Merge pull request #245 from benharvie/10/08-bounties

Bounty upload (10/08)

Author: benharvie

bounties/npm/angular-redactor/1/README.md

@@ -0,0 +1,3 @@
+# Overview
+
+`angular-redactor` is an angular directive for the Redactor editor, this package is vulnerable to Cross-site Scripting (XSS) attacks when HTML content mode is used.

bounties/npm/angular-redactor/1/bounty.json

@@ -0,0 +1,7 @@
+{
+	"ForkURL": "",
+	"Bounty": {
+		"Credit": 650,
+		"Cash": 25
+	}
+}

bounties/npm/angular-redactor/1/vulnerability.json

@@ -0,0 +1,49 @@
+{
+	"PackageVulnerabilityID": 1,
+	"DisclosureDate": "2020-08-10",
+	"AffectedVersionRange": "*",
+	"Summary": "Cross-site Scripting (XSS)",
+	"Contributor": {
+		"Discloser": "",
+		"Fixer": ""
+	},
+	"Package": {
+		"Registry": "npm",
+		"Name": "angular-redactor",
+		"URL": "https://www.npmjs.com/package/angular-redactor",
+		"Downloads": "77682"
+	},
+	"CWEs": [{
+		"ID": "CWE-79",
+		"Description": ""
+	}],
+	"CVSS": {
+		"Version": "3.1",
+		"AV": "N",
+		"AC": "L",
+		"PR": "N",
+		"UI": "R",
+		"S": "U",
+		"C": "H",
+		"I": "N",
+		"A": "N",
+		"E": "",
+		"RL": "",
+		"RC": "",
+		"Score": "6.5"
+	},
+	"CVEs": [
+		"CVE-2018-13339"
+	],
+	"Repository": {
+		"URL": "https://github.com/TylerGarlick/angular-redactor",
+		"Codebase": [
+			"JavaScript"
+		]
+	},
+	"Permalinks": [],
+	"References": [{
+		"Description": "GitHub Issue",
+		"URL": "https://github.com/TylerGarlick/angular-redactor/issues/77"
+	}]
+}

bounties/npm/hexo-admin/1/README.md

@@ -0,0 +1,5 @@
+# Overview
+
+`hexo-admin` is a Admin Interface for Hexo, this package are vulnerable to Cross-site Scripting (XSS).
+
+It fails to sanitize rendered markdown, allowing attackers to execute arbitrary JavaScript code in a browser when they create a new post.

bounties/npm/hexo-admin/1/bounty.json

@@ -0,0 +1,7 @@
+{
+	"ForkURL": "",
+	"Bounty": {
+		"Credit": 650,
+		"Cash": 25
+	}
+}

bounties/npm/hexo-admin/1/vulnerability.json

@@ -0,0 +1,54 @@
+{
+	"PackageVulnerabilityID": 1,
+	"DisclosureDate": "2020-08-10",
+	"AffectedVersionRange": "*",
+	"Summary": "Cross-site Scripting (XSS)",
+	"Contributor": {
+		"Discloser": "Chintan",
+		"Fixer": ""
+	},
+	"Package": {
+		"Registry": "npm",
+		"Name": "hexo-admin",
+		"URL": "https://www.npmjs.com/package/hexo-admin",
+		"Downloads": "22903"
+	},
+	"CWEs": [{
+		"ID": "CWE-79",
+		"Description": ""
+	}],
+	"CVSS": {
+		"Version": "3.1",
+		"AV": "N",
+		"AC": "L",
+		"PR": "N",
+		"UI": "R",
+		"S": "U",
+		"C": "H",
+		"I": "N",
+		"A": "N",
+		"E": "",
+		"RL": "",
+		"RC": "",
+		"Score": "6.5"
+	},
+	"CVEs": [
+		""
+	],
+	"Repository": {
+		"URL": "https://github.com/jaredly/hexo-admin",
+		"Codebase": [
+			"JavaScript"
+		]
+	},
+	"Permalinks": [],
+	"References": [{
+			"Description": "GitHub Issue",
+			"URL": "https://github.com/jaredly/hexo-admin/issues/185"
+		},
+		{
+			"Description": "www.npmjs.com",
+			"URL": "https://www.npmjs.com/advisories/1211"
+		}
+	]
+}

bounties/npm/jquery-confirm/1/README.md

@@ -0,0 +1,12 @@
+# Overview
+
+`jquery-confirm` is a multipurpose plugin for jquery alert, confirm & dialog.
+
+This package is vulnerable to Cross-site Scripting (XSS), HTML can be injected via. `setIcon` and `closeIconClass`.
+
+# Proof of Concept
+
+```
+// This shows succesful script execution: alert(0) is executed:
+$.confirm().setIcon('"><img src onerror="alert(0)"><"')
+```

bounties/npm/jquery-confirm/1/bounty.json

@@ -0,0 +1,7 @@
+{
+	"ForkURL": "",
+	"Bounty": {
+		"Credit": 630,
+		"Cash": 25
+	}
+}

bounties/npm/jquery-confirm/1/vulnerability.json

@@ -0,0 +1,49 @@
+{
+	"PackageVulnerabilityID": 1,
+	"DisclosureDate": "2020-08-10",
+	"AffectedVersionRange": "*",
+	"Summary": "Cross-site Scripting (XSS)",
+	"Contributor": {
+		"Discloser": "Rob--W",
+		"Fixer": ""
+	},
+	"Package": {
+		"Registry": "npm",
+		"Name": "jquery-confirm",
+		"URL": "https://www.npmjs.com/package/jquery-confirm",
+		"Downloads": "247261"
+	},
+	"CWEs": [{
+		"ID": "CWE-79",
+		"Description": ""
+	}],
+	"CVSS": {
+		"Version": "3.1",
+		"AV": "N",
+		"AC": "L",
+		"PR": "N",
+		"UI": "R",
+		"S": "U",
+		"C": "L",
+		"I": "L",
+		"A": "L",
+		"E": "",
+		"RL": "",
+		"RC": "",
+		"Score": "6.3"
+	},
+	"CVEs": [
+		""
+	],
+	"Repository": {
+		"URL": "https://github.com/craftpip/jquery-confirm",
+		"Codebase": [
+			"JavaScript"
+		]
+	},
+	"Permalinks": [],
+	"References": [{
+		"Description": "GitHub Issue",
+		"URL": "https://github.com/craftpip/jquery-confirm/issues/508"
+	}]
+}

bounties/npm/node-dns-sync/1/README.md

@@ -0,0 +1,3 @@
+# Overview
+
+`dns-sync` is a dns resolver implemented in Node.js, This package is vulnerable to Regular Expression Denial of Service (ReDoS) attacks.