln/detail/CVE-2022-24899
	13	+	remediation: As a workaround, users may disable canonical tags in the root page settings.
13	14		classification:
14	15		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
15	16		cvss-score: 6.1
		skipped 22 lines
38	39		words:
39	40		- text/html
40	41
	42	+	# Enhanced by mp on 2022/09/14
	43	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-28363.yaml

		skipped 4 lines
5	5		author: Akincibor
6	6		severity: medium
7	7		description: \|
8		-	Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process "username" parameter via GET. No authentication is required.
	8	+	Reprise License Manager 14.2 contains a reflected cross-site scripting vulnerability in the /goform/login_process 'username' parameter via GET, whereby no authentication is required.
9	9		reference:
10		-	- https://nvd.nist.gov/vuln/detail/CVE-2022-28363
11	10		- https://www.reprisesoftware.com/products/software-license-management.php
12	11		- https://github.com/advisories/GHSA-rpvc-qgrm-r54f
13	12		- http://packetstormsecurity.com/files/166647/Reprise-License-Manager-14.2-Cross-Site-Scripting-Information-Disclosure.html
	13	+	- https://nvd.nist.gov/vuln/detail/CVE-2022-28363
14	14		classification:
15	15		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
16	16		cvss-score: 6.1
		skipped 24 lines
41	41		words:
42	42		- "text/html"
43	43
	44	+	# Enhanced by mp on 2022/09/14
	45	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-29004.yaml

1	1		id: CVE-2022-29004
2	2
3	3		info:
4		-	name: Diary Management System v1.0 - Cross-Site scripting
	4	+	name: Diary Management System 1.0 - Cross-Site Scripting
5	5		author: TenBird
6	6		severity: medium
7	7		description: \|
8		-	Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php.
	8	+	Diary Management System 1.0 contains a cross-site scripting vulnerability via the Name parameter in search-result.php.
9	9		reference:
10	10		- https://github.com/sudoninja-noob/CVE-2022-29004/blob/main/CVE-2022-29004.txt
11	11		- https://phpgurukul.com/e-diary-management-system-using-php-and-mysql/
12		-	- https://nvd.nist.gov/vuln/detail/CVE-2022-29004
13	12		- http://phpgurukul.com
	13	+	- https://nvd.nist.gov/vuln/detail/CVE-2022-29004
14	14		classification:
15	15		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
16	16		cvss-score: 6.1
		skipped 35 lines
52	52		status:
53	53		- 200
54	54
	55	+	# Enhanced by mp on 2022/09/14
	56	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-29005.yaml

1	1		id: CVE-2022-29005
2	2		info:
3		-	name: Online Birth Certificate System V1.2 - Stored Cross-Site scripting
	3	+	name: Online Birth Certificate System 1.2 - Stored Cross-Site Scripting
4	4		author: TenBird
5	5		severity: medium
6	6		description: \|
7		-	Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters.
	7	+	Online Birth Certificate System 1.2 contains multiple stored cross-site scripting vulnerabilities in the component /obcs/user/profile.php, which allows an attacker to execute arbitrary web script or HTML via a crafted payload injected into the fname or lname parameters.
8	8		reference:
9	9		- https://github.com/sudoninja-noob/CVE-2022-29005/blob/main/CVE-2022-29005.txt
10	10		- https://phpgurukul.com/online-birth-certificate-system-using-php-and-mysql/
		skipped 38 lines
49	49		- contains(body_3, 'admin-name\">nuclei<script>alert(document.domain);</script>')
50	50		condition: and
51	51
	52	+	# Enhanced by mp on 2022/09/14
	53	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-29349.yaml

1	1		id: CVE-2022-29349
2	2
3	3		info:
4		-	name: kkFileView v4.0.0 - Cross-Site Scripting
	4	+	name: kkFileView 4.0.0 - Cross-Site Scripting
5	5		author: arafatansari
6	6		severity: medium
7	7		description: \|
8		-	kkFileView v4.0.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.
	8	+	kkFileView 4.0.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.
9	9		reference:
10	10		- https://github.com/kekingcn/kkFileView/issues/347
11	11		- https://nvd.nist.gov/vuln/detail/CVE-2022-29349
		skipped 27 lines
39	39		status:
40	40		- 200
41	41
	42	+	# Enhanced by mp on 2022/09/14
	43	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-29455.yaml

1	1		id: CVE-2022-29455
2	2
3	3		info:
4		-	name: Wordpress Elementor <= 3.5.5 - DOM-based Cross-Site Scripting
	4	+	name: WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting
5	5		author: rotembar,daffainfo
6	6		severity: medium
7	7		description: \|
8		-	DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions.
	8	+	WordPress Elementor Website Builder plugin 3.5.5 and prior contains a reflected cross-site scripting vulnerability via the document object model.
9	9		reference:
10		-	- https://nvd.nist.gov/vuln/detail/CVE-2022-29455
11	10		- https://rotem-bar.com/hacking-65-million-websites-greater-cve-2022-29455-elementor
12	11		- https://www.rotem-bar.com/elementor
13	12		- https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-5-5-unauthenticated-dom-based-reflected-cross-site-scripting-xss-vulnerability
	13	+	- https://nvd.nist.gov/vuln/detail/CVE-2022-29455
14	14		classification:
15	15		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
16	16		cvss-score: 6.1
		skipped 36 lines
53	53		regex:
54	54		- "(?m)Stable tag: ([0-9.]+)"
55	55
	56	+	# Enhanced by mp on 2022/09/14
	57	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-29548.yaml

