Bounty upload (10/08)

bounties/npm/angular-redactor/1/README.md

@@ -0,0 +1,3 @@
+# Overview
+
+`angular-redactor` is an angular directive for the Redactor editor, this package is vulnerable to Cross-site Scripting (XSS) attacks when HTML content mode is used.

bounties/npm/angular-redactor/1/bounty.json

@@ -0,0 +1,7 @@
+{
+	"ForkURL": "",
+	"Bounty": {
+		"Credit": 650,
+		"Cash": 25
+	}
+}

bounties/npm/angular-redactor/1/vulnerability.json

@@ -0,0 +1,49 @@
+{
+	"PackageVulnerabilityID": 1,
+	"DisclosureDate": "2020-08-10",
+	"AffectedVersionRange": "*",
+	"Summary": "Cross-site Scripting (XSS)",
+	"Author": {
+		"Username": "",
+		"Name": ""
+	},
+	"Package": {
+		"Registry": "npm",
+		"Name": "angular-redactor",
+		"URL": "https://www.npmjs.com/package/angular-redactor",
+		"Downloads": "77682"
+	},
+	"CWEs": [{
+		"ID": "CWE-79",
+		"Description": ""
+	}],
+	"CVSS": {
+		"Version": "3.1",
+		"AV": "N",
+		"AC": "L",
+		"PR": "N",
+		"UI": "R",
+		"S": "U",
+		"C": "H",
+		"I": "N",
+		"A": "N",
+		"E": "",
+		"RL": "",
+		"RC": "",
+		"Score": "6.5"
+	},
+	"CVEs": [
+		"CVE-2018-13339"
+	],
+	"Repository": {
+		"URL": "https://github.com/TylerGarlick/angular-redactor",
+		"Codebase": [
+			"JavaScript"
+		]
+	},
+	"Permalinks": [],
+	"References": [{
+		"Description": "GitHub Issue",
+		"URL": "https://github.com/TylerGarlick/angular-redactor/issues/77"
+	}]
+}

bounties/npm/hexo-admin/1/README.md

@@ -0,0 +1,5 @@
+# Overview
+
+`hexo-admin` is a Admin Interface for Hexo, this package are vulnerable to Cross-site Scripting (XSS).
+
+It fails to sanitize rendered markdown, allowing attackers to execute arbitrary JavaScript code in a browser when they create a new post.

bounties/npm/hexo-admin/1/bounty.json

@@ -0,0 +1,7 @@
+{
+	"ForkURL": "",
+	"Bounty": {
+		"Credit": 650,
+		"Cash": 25
+	}
+}

bounties/npm/hexo-admin/1/vulnerability.json

@@ -0,0 +1,54 @@
+{
+	"PackageVulnerabilityID": 1,
+	"DisclosureDate": "2020-08-10",
+	"AffectedVersionRange": "*",
+	"Summary": "Cross-site Scripting (XSS)",
+	"Author": {
+		"Username": "",
+		"Name": ""
+	},
+	"Package": {
+		"Registry": "npm",
+		"Name": "hexo-admin",
+		"URL": "https://www.npmjs.com/package/hexo-admin",
+		"Downloads": "22903"
+	},
+	"CWEs": [{
+		"ID": "CWE-79",
+		"Description": ""
+	}],
+	"CVSS": {
+		"Version": "3.1",
+		"AV": "N",
+		"AC": "L",
+		"PR": "N",
+		"UI": "R",
+		"S": "U",
+		"C": "H",
+		"I": "N",
+		"A": "N",
+		"E": "",
+		"RL": "",
+		"RC": "",
+		"Score": "6.5"
+	},
+	"CVEs": [
+		""
+	],
+	"Repository": {
+		"URL": "https://github.com/jaredly/hexo-admin",
+		"Codebase": [
+			"JavaScript"
+		]
+	},
+	"Permalinks": [],
+	"References": [{
+			"Description": "GitHub Issue",
+			"URL": "https://github.com/jaredly/hexo-admin/issues/185"
+		},
+		{
+			"Description": "www.npmjs.com",
+			"URL": "https://www.npmjs.com/advisories/1211"
+		}
+	]
+}

bounties/npm/insight-api/1/README.md

@@ -0,0 +1,5 @@
+# Overview
+
+`insight-api` is a Bitcoin blockchain REST and web socket API service for Bitcore Node.
+
+This package is vulnerable to Improper Input Validation in the transaction broadcast endpoint that can result in Full Path Disclosure. This attack appears to be exploitable via. web request.

bounties/npm/insight-api/1/bounty.json

@@ -0,0 +1,7 @@
+{
+	"ForkURL": "",
+	"Bounty": {
+		"Credit": 530,
+		"Cash": 25
+	}
+}

bounties/npm/insight-api/1/vulnerability.json

@@ -0,0 +1,54 @@
+{
+	"PackageVulnerabilityID": 1,
+	"DisclosureDate": "2020-08-10",
+	"AffectedVersionRange": "*",
+	"Summary": "Improper Input Validation",
+	"Author": {
+		"Username": "",
+		"Name": ""
+	},
+	"Package": {
+		"Registry": "npm",
+		"Name": "insight-api",
+		"URL": "https://www.npmjs.com/package/insight-api",
+		"Downloads": "12336"
+	},
+	"CWEs": [{
+		"ID": "CWE-20",
+		"Description": ""
+	}],
+	"CVSS": {
+		"Version": "3.1",
+		"AV": "N",
+		"AC": "L",
+		"PR": "N",
+		"UI": "N",
+		"S": "U",
+		"C": "L",
+		"I": "N",
+		"A": "N",
+		"E": "",
+		"RL": "",
+		"RC": "",
+		"Score": "5.3"
+	},
+	"CVEs": [
+		"CVE-2018-1000023"
+	],
+	"Repository": {
+		"URL": "https://github.com/bitpay/insight-api",
+		"Codebase": [
+			"JavaScript"
+		]
+	},
+	"Permalinks": [],
+	"References": [{
+			"Description": "GitHub Issue",
+			"URL": "https://github.com/bitpay/insight-api/issues/542"
+		},
+		{
+			"Description": "nvd.nist.gov",
+			"URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000023"
+		}
+	]
+}

