Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Html injection #372

Open
wants to merge 31 commits into
base: master
Choose a base branch
from
Open

Html injection #372

wants to merge 31 commits into from

Conversation

TimmyBugcrowd
Copy link
Contributor

Adding the category below to VRT:
P5 - Server-Side Injection - Content Spoofing - HTML Content Injection

@TimmyBugcrowd
PII-leakage-update
630ad82 
FROM:
P1 - Automotive Security Misconfiguration - Infotainment, Radio Head Unit - PII Leakage

TO:
P1 - Automotive Security Misconfiguration - Infotainment, Radio Head Unit - Sensitive data Leakage/Exposure
Varies - Sensitive Data Exposure - Disclosure of Secrets - PII Leakage/Exposure
@TimmyBugcrowd
Update secure-code-warrior-links.json
f6a99dd
@TimmyBugcrowd
Update remediation_advice.json
24ee139
@TimmyBugcrowd
Update remediation_advice.json
7c9b718
@TimmyBugcrowd
Update cwe.json
916f06a
@TimmyBugcrowd
Update cwe.json
0151cb8
@TimmyBugcrowd
Update cwe.json
1f8c74d
@TimmyBugcrowd
Update cwe.json
b4f66a5
@TimmyBugcrowd
Update cwe.json
af0cde8
@TimmyBugcrowd
Update cwe.json
1d2bc63
@TimmyBugcrowd
Update cwe.json
978930c
@TimmyBugcrowd
Update remediation_advice.json
45b4201
@TimmyBugcrowd
HTTP Request Smuggling
18be091 
Adding HTTP Request Smuggling as a new VRT entry.
@TimmyBugcrowd
Update remediation_advice.json
310f076
@TimmyBugcrowd
Update cvss_v3.json
557cf01
@TimmyBugcrowd
Failure to invalidate session on permission change
003f98b 
Adding Failure to invalidate session on permission change as a new VRT entry.
@TimmyBugcrowd
Update cwe.json
3ee9c17
@TimmyBugcrowd
Update cwe.json
07ff7fe
@TimmyBugcrowd
Update remediation_advice.json
18e0103
@TimmyBugcrowd
Update cwe.json
61c8a38
@TimmyBugcrowd
Deprecation of XSS on IE11
4937f87 
REMOVE: P4 - Cross-Site Scripting (XSS) - IE-Only - IE11

FROM: P5 - Cross-Site Scripting (XSS) - IE-Only - Older Version (< IE11)

TO: P5 - Cross-Site Scripting (XSS) - IE-Only
@TimmyBugcrowd
Update remediation_advice.json
38f220b
@TimmyBugcrowd
LDAP Injection
785cd96 
Adding LDAP Injection as a new VRT entry.
@TimmyBugcrowd
Update cwe.json
0a21bd6
@TimmyBugcrowd
Update remediation_advice.json
d928959
@TimmyBugcrowd
Update cvss_v3.json
6ac0fb8
@TimmyBugcrowd
Merge branch 'LDAP-Injection' into 1.20-stable
333116b
@TimmyBugcrowd
Merge branch 'HTTP-Request-Smuggling' into 1.20-stable
0621a25
@TimmyBugcrowd
Merge branch 'pii-leakage-update' into 1.20-stable
a4d307e
@TimmyBugcrowd
Merge branch 'Failure-to-invalidate-session-on-permission-change' int…
bdf1520 
…o 1.20-stable
@TimmyBugcrowd
HTML-Injection
89e5444 
Adding the category below to VRT:
P5 - Server-Side Injection - Content Spoofing - HTML Content Injection
@TimmyBugcrowd
Copy link
Contributor Author

merged into the intermadiate branch.

RRudder added a commit to bugcrowd/templates that referenced this pull request Oct 24, 2023
@RRudder
Added HTML Content Injection template
2dce5d2 
* Added new HTML Content Injection template, as per VRT update #372 - bugcrowd/vulnerability-rating-taxonomy#372
* Updated server_side_injection.content_spoofing guidance file as it was referring to the incorrect vulnerability type
@RRudder RRudder mentioned this pull request Oct 24, 2023
Merged
@Griffin641498
Copy link

Adding the category below to VRT:
P5 - Server-Side Injection - Content Spoofing - HTML Content Injection

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vortexau vortexau Awaiting requested review from vortexau

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@TimmyBugcrowd @Griffin641498