1	1		id: CVE-2022-29548
2	2
3	3		info:
4		-	name: WSO2 Management Console - Cross-Site Scripting
	4	+	name: WSO2 - Cross-Site Scripting
5	5		author: edoardottt
6	6		severity: medium
7	7		description: \|
8		-	A reflected XSS issue exists in the Management Console of several WSO2 products.
	8	+	WSO2 contains a reflected cross-site scripting vulnerability in the Management Console of API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0.
9	9		reference:
10		-	- https://nvd.nist.gov/vuln/detail/CVE-2022-29548
11		-	- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29548
12	10		- https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1603
	11	+	- https://nvd.nist.gov/vuln/detail/CVE-2022-29548
	12	+	- http://packetstormsecurity.com/files/167587/WSO2-Management-Console-Cross-Site-Scripting.html
13	13		classification:
14	14		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
15	15		cvss-score: 6.1
		skipped 25 lines
41	41		status:
42	42		- 200
43	43
	44	+	# Enhanced by mp on 2022/09/14
	45	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-30073.yaml

1	1		id: CVE-2022-30073
2	2
3	3		info:
4		-	name: WBCE CMS v1.5.2 XSS Stored
	4	+	name: WBCE CMS 1.5.2 - Cross-Site Scripting
5	5		author: arafatansari
6	6		severity: medium
7	7		description: \|
8		-	WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\user\save.php Display Name parameters.
	8	+	WBCE CMS 1.5.2 contains a stored cross-site scripting vulnerability via \admin\user\save.php Display Name parameters.
9	9		reference:
10	10		- https://github.com/APTX-4879/CVE
11		-	- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30073
12	11		- https://github.com/APTX-4879/CVE/blob/main/CVE-2022-30073.pdf
	12	+	- https://nvd.nist.gov/vuln/detail/CVE-2022-30073
13	13		classification:
14	14		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
15	15		cvss-score: 5.4
		skipped 55 lines
71	71		status:
72	72		- 200
73	73
	74	+	# Enhanced by mp on 2022/09/14
	75	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-30489.yaml

1	1		id: CVE-2022-30489
2	2
3	3		info:
4		-	name: Wavlink Wn535g3 - POST Cross-Site Scripting
	4	+	name: Wavlink WN-535G3 - Cross-Site Scripting
5	5		author: For3stCo1d
6	6		severity: medium
7	7		description: \|
8		-	WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.
	8	+	Wavlink WN-535G3 contains a POST cross-site scripting vulnerability via the hostname parameter at /cgi-bin/login.cgi.
9	9		reference:
10	10		- https://github.com/badboycxcc/XSS-CVE-2022-30489
	11	+	- https://github.com/badboycxcc/XSS
11	12		- https://nvd.nist.gov/vuln/detail/CVE-2022-30489
12		-	- https://github.com/badboycxcc/XSS
13	13		classification:
14	14		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
15	15		cvss-score: 6.1
		skipped 30 lines
46	46		status:
47	47		- 200
48	48
	49	+	# Enhanced by mp on 2022/09/14
	50	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-30776.yaml

1	1		id: CVE-2022-30776
2	2
3	3		info:
4		-	name: Atmail - Cross-Site Scripting
	4	+	name: Atmail 6.5.0 - Cross-Site Scripting
5	5		author: 3th1c_yuk1
6	6		severity: medium
7	7		description: \|
8		-	atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter.
	8	+	Atmail 6.5.0 contains a cross-site scripting vulnerability via the index.php/admin/index/ 'error' parameter.
9	9		reference:
10	10		- https://medium.com/@bhattronit96/cve-2022-30776-cd34f977c2b9
11	11		- https://www.atmail.com/
12		-	- https://nvd.nist.gov/vuln/detail/CVE-2022-30776
13	12		- https://help.atmail.com/hc/en-us/sections/115003283988
	13	+	- https://nvd.nist.gov/vuln/detail/CVE-2022-30776
14	14		classification:
15	15		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
16	16		cvss-score: 6.1
		skipped 25 lines
42	42		status:
43	43		- 200
44	44
	45	+	# Enhanced by mp on 2022/09/14
	46	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-30777.yaml

1	1		id: CVE-2022-30777
2	2
3	3		info:
4		-	name: Parallels H-Sphere - Cross-Site Scripting
	4	+	name: Parallels H-Sphere 3.6.1713 - Cross-Site Scripting
5	5		author: 3th1c_yuk1
6	6		severity: medium
7	7		description: \|
8		-	Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter.
	8	+	Parallels H-Sphere 3.6.1713 contains a cross-site scripting vulnerability via the index_en.php 'from' parameter.
9	9		reference:
10	10		- https://medium.com/@bhattronit96/cve-2022-30777-45725763ab59
	11	+	- https://en.wikipedia.org/wiki/H-Sphere
11	12		- https://nvd.nist.gov/vuln/detail/CVE-2022-30777
12		-	- https://en.wikipedia.org/wiki/H-Sphere
13	13		classification:
14	14		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
15	15		cvss-score: 6.1
		skipped 27 lines
43	43		status:
44	44		- 200
45	45
	46	+	# Enhanced by mp on 2022/09/14
	47	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-31373.yaml

		skipped 4 lines
5	5		author: ritikchaddha
6	6		severity: medium
7	7		description: \|
8		-	SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php.
	8	+	SolarView Compact 6.00 contains a cross-site scripting vulnerability via the Solar_AiConf.php component.
9	9		reference:
10	10		- https://github.com/badboycxcc/SolarView_Compact_6.0_xss
11	11		- https://nvd.nist.gov/vuln/detail/CVE-2022-31373
		skipped 28 lines
40	40		status:
41	41		- 200
42	42
	43	+	# Enhanced by mp on 2022/09/14
	44	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-31474.yaml