bounties/npm/jquery-confirm/1/README.md

@@ -0,0 +1,12 @@
+# Overview
+
+`jquery-confirm` is a multipurpose plugin for jquery alert, confirm & dialog.
+
+This package is vulnerable to Cross-site Scripting (XSS), HTML can be injected via. `setIcon` and `closeIconClass`.
+
+# Proof of Concept
+
+```
+// This shows succesful script execution: alert(0) is executed:
+$.confirm().setIcon('"><img src onerror="alert(0)"><"')
+```

bounties/npm/jquery-confirm/1/bounty.json

@@ -0,0 +1,7 @@
+{
+	"ForkURL": "",
+	"Bounty": {
+		"Credit": 630,
+		"Cash": 25
+	}
+}

bounties/npm/jquery-confirm/1/vulnerability.json

@@ -0,0 +1,49 @@
+{
+	"PackageVulnerabilityID": 1,
+	"DisclosureDate": "2020-08-10",
+	"AffectedVersionRange": "*",
+	"Summary": "Cross-site Scripting (XSS)",
+	"Author": {
+		"Username": "",
+		"Name": ""
+	},
+	"Package": {
+		"Registry": "npm",
+		"Name": "jquery-confirm",
+		"URL": "https://www.npmjs.com/package/jquery-confirm",
+		"Downloads": "247261"
+	},
+	"CWEs": [{
+		"ID": "CWE-79",
+		"Description": ""
+	}],
+	"CVSS": {
+		"Version": "3.1",
+		"AV": "N",
+		"AC": "L",
+		"PR": "N",
+		"UI": "R",
+		"S": "U",
+		"C": "L",
+		"I": "L",
+		"A": "L",
+		"E": "",
+		"RL": "",
+		"RC": "",
+		"Score": "6.3"
+	},
+	"CVEs": [
+		""
+	],
+	"Repository": {
+		"URL": "https://github.com/craftpip/jquery-confirm",
+		"Codebase": [
+			"JavaScript"
+		]
+	},
+	"Permalinks": [],
+	"References": [{
+		"Description": "GitHub Issue",
+		"URL": "https://github.com/craftpip/jquery-confirm/issues/508"
+	}]
+}

bounties/npm/node-dns-sync/1/README.md

@@ -0,0 +1,3 @@
+# Overview
+
+`dns-sync` is a dns resolver implemented in Node.js, This package is vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

bounties/npm/node-dns-sync/1/bounty.json

@@ -0,0 +1,7 @@
+{
+	"ForkURL": "",
+	"Bounty": {
+		"Credit": 530,
+		"Cash": 25
+	}
+}

bounties/npm/node-dns-sync/1/vulnerability.json

@@ -0,0 +1,49 @@
+{
+	"PackageVulnerabilityID": 1,
+	"DisclosureDate": "2020-08-10",
+	"AffectedVersionRange": "*",
+	"Summary": "Regular Expression Denial of Service (ReDoS)",
+	"Author": {
+		"Username": "",
+		"Name": ""
+	},
+	"Package": {
+		"Registry": "npm",
+		"Name": "dns-sync",
+		"URL": "https://www.npmjs.com/package/dns-sync",
+		"Downloads": "654853"
+	},
+	"CWEs": [{
+		"ID": "CWE-400",
+		"Description": ""
+	}],
+	"CVSS": {
+		"Version": "3.1",
+		"AV": "N",
+		"AC": "L",
+		"PR": "N",
+		"UI": "N",
+		"S": "U",
+		"C": "N",
+		"I": "N",
+		"A": "L",
+		"E": "",
+		"RL": "",
+		"RC": "",
+		"Score": "5.3"
+	},
+	"CVEs": [
+		"CVE-2017-16100"
+	],
+	"Repository": {
+		"URL": "https://https://github.com/skoranga/node-dns-sync",
+		"Codebase": [
+			"JavaScript"
+		]
+	},
+	"Permalinks": [],
+	"References": [{
+		"Description": "GitHub Issue",
+		"URL": "https://github.com/skoranga/node-dns-sync/issues/5"
+	}]
+}

bounties/npm/squel/1/README.md

@@ -0,0 +1,12 @@
+# Overview
+
+`squel` is a SQL query string builder, this package is vulnerable to SQL Injection.
+
+The package does not properly escape user provided input when provided using the `setFields` method. This could lead to SQL injection (SQLi) if the query was then executed.
+
+# Proof of Concept
+
+```
+> console.log(squel.insert().into('buh').setFields({foo: "bar'baz"}).toString());
+INSERT INTO buh (foo) VALUES ('bar\'baz')
+```

bounties/npm/squel/1/bounty.json

@@ -0,0 +1,7 @@
+{
+	"ForkURL": "",
+	"Bounty": {
+		"Credit": 630,
+		"Cash": 25
+	}
+}