1	1		id: CVE-2022-31474
2	2
3	3		info:
4		-	name: BackupBuddy Arbitrary File Read
	4	+	name: BackupBuddy - Local File Inclusion
5	5		author: aringo
6	6		severity: high
7		-	description: BackupBuddy versions 8.5.8.0 through 8.7.4.1 are vulnerable to arbitrary file read
	7	+	description: BackupBuddy versions 8.5.8.0 - 8.7.4.1 are vulnerable to a local file inclusion vulnerability via the 'download' and 'local-destination-id' parameters.
8	8		reference:
9	9		- https://www.wordfence.com/blog/2022/09/psa-nearly-5-million-attacks-blocked-targeting-0-day-in-backupbuddy-plugin/
10	10		- https://ithemes.com/blog/wordpress-vulnerability-report-special-edition-september-6-2022-backupbuddy
11	11		- https://ithemes.com/backupbuddy/
12	12		- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31474
13		-	remediation: Developers should immediately upgrade to at least version 8.7.5 or higher
	13	+	remediation: Upgrade to at least version 8.7.5 or higher
	14	+	classification:
	15	+	cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
	16	+	cvss-score: 7.5
	17	+	cwe-id: CWE-22
	18	+	cve-id: CVE-2022-31474
14	19		tags: cve,cve2022,wordpress,wp-plugin,wp,lfi,backupbuddy
15	20
16	21		requests:
		skipped 12 lines
29	34		status:
30	35		- 200
31	36
	37	+	# Enhanced by cs 2022/09/14
	38	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-32195.yaml

1	1		id: CVE-2022-32195
2	2
3	3		info:
4		-	name: Open edX - Cross-Site Scripting
	4	+	name: Open edX <2022-06-06 - Cross-Site Scripting
5	5		author: arafatansari
6	6		severity: medium
7	7		description: \|
8		-	Open edX platform before 2022-06-06 allows Reflected Cross-site Scripting via the "next" parameter in the logout URL.
	8	+	Open edX before 2022-06-06 contains a reflected cross-site scripting vulnerability via the 'next' parameter in the logout URL.
9	9		reference:
10	10		- https://discuss.openedx.org/t/security-patch-for-logout-page-xss-vulnerability/7408
	11	+	- https://github.com/edx
11	12		- https://nvd.nist.gov/vuln/detail/CVE-2022-32195
12		-	- https://github.com/edx
13	13		classification:
14	14		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
15	15		cvss-score: 6.1
		skipped 26 lines
42	42		status:
43	43		- 200
44	44
	45	+	# Enhanced by mp on 2022/09/14
	46	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-32770.yaml

		skipped 4 lines
5	5		author: arafatansari
6	6		severity: medium
7	7		description: \|
8		-	A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 via "toast" parameter which is inserted into the document with insufficient sanitization.
	8	+	WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'toast' parameter, which is inserted into the document with insufficient sanitization.
9	9		reference:
10	10		- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1538
11		-	- https://nvd.nist.gov/vuln/detail/CVE-2022-32770
12	11		- https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql
	12	+	- https://nvd.nist.gov/vuln/detail/CVE-2022-32770
13	13		classification:
14	14		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
15	15		cvss-score: 6.1
		skipped 25 lines
41	41		status:
42	42		- 200
43	43
	44	+	# Enhanced by mp on 2022/09/14
	45	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-32771.yaml

		skipped 4 lines
5	5		author: arafatansari
6	6		severity: medium
7	7		description: \|
8		-	A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 via "success" parameter which is inserted into the document with insufficient sanitization.
	8	+	WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'success' parameter, which is inserted into the document with insufficient sanitization.
9	9		reference:
10	10		- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1538
11		-	- https://nvd.nist.gov/vuln/detail/CVE-2022-32771
12	11		- https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql
	12	+	- https://nvd.nist.gov/vuln/detail/CVE-2022-32771
13	13		classification:
14	14		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
15	15		cvss-score: 6.1
		skipped 27 lines
43	43		status:
44	44		- 200
45	45
	46	+	# Enhanced by mp on 2022/09/14
	47	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-32772.yaml

		skipped 4 lines
5	5		author: arafatansari
6	6		severity: medium
7	7		description: \|
8		-	A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 via "msg" parameter which is inserted into the document with insufficient sanitization.
	8	+	WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'msg' parameter, which is inserted into the document with insufficient sanitization.
9	9		reference:
10	10		- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1538
11		-	- https://nvd.nist.gov/vuln/detail/CVE-2022-32772
12	11		- https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql
	12	+	- https://nvd.nist.gov/vuln/detail/CVE-2022-32772
13	13		classification:
14	14		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
15	15		cvss-score: 6.1
		skipped 25 lines
41	41		status:
42	42		- 200
43	43
	44	+	# Enhanced by mp on 2022/09/14
	45	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-33119.yaml

1	1		id: CVE-2022-33119
2	2
3	3		info:
4		-	name: NVRsolo v03.06.02 - Cross-Site Scripting
	4	+	name: NUUO NVRsolo Video Recorder 03.06.02 - Cross-Site Scripting
5	5		author: arafatansari
6	6		severity: medium
7	7		description: \|
8		-	NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php.
	8	+	NUUO NVRsolo Video Recorder 03.06.02 contains a reflected cross-site scripting vulnerability via login.php.
9	9		reference:
10	10		- https://github.com/badboycxcc/nuuo-xss/blob/main/README.md
11	11		- https://nvd.nist.gov/vuln/detail/CVE-2022-33119
		skipped 25 lines
37	37		- contains(body,'<script>alert(document.domain)</script><\"?cmd=')
38	38		condition: and
39	39
	40	+	# Enhanced by mp on 2022/09/14
	41	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-34048.yaml

1	1		id: CVE-2022-34048
2	2
3	3		info:
4		-	name: Wavlink WN533A8 - Cross-Site Scripting
	4	+	name: Wavlink WN-533A8 - Cross-Site Scripting
5	5		author: ritikchaddha
6	6		severity: medium
7	7		description: \|
8		-	Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page parameter.
	8	+	Wavlink WN-533A8 M33A8.V5030.190716 contains a reflected cross-site scripting vulnerability via the login_page parameter.
9	9		reference:
10	10		- https://www.exploit-db.com/exploits/50989
11		-	- https://nvd.nist.gov/vuln/detail/CVE-2022-34048
12	11		- https://drive.google.com/file/d/1xznFhH3w3TDN2RCdX62_ebylR4yaKmzf/view?usp=sharing
13	12		- https://drive.google.com/file/d/1NI3-k3AGIsSe2zjeigl1GVyU1VpG1SV3/view?usp=sharing
	13	+	- https://nvd.nist.gov/vuln/detail/CVE-2022-34048
14	14		classification:
15	15		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
16	16		cvss-score: 6.1
		skipped 28 lines
45	45		status:
46	46		- 200
47	47
	48	+	# Enhanced by mp on 2022/09/14
	49	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-34328.yaml

		skipped 4 lines
5	5		author: edoardottt
6	6		severity: medium
7	7		description: \|
8		-	PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php.
	8	+	PMB 7.3.10 contains a reflected cross-site scripting vulnerability via the id parameter in an lvl=author_see request to index.php.
9	9		reference:
10	10		- https://github.com/jenaye/PMB/blob/main/README.md
11		-	- https://nvd.nist.gov/vuln/detail/CVE-2022-34328
12	11		- https://github.com/jenaye/PMB
	12	+	- https://nvd.nist.gov/vuln/detail/CVE-2022-34328
13	13		classification:
14	14		cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
15	15		cvss-score: 6.1
		skipped 25 lines
41	41		status:
42	42		- 200
43	43
	44	+	# Enhanced by mp on 2022/09/14
	45	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-35151.yaml

1	1		id: CVE-2022-35151
2	2
3	3		info:
4		-	name: kkFileView v4.1.0 - Cross-Site Scripting
	4	+	name: kkFileView 4.1.0 - Cross-Site Scripting
5	5		author: arafatansari
6	6		severity: medium
7	7		description: \|
8		-	kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.
	8	+	kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.
9	9		reference:
10	10		- https://github.com/kekingcn/kkFileView/issues/366
11	11		- https://nvd.nist.gov/vuln/detail/CVE-2022-35151
		skipped 31 lines
43	43		status:
44	44		- 200
45	45
	46	+	# Enhanced by mp on 2022/09/14
	47	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-35413.yaml

		skipped 9 lines
10	10		- https://medium.com/@_sadshade/wapples-web-application-firewall-multiple-vulnerabilities-35bdee52c8fb
11	11		- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35413
12	12		- https://azuremarketplace.microsoft.com/en/marketplace/apps/penta-security-systems-inc.wapples_sa_v6?tab=Overview
	13	+	classification:
	14	+	cve-id: CVE-2022-35413
13	15		metadata:
14	16		shodan-query: http.title:"Intelligent WAPPLES"
15	17		verified: "true"
		skipped 36 lines

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-35416.yaml

1	1		id: CVE-2022-35416
2	2
3	3		info:
4		-	name: H3C SSL VPN through 2022-07-10 - Cookie Based Cross-Site Scripting
	4	+	name: H3C SSL VPN <=2022-07-10 - Cross-Site Scripting
5	5		author: 0x240x23elu
6	6		severity: medium
7	7		description: \|
8		-	H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS.
	8	+	H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang.
9	9		reference:
10	10		- https://github.com/advisories/GHSA-9x76-78gc-r3m9
11	11		- https://github.com/Docker-droid/H3C_SSL_VPN_XSS
		skipped 31 lines
43	43		status:
44	44		- 200
45	45
	46	+	# Enhanced by mp on 2022/09/14
	47	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-35493.yaml

1	1		id: CVE-2022-35493
2	2
3	3		info:
4		-	name: eShop - Cross-Site Scripting
	4	+	name: eShop 3.0.4 - Cross-Site Scripting
5	5		author: arafatansari
6	6		severity: medium
7	7		description: \|
8		-	eShop - Multipurpose Ecommerce Store Website v3.0.4 allows Reflected Cross-site scripting vulnerability in json search parse and the json response in wrteam.in.
	8	+	eShop 3.0.4 contains a reflected cross-site scripting vulnerability in json search parse and json response in wrteam.in.
9	9		reference:
10	10		- https://github.com/Keyvanhardani/Exploit-eShop-Multipurpose-Ecommerce-Store-Website-3.0.4-Cross-Site-Scripting-XSS/blob/main/README.md
11	11		- https://nvd.nist.gov/vuln/detail/CVE-2022-35493
		skipped 27 lines
39	39		status:
40	40		- 200
41	41
	42	+	# Enhanced by mp on 2022/09/14
	43	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-37153.yaml

1	1		id: CVE-2022-37153
2	2
3	3		info:
4		-	name: Artica Proxy - Cross-Site Scripting
	4	+	name: Artica Proxy 4.30.000000 - Cross-Site Scripting
5	5		author: arafatansari
6	6		severity: medium
7	7		description: \|
8		-	An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php.
	8	+	Artica Proxy 4.30.000000 contains a cross-site scripting vulnerability via the password parameter in /fw.login.php.
9	9		reference:
10	10		- https://github.com/Fjowel/CVE-2022-37153
11	11		- https://nvd.nist.gov/vuln/detail/CVE-2022-37153
		skipped 34 lines
46	46		status:
47	47		- 200
48	48
	49	+	# Enhanced by mp on 2022/09/14
	50	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-38463.yaml

		skipped 4 lines
5	5		author: amanrawat
6	6		severity: medium
7	7		description: \|
8		-	There exists a reflected XSS within the logout functionality of ServiceNow. This enables an unauthenticated remote attacker to execute arbitrary JavaScript.
	8	+	ServiceNow through San Diego Patch 4b and Patch 6 contains a cross-site scripting vulnerability in the logout functionality, which can enable an unauthenticated remote attacker to execute arbitrary JavaScript.
9	9		reference:
10	10		- https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1156793
11	11		- https://nvd.nist.gov/vuln/detail/CVE-2022-38463
		skipped 27 lines
39	39		status:
40	40		- 200
41	41
	42	+	# Enhanced by mp on 2022/09/14
	43	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/cves/2022/CVE-2022-38637.yaml

		skipped 2 lines
3	3		info:
4	4		name: Hospital Management System v1.0 - SQL Injection
5	5		author: arafatansari
6		-	severity: high
	6	+	severity: critical
7	7		description: \|
8	8		Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in /HMS/user-login.php.
9	9		reference:
		skipped 1 lines
11	11		- https://nvd.nist.gov/vuln/detail/CVE-2022-38637
12	12		- https://owasp.org/www-community/attacks/SQL_Injection
13	13		classification:
	14	+	cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
	15	+	cvss-score: 9.8
14	16		cve-id: CVE-2022-38637
	17	+	cwe-id: CWE-89
15	18		metadata:
16	19		shodan-query: http.html:"Hospital Management System"
17	20		verified: "true"
		skipped 27 lines

■ ■ ■ ■ ■ ■

config/nuclei-templates/default-logins/apache/tomcat-examples-login.yaml

1	1		id: tomcat-examples-login
2	2
3	3		info:
4		-	name: Tomcat Examples Default Login
	4	+	name: Apache Tomcat - Default Login Discovery
5	5		author: 0xelkomy & C0NQR0R
6	6		severity: info
7		-	description: Default Creds and there is XSS here, /examples/jsp/security/protected/index.jsp?dataName=%22%3E%3Cimg+src%3Dd+onerror%3Dalert%28document.cookie%29%3E&dataValue= after you login you will be able to get it.
	7	+	description: Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 default login credentials were successful.
8	8		reference:
9	9		- https://c0nqr0r.github.io/CVE-2022-34305/
10	10		metadata:
11	11		verified: true
	12	+	classification:
	13	+	cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
	14	+	cvss-score: 0.0
	15	+	cwe-id: CWE-200
12	16		tags: default-login,tomcat
13	17
14	18		requests:
		skipped 28 lines
43	47		- "{{username}}"
44	48		condition: and
45	49
	50	+	# Enhanced by mp on 2022/09/14
	51	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/exposed-panels/phpldap-admin.yaml

1	+	id: phpldap-admin
2	+
3	+	info:
4	+	name: phpLDAPAdmin Login
5	+	author: DhiyaneshDk
6	+	severity: info
7	+	reference:
8	+	- https://www.facebook.com/ExWareLabs/photos/a.361854183878462/5601756213221540/
9	+	metadata:
10	+	verified: true
11	+	shodan-query: title:"phpLDAPAdmin"
12	+	tags: panel,php,phpldap
13	+
14	+	requests:
15	+	- method: GET
16	+	path:
17	+	- '{{BaseURL}}'
18	+
19	+	matchers-condition: and
20	+	matchers:
21	+	- type: word
22	+	part: body
23	+	words:
24	+	- '<title>phpLDAPadmin'
25	+
26	+	- type: status
27	+	status:
28	+	- 200
29	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/exposures/configs/magento-config-disclosure.yaml

		skipped 39 lines
40	40		- 200
41	41
42	42		extractors:
43		-	- type: regex
	43	+	- type: xpath
44	44		part: body
45		-	group: 1
46		-	regex:
47		-	- "<host><!\\[CDATA\\[(.+)\\]\\]><\\/host>"
48		-	- "<username><!\\[CDATA\\[(.+)\\]\\]><\\/username>"
49		-	- "<password><!\\[CDATA\\[(.+)\\]\\]><\\/password>"
50		-	- "<dbname><!\\[CDATA\\[(.+)\\]\\]><\\/dbname>"
	45	+	xpath:
	46	+	- "/config/global/resources/default_setup/connection/host"
	47	+	- "/config/global/resources/default_setup/connection/username"
	48	+	- "/config/global/resources/default_setup/connection/password"
	49	+	- "/config/global/resources/default_setup/connection/dbname"
51	50

■ ■ ■ ■ ■ ■

config/nuclei-templates/exposures/files/atom-sync-remote.yaml

1	+	id: atom-sync-remote
2	+
3	+	info:
4	+	name: Atom Synchronization Exposure
5	+	author: geeknik
6	+	severity: high
7	+	description: \|
8	+	It discloses username and password created by remote-sync for Atom, contains FTP and/or SCP/SFTP/SSH server details and credentials
9	+	metadata:
10	+	verified: true
11	+	tags: atom,exposure,config
12	+
13	+	requests:
14	+	- method: GET
15	+	path:
16	+	- "{{BaseURL}}/.remote-sync.json"
17	+
18	+	matchers-condition: and
19	+	matchers:
20	+	- type: word
21	+	part: body
22	+	words:
23	+	- '"hostname":'
24	+	- '"username":'
25	+	condition: and
26	+
27	+	- type: word
28	+	part: body
29	+	words:
30	+	- "passphrase"
31	+	- "password"
32	+	condition: or
33	+
34	+	- type: word
35	+	part: header
36	+	words:
37	+	- "application/json"
38	+
39	+	- type: status
40	+	status:
41	+	- 200
42	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/file/xss/dom-xss.yaml

1	1		id: dom-xss
2	2
3	3		info:
4		-	name: DOM XSS Sources & Sinks
	4	+	name: DOM Invader - Cross-Site Scripting
5	5		author: geeknik
6		-	severity: info
	6	+	severity: high
	7	+	description: DOM Invader contains a cross-site scripting vulnerability in Sources & Sinks functionality.
7	8		reference:
8	9		- Inspired by https://portswigger.net/blog/introducing-dom-invader
	10	+	classification:
	11	+	cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
	12	+	cvss-score: 7.2
	13	+	cwe-id: CWE-79
9	14		tags: xss,file
10	15
11	16		file:
		skipped 33 lines
45	50		- 'window\.name'
46	51		- 'document(\.URL\|\.referrer\|\.documentURI\|\.baseURI\|\.cookie)'
47	52
	53	+	# Enhanced by mp on 2022/09/14
	54	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/headless/screenshot.yaml

		skipped 7 lines
8	8		tags: headless,screenshot
9	9
10	10		variables:
11		-	file: "{{Hostname}}"
	11	+	file: "{{url_encode(BaseURL)}}"
12	12
13	13		headless:
14	14		- steps:
		skipped 16 lines

■ ■ ■ ■ ■ ■

config/nuclei-templates/headless/window-name-domxss.yaml

		skipped 2 lines
3	3		info:
4	4		name: window.name - DOM Cross-Site Scripting
5	5		author: pdteam
6		-	severity: medium
	6	+	severity: high
	7	+	description: The window-name is vulnerable to DOM based cross-site scripting.
7	8		reference:
8	9		- https://public-firing-range.appspot.com/dom/index.html
	10	+	classification:
	11	+	cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
	12	+	cvss-score: 7.2
	13	+	cwe-id: CWE-79
9	14		tags: headless,xss,domxss
10	15
11	16		headless:
		skipped 76 lines
88	93		kval:
89	94		- alerts
90	95
	96	+	# Enhanced by mp on 2022/09/14
	97	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/misconfiguration/aem/aem-setpreferences-xss.yaml

1	1		id: aem-setpreferences-xss
2	2
3	3		info:
4		-	name: AEM setPreferences - Cross-Site Scripting
	4	+	name: Adobe Experience Manager - Cross-Site Scripting
5	5		author: zinminphy0,dhiyaneshDK
6		-	severity: medium
	6	+	severity: high
	7	+	description: Adobe Experience Manager contains a cross-site scripting vulnerability via setPreferences.
7	8		reference:
8	9		- https://www.youtube.com/watch?v=VwLSUHNhrOw&t=142s
9	10		- https://github.com/projectdiscovery/nuclei-templates/issues/3225
10	11		- https://twitter.com/zin_min_phyo/status/1465394815042916352
	12	+	classification:
	13	+	cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
	14	+	cvss-score: 7.2
	15	+	cwe-id: CWE-79
11	16		metadata:
12	17		shodan-query: http.component:"Adobe Experience Manager"
13	18		tags: aem,xss
		skipped 17 lines
31	36		status:
32	37		- 400
33	38
	39	+	# Enhanced by mp on 2022/09/15
	40	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/misconfiguration/aem/aem-xss-childlist-selector.yaml

1	1		id: aem-xss-childlist-selector
2	2
3	3		info:
4		-	name: XSS in childlist selector
	4	+	name: Adobe Experience Manager - Cross-Site Scripting
5	5		author: dhiyaneshDk
6		-	severity: medium
	6	+	severity: high
7	7		description: \|
8		-	Requests using the selector childlist can an XSS when the dispatcher does not respect the content-type responded by AEM and flips from application/json to text/html. As a consequence the reflected suffix is executed and interpreted in the browser.
	8	+	Adobe Experience Manager contains a cross-site scripting vulnerability via requests using the selector childlist when the dispatcher does not respect the content-type responded by AEM and flips from application/json to text/html. As a consequence, the reflected suffix is executed and interpreted in the browser.
9	9		reference:
10	10		- https://github.com/thomashartm/burp-aem-scanner/blob/master/src/main/java/burp/actions/xss/FlippingTypeWithChildrenlistSelector.java
	11	+	- https://cystack.net/en/plugins/cystack.remote.aem_childlist_selector_xss
11	12		metadata:
12	13		shodan-query:
13	14		- http.title:"AEM Sign In"
14	15		- http.component:"Adobe Experience Manager"
	16	+	classification:
	17	+	cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
	18	+	cvss-score: 7.2
	19	+	cwe-id: CWE-79
15	20		tags: xss,aem,adobe
16	21
17	22		requests:
		skipped 18 lines
36	41		status:
37	42		- 200
38	43
	44	+	# Enhanced by mp on 2022/09/14
	45	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/misconfiguration/akamai-arl-xss.yaml

		skipped 2 lines
3	3		info:
4	4		name: Open Akamai ARL - Cross-Site Scripting
5	5		author: pdteam
6		-	severity: medium
	6	+	severity: high
	7	+	description: Open Akamai ARL contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site.
7	8		reference:
8	9		- https://github.com/war-and-code/akamai-arl-hack
9	10		- https://twitter.com/SpiderSec/status/1421176297548435459
10	11		- https://warandcode.com/post/akamai-arl-hack/
11	12		- https://github.com/cybercdh/goarl
12	13		- https://community.akamai.com/customers/s/article/WebPerformanceV1V2ARLChangeStartingFebruary282021?language=en_US
	14	+	classification:
	15	+	cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
	16	+	cvss-score: 7.2
	17	+	cwe-id: CWE-79
13	18		tags: akamai,xss
14	19
15	20		requests:
		skipped 14 lines
30	35		words:
31	36		- 'text/html'
32	37
	38	+	# Enhanced by mp on 2022/09/14
	39	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/misconfiguration/apache/apache-tomcat-snoop.yaml

1	1		id: apache-tomcat-snoop
2	2
3	3		info:
4		-	name: Apache Tomcat example page disclosure - snoop
	4	+	name: Apache Tomcat 4.x-7.x - Cross-Site Scripting
5	5		author: pdteam
6		-	severity: low
7		-	description: The following example scripts that come with Apache Tomcat v4.x - v7.x and can be used by attackers to gain information about the system. These scripts are also known to be vulnerable to cross site scripting (XSS) injection.
	6	+	severity: high
	7	+	description: Apache Tomcat 4.x through 7.x contains a cross-site scripting vulnerability which can be used by an attacker to execute arbitrary script in the browser of an unsuspecting user in the context of the affected site.
8	8		reference:
9	9		- https://www.rapid7.com/db/vulnerabilities/apache-tomcat-example-leaks
	10	+	classification:
	11	+	cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
	12	+	cvss-score: 7.2
	13	+	cwe-id: CWE-79
10	14		metadata:
11	15		shodan-query: title:"Apache Tomcat"
12	16		tags: apache,misconfig,tomcat,disclosure
		skipped 13 lines
26	30		status:
27	31		- 200
28	32
	33	+	# Enhanced by mp on 2022/09/15
	34	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/misconfiguration/cloud-metadata.yaml

1	+	id: cloud-metadata
2	+
3	+	info:
4	+	name: GCP/AWS Metadata Disclosure
5	+	author: DhiyaneshDk
6	+	severity: low
7	+	reference: https://www.facebook.com/ExWareLabs/photos/pcb.5605494709514357/5605493856181109/
8	+	metadata:
9	+	verified: true
10	+	shodan-query: html:"instance_metadata"
11	+	tags: misconfig,exposure,devops,cloud,aws,gcp
12	+
13	+	requests:
14	+	- method: GET
15	+	path:
16	+	- "{{BaseURL}}"
17	+
18	+	matchers-condition: and
19	+	matchers:
20	+	- type: word
21	+	part: body
22	+	words:
23	+	- '"instance_metadata":'
24	+	- '"cloud":'
25	+	condition: and
26	+
27	+	- type: status
28	+	status:
29	+	- 200
30	+
31	+	extractors:
32	+	- type: regex
33	+	part: body
34	+	group: 1
35	+	regex:
36	+	- '"cloud":"([A-Z]+)",'
37	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/misconfiguration/openbmcs/openbmcs-ssrf.yaml

1	1		id: openbmcs-ssrf
2	2
3	3		info:
4		-	name: OpenBMCS 2.4 Unauthenticated SSRF / RFI
	4	+	name: OpenBMCS 2.4 - Server-Side Request Forgery / Remote File Inclusion
5	5		author: dhiyaneshDK
6	6		severity: high
7		-	description: Unauthenticated Server-Side Request Forgery (SSRF) and Remote File Include (RFI) vulnerability exists in OpenBMCS within its functionalities. The application parses user supplied data in the POST parameter
8		-	'ip' to query a server IP on port 81 by default. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary
9		-	destination host. This can be used by an external attacker for example to bypass firewalls and initiate a service and network enumeration on the internal network through the affected application, allows hijacking
10		-	the current session of the user, execute cross-site scripting code or changing the look of the page and content modification on current display
	7	+	description: OpenBMCS 2.4 is susceptible to unauthenticated server-side request forgery and remote file inclusion vulnerabilities within its functionalities. The application parses user supplied data in the POST parameter 'ip' to query a server IP on port 81 by default. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host.
11	8		reference:
12	9		- https://www.exploit-db.com/exploits/50670
	10	+	- https://securityforeveryone.com/tools/openbmcs-unauth-ssrf-rfi-vulnerability-scanner
	11	+	classification:
	12	+	cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
	13	+	cvss-score: 6.8
	14	+	cwe-id: CWE-918
13	15		metadata:
14	16		shodan-query: http.favicon.hash:1550906681
15	17		tags: ssrf,oast,openbmcs,edb
		skipped 18 lines
34	36		status:
35	37		- 302
36	38
	39	+	# Enhanced by mp on 2022/09/15
	40	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/misconfiguration/wildcard-postmessage.yaml

1	1		id: wildcard-postmessage
2	2
3	3		info:
4		-	name: Wildcard postMessage detection
	4	+	name: postMessage - Cross-Site Scripting
5	5		author: pdteam
6		-	severity: info
	6	+	severity: high
	7	+	description: postMessage contains a cross-site scripting vulnerability. An attacker can execute arbitrary script and therefore steal cookie-based authentication credentials and launch other attacks.
7	8		reference:
8	9		- https://jlajara.gitlab.io/web/2020/06/12/Dom_XSS_PostMessage.html
	10	+	- https://payatu.com/blog/anubhav.singh/postmessage-vulnerabilities
	11	+	- https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage
	12	+	classification:
	13	+	cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
	14	+	cvss-score: 7.2
	15	+	cwe-id: CWE-79
9	16		tags: xss,postmessage
10	17
11	18		requests:
		skipped 6 lines
18	25		regex:
19	26		- postMessage$[a-zA-Z]+,["']\*["']$
20	27
	28	+	# Enhanced by mp on 2022/09/15
	29	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/misconfiguration/xss-deprecated-header.yaml

1	1		id: xss-deprecated-header-detect
2	2
3	3		info:
4		-	name: Detect Deprecated XSS Protection Header
	4	+	name: XSS-Protection Header - Cross-Site Scripting
5	5		author: joshlarsen
6		-	severity: info
7		-	description: Setting the XSS-Protection header is deprecated by most browsers. Setting the header to anything other than `0` can actually introduce an XSS vulnerability.
	6	+	severity: high
	7	+	description: XSS-Protection header in Explorer, Chrome, and Safari contains a cross-site scripting vulnerability if set to any value other than `0`.
8	8		reference:
9	9		- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
10	10		- https://owasp.org/www-project-secure-headers/#x-xss-protection
	11	+	classification:
	12	+	cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
	13	+	cvss-score: 7.2
	14	+	cwe-id: CWE-79
11	15		tags: xss,misconfig,generic
12	16
13	17		requests:
		skipped 21 lines
35	39		kval:
36	40		- x_xss_protection
37	41
	42	+	# Enhanced by mp on 2022/09/15
	43	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/vulnerabilities/concrete/concrete-xss.yaml

1	1		id: concrete-xss
2	2
3	3		info:
4		-	name: Concrete - Unauthenticated Reflected XSS in preview_as_user function
	4	+	name: Concrete CMS <8.5.2 - Cross-Site Scripting
5	5		author: shifacyclewla,hackergautam,djoevanka
6		-	severity: medium
7		-	description: The Concrete CMS < 8.5.2 is vulnerable to Reflected XSS using cID parameter.
	6	+	severity: high
	7	+	description: Concrete CMS before 8.5.2 contains a cross-site scripting vulnerability in preview_as_user function using cID parameter.
8	8		reference:
9	9		- https://hackerone.com/reports/643442
10	10		- https://github.com/concrete5/concrete5/pull/7999
11	11		- https://twitter.com/JacksonHHax/status/1389222207805661187
	12	+	classification:
	13	+	cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
	14	+	cvss-score: 7.2
	15	+	cwe-id: CWE-79
12	16		tags: hackerone,concrete,xss,cms,unauth
13	17
14	18		requests:
		skipped 19 lines
34	38		status:
35	39		- 200
36	40
	41	+	# Enhanced by mp on 2022/09/15
	42	+

■ ■ ■ ■ ■ ■

config/nuclei-templates/vulnerabilities/dedecms/dedecms-config-xss.yaml

1	1		id: dedecms-config-xss
2	2
3	3		info:
4		-	name: DedeCMS V5.7 config.php Cross-Site Scripting
	4	+	name: DedeCMS 5.7 - Cross-Site Scripting
5	5		author: ritikchaddha
6		-	severity: medium
	6	+	severity: high
7	7		description: \|
8		-	DeDeCMS v5.7 has an XSS vulnerability in the '/include/dialog/config.php' file, and attackers can use this vulnerability to steal user cookies, hang horses, etc.
	8	+	DeDeCMS 5.7 contains a cross-site scripting vulnerability in the '/include/dialog/config.php' file. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site.
9	9		reference:
10	10		- https://www.zilyun.com/8665.html
11	11		- https://www.60ru.com/161.html
12	12		- https://www.cnblogs.com/milantgh/p/3615853.html
	13	+	classification:
	14	+	cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
	15	+	cvss-score: 7.2
	16	+	cwe-id: CWE-79
13	17		metadata:
14	18		verified: true
15	19		shodan-query: http.html:"DedeCms"
		skipped 20 lines
36	40		status:
37	41		- 200
38	42
	43	+	# Enhanced by mp on 2022/09/15
	44	+

config/nuclei-templates/vulnerabilities/generic/generic-j2ee-lfi.yaml

Content is identical

■ ■ ■ ■ ■ ■

config/nuclei-templates/workflows/oracle-peoplesoft-workflow.yaml

1	+	id: oracle-peoplesoft-workflow
2	+
3	+	info:
4	+	name: oracle-peoplesoft Security Checks
5	+	author: LogicalHunter
6	+	description: A simple workflow that runs all oracle-peoplesoft related nuclei templates on a given target.
7	+
8	+	workflows:
9	+
10	+	- template: exposed-panels/oracle-people-sign-in.yaml
11	+	subtemplates:
12	+	- tags: oracle

■ ■ ■ ■ ■ ■

lib/util/kvDb.go

		skipped 16 lines
17	17		}
18	18
19	19		func NewKvDbOp() *KvDbOp {
20		-	if nil != Cache1 {
	20	+	if nil != Cache1 && nil != Cache1.DbConn {
21	21		return Cache1
22	22		}
23	23		Cache1 = &KvDbOp{}
		skipped 109 lines

Up PoCs 2022-09